« September 2010 | Main | March 2011 »

October 2010

10/12/2010

PCI Compliance Means Getting Your App Security Together

Many companies' applications still don't meet the security standards outlined in the Payment Card Industry (PCI) Data Security Standards, according to a recent study.

During the 18-month study, which was published last week, security firm Veracode scanned the binary code of more than 2,900 applications on behalf of its clients. Its findings are sobering: Nearly six out of every 10 applications had an "unacceptable" level of security; more than eight out of 10 applications failed to catch classes of Web application vulnerabilities required for remediation under PCI DSS.

While the customers eventually fixed the flaws, most enterprises' applications fail to meet with PCI standards -- a rather low bar for Web application security, says Chris Eng, senior director of security research at Veracode.

DarkReading

Posted at 05:31 PM in Antivirus, Enterprise Technology, Law and Policy, Published on DarkReading, Security | | Comments (0) | TrackBack (0)

|

10/07/2010

Two Ways For SMBs To Secure Their Home Workers

In the slowly recovering economy, telecommuting has become an essential way for businesses to retain valuable workers, increase productivity, and support "green" initiatives. But from a security perspective, telecommuting can also be dangerous -- if you don't have the right technologies in place.

For small and midsize businesses (SMBs), telecommuting is taking off. Nearly 60 percent of SMBs plan to increase their use of telecommuting to cut costs in the next 12 months, according to survey conducted by Staples Advantage, the IT service of the well-known office-supply chain. Yet many SMBs don't have the expertise in-house to deal with security -- about 40 percent rely on external IT support to run their operations, the study found.

DarkReading

Posted at 05:29 PM in Articles, Enterprise Technology, Published on DarkReading, Security, Small and Medium Business | | Comments (0) | TrackBack (0)

|

10/04/2010

Three Steps To Safer Connections With Your Business Partners

Among the speculation surrounding the spread of the Stuxnet worm -- the first cyberattack that targets industrial control systems -- is this likely scenario: Attackers might have spread the worm to a Russian technology provider in an effort to infect Iran's nuclear industry. Unknown to the Russian company, its workers were compromising facilities in multiple countries with a program designed to hide within the code of industrial controllers.

If true, the scenario would not be the first time that suppliers have been used to attack their customers. In a handful of recent instances, attackers have used contractors and other third parties as a bridge to their targets. While many companies are very watchful of their connection to the Internet, many times they are not so vigilant of their partners' connections to their own networks, says Eddie Schwartz, chief security officer of NetWitness, a data and network protection firm.

DarkReading

Posted at 05:35 PM in Articles, Enterprise Technology, Published on DarkReading, Security, Software | | Comments (0) | TrackBack (0)

|