• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Newsletters
• Training

WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

INFORMATION SECURITY MANAGEMENT: ARTICLES

A tiered approach to BYOD control
The practice of employing a layered security model can and should be applied to BYOD says Scott Gordon.
Read article
•Type: Article •Region: World •Level: Basic

All you need to know about the Bash vulnerability
Craig Young overviews the Bash / Shellshock vulnerability which was recently identified and looks at whether it really is worse than Heartbleed, as has been widely claimed.
Read article
•Type: Article •Region: Worldwide •Level: Advanced

APT attacks clarified
Confusion exists as to what exactly an advanced persistent threat is and, even more importantly, how to manage the risks associated with APTs. Christos K. Dimitriadis provides some help.
Read article
•Type: Article •Region: World •Level: Basic

Are trusted systems a thing of the past?
Changing threat profiles mean that information security systems need to adapt.
Read article
•Type: Article •Region: World •Level: Basic

Asking the right question: penetration testing vs. vulnerability analysis tools, which is best?
By Dennis Hurst, developer security evangelist, SPI Dynamics.
Read article
•Type: Article •Region: US/World •Level: Basic

A tale of two hacks
What every business continuity manager should know about advanced persistent threats and industrialized hacking.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Back to basics…
Security breaches are on the rise. Yet as security experts face ever more complex and challenging threats, is there a risk some of the basic components of IT security are being overlooked?
Read article
•Type: Article •Region: Worldwide •Level: Basic

Blind faith in security standards could create cyber vulnerabilities
Relying on standards and IT audits often leads to 'checklist syndrome', with the security strategy failing to address the wider business risks, even though the demands of the standard were met on paper, says Seth Berman.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Boards must up their game before the hackers claim checkmate
The connected world is under siege and current security solutions and approaches are outdated and inadequate: it’s time for organizational boards to recognise this and take action.
Read article
•Type: Article •Region: UK/Worldwide •Level: Basic

BYOD: it’s time to throw out the rule book
Banning employee devices is not the answer to the BYOD information security challenge, says Grant Taylor.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Certificate management explored
Calum MacLeod highlights twelve classic mistakes which can result in certificate-related downtime and IT security breaches.
Read article
•Type: Article •Region: Worldwide •Level: Advanced

Change detection technology has changed: for the better
Mark Kedgley examines the importance of real-time file integrity monitoring in a constantly and quickly evolving threat landscape.
Read article
•Type: Article •Region: UK/Worldwide •Level: Basic

Changing times
David Ting discusses how enterprise security is changing and outlines how businesses can use single sign-on solutions to protect themselves.
Read article
•Type: Article •Region: UK/World •Level: Basic

Consensus at RSA Conference 2013: PKI is under attack
At the recent RSA Conference 2013 in San Francisco, a clear consensus emerged: attacks on the trust established by cryptographic keys and certificates are on the rise and important element in today’s threat landscape.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Coordinating security response and crisis management planning
Too often information security incident response plans, disaster recovery and business continuity plans are not aligned with the overall corporate crisis management process. Martin Welsh and Keith Taylor discuss the benefits of achieving this.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Could your employees detect and deflect a spear phishing attack?
Why are spear phishing attacks increasing and what can organizations do to prevent falling victim?
Read article
•Type: Article •Region: Worldwide •Level: Basic

Cyber-attacks, Black Swans and business continuity management
Don’t plan for specific incidents: instead businesses need to have the right capabilities, which means training people in appropriate crisis skills. By Jim Preen.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Cyber security needs to be a board level issue
Tom Neaves and John Yeo describe a recent research project that looked at whether company boards have explicitly itemised cyber security as a material risk to the business.
Read article
•Type: Article •Region: UK •Level: Basic

Cyber threats require a risk management approach
Information security programs that rely on defensive measures are no longer adequate.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Data leakage: a real business continuity issue
Are reports of data loss and theft just the tip of an iceberg that at best compromises growth and at worst can result in the demise of businesses? Dr. Jim Kennedy gives his views.
Read article
•Type: Article •Region: US/Worldwide •Level: Basic

DDoS: a seven-point action plan
No business continuity plan is complete without taking into account the risk represented by DDoS attacks. Rakesh Shah explains the measures that can be taken to mitigate the threat.
Read article
•Type: Article •Region: US/Worldwide •Level: Basic

Digital copiers and information security
Many organizations are unaware of the information security risks associated withcopiers, fax machines and large volume printers. By Dr. Jim Kennedy.
Read article
•Type: Article •Region: US/Worldwide •Level: Basic

Digital forensics and its role in protecting the enterprise
Paul Kenyon examines the difference between proactive and reactive digital forensics and explains their contribution in the fight against malware and malicious activity.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Do as I say, not as I do...
Could you bring your company to its knees?
Read article
•Type: Article •Region: Worldwide •Level: Basic

Don’t panic! Six steps for surviving your first data breach
Getting breached doesn’t establish whether or not you have a decent security program in place: but how you respond to a security breach does.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Emulating the enemy
Threat emulation is a critical technique in achieving more effective network security. Terry Greer-King explains why.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Extensible threat management
Extensible threat management is the next generation of unified threat management. This article provides an overview of XTM and explains its advantages over UTM..
Read article
•Type: Article •Region: Worldwide •Level: Basic

Facing up to the threat of cyber-crime
Cyber-crime is constantly evolving : to protect your company your methods and attitudes must evolve too.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Firewall OR UTM?
Unified threat management systems used to be the domain of smaller companies, but Ian Kilpatrick, explains why they are now a serious contender for providing protection, for larger companies.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Five easy steps for implementing a data classification policy
Without classification as the foundation of the information protection strategy, it’s impossible for organizations to know what to protect, says Stephane Charbonneau.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Four questions to consider when building a security platform
Useful advice from Steve Salinas.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Four steps for denying DDoS attacks
How should banks and financial institutions deal with increasing numbers of large-scale denial of service attacks?
Read article
•Date: 23rd August 2013 • World •Level: Basic

Fuzzing: helping to avoid zero-day attacks
What is fuzzing? Ari Takanen explains.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Hacktivism and the lessons learned from LulzSec
What can be done to prevent future cyber disasters? By Rob Rachwald and Noa Bar Yosef.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Have we learnt from our Heartbleed mistakes?
David Sandin looks at whether we have heeded the lessons of Heartbleed bug, the implications of Shellshock and the future security of open-source coding.
Read article
•Type: Article •Region: Worldwide •Level: Basic

How the biggest DDOS attack in history highlights interdependencies
Spamhaus attack shows how interdependent our networks have become.
Read article
•Type: Article •Region: Worldwide •Level: Basic

How to avoid the complexity risks associated with next-generation firewalls
Next-generation firewalls can be a real headache for the IT department; Sam Erdheim shows how to maximise security while avoiding the complexity that such firewalls can bring.
Read article
•Type: Article •Region: UK/Worldwide •Level: Basic

How to detect and stop corporate espionage
The key to successfully preventing espionage is to not just focus on information security. By Michael Podszywalow, MBA, CISSP, CISM, CISA, CEH.
Read article
•Type: Article •Region: Worldwide •Level: Basic

How to implement a cyber incident response plan
It is a sign of the changing security landscape that it is almost certain that sooner or later your organization will experience a security incident. It is therefore essential to have a cyber incident response plan in place.
Read article
•Type: Article •Region: Worldwide •Level: Basic

How to select a password management system
‘Envelope technology’ and the story about the ‘never changing password’: by Oded Valin.
Read article
•Type: Article •Region: Worldwide •Level: Basic

How unified encryption management (UEM) is changing the threat landscape
Increasing challenges to corporate networks and data requires a new risk management approach.
Read article
•Type: Article •Region: UK •Level: Basic

If your head’s in the cloud, keep your feet on the ground
Cloud models and their associated risks. By Ruvi Kitov.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Implementing a good information security program
The frequency and potential impacts of information security breaches are increasing. Dr. Jim Kennedy explains why and looks at what organizations can do about it.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Information management at the crossroads: is it time for ‘corporate information responsibility’?
Could CIR enhance information risk management?
Read article
•Type: Article •Region: Worldwide •Level: Basic

Information risk management lessons
Most companies are doing something to mitigate information risk, but few are doing enough says Christian Toon.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Information security from a business perspective
It’s time to stop seeing information security as simply a technical issue. By Christos K. Dimitriadis, Ph.D., CISA, CISM.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Information security: why we should talk about incident response
There is a frequent bias in the industry towards focusing on the ‘cool’ exploit and detection side of cyber-defense, rather than the more operational response and mitigation side. This article by Proofpoint considers the other side of the equation, looking at incident response and outlining four steps to success in this area.
Read article
•Type: Article •Region: US/Worldwide •Level: Basic

Integrating cyber security and business continuity
Actions an organization can take to better align business continuity and cyber security efforts and increase organizational resilience.
Read article
•Type: Article •Region: Worldwide •Level: Basic

ISM: ‘detect and respond’ is no silver bullet
Solutions to complex problems often require organizational changes: yet this critical element is often either ignored or seems impossible to implement.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Less risk, more reward
Managing vulnerabilities in a business context.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Lessons learned from Heartbleed
As the dust settles after the initial Heartbleed crisis response, what lessons are starting to emerge? By Russ Spitler.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Maintaining availability: the importance of DDoS defences in business continuity planning
Actionable information security practices are critical to business continuity planning, yet many business continuity plans do not include this element. This is a major oversight, says Rakesh Shah.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Managing mobile device risks
Ian Kilpatrick looks at the risks involved with mobile devices and how to secure them.
Read article
•Type: Article •Region: UK/Worldwide •Level: Basic

Managing the risks of information leakage
Information leakage can slip under the conventional information security safety net: Bernardo Patrão highlights the problem and discusses techniques that help reduce the risk of damaging information leakage impacts.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Mobile security reaching a tipping point for organizations
Various significant security breaches that have occurred in 2011 have dramatically highlighted the link between information security and business continuity. In this article Rob Rachwald discusses an issue which is adding fuel to the fire: the growing security threat posed by mobile devices.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Mobile security – the time has come for action
Advances in mobile device technology are running ahead of changes to corporate defences. By Sean Glynn.
Read article
•Type: Article •Region: UK/Worldwide •Level: Basic

Monitoring for effective data protection
Barriers are not enough; data protection requires a systematic risk based approach.
Read article
•Type: Article •Region: UK •Level: Basic

Network security’s ticking time-bomb
Balancing effective IT security against a business’s need for agility is an age-old issue. But today, getting that balance right is trickier than ever.
Read article
•Type: Article •Region: Worldwide •Level: Basic

PCI DSS Version 3.0: new standard but same problems?
New Net Technologies has provided a white paper that examines the implications of the new PCI DSS Version 3.0 for businesses.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Plan to fail for better security and continuity
Tom Davison looks at how failures can be used to boost security and help business continuity: if approached in the right way.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Proper information security only comes by being truthful
Too many organizations are unwilling to face the facts when it comes to their information security risks and protective status. To move forward an honest assessment is required…
Read article
•Type: Article •Region: Worldwide •Level: Basic

Protecting business-critical information in virtual environments
Advice from David Phillips.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Protecting critical data from loss or theft
It’s a matter of due diligence says Dr. Jim Kennedy.
Read article
•Type: Article •Region: US/Worldwide •Level: Basic

Reducing the risk that your people pose to your organization
People and process are frequently disregarded when it comes to improving security posture, partly because the security risk they pose to an organization is difficult to measure and track.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Reducing threats from within the organization
Despite the headlines that high profile external attacks engender, insider threats are more likely to have financial and business continuity impacts on organizations. Dr. Jim Kennedy explores this important but hard to manage threat.
Read article
•Type: Article •Region: US/Worldwide •Level: Basic

Running lights out management without putting your organization’s lights out permanently
LOM is a potent technology which has its uses; however it also poses some potential risks which every enterprise must be aware of.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Security concerns emerge with the new gTLDs
One of the major concerns is ‘name collision’ reports Jonathan French.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Security implications of the virtualized data centre
Virtualization brings an entire new set of security issues, problems, and risks says Bill Beverley.
Read article
•Type: Article •Region: UK Worldwide •Level: Basic

Securing privileged identities: a critical area of cloud security
As a cloud infrastructure grows, so too does the presence of unsecured privileged identities. By Phil Lieberman.
Read article
•Type: Article •Region: UK Worldwide •Level: Basic

Security – the human factor
Protecting a business from security threats is as much to do with ‘human factors’ as it is with the IT department, argues Paul Kearney, head of enterprise risk research at BT Group.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Seven things you need to know about the ‘GHOST’ vulnerability
GHOST could potentially allow an attacker to take over the control of an entire Linux system: Szilard Stange provides more details and lists actions that organizations can take to protect their systems.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Shaping mobile security
Keith Bird shows how a new approach to mobile security can help organizations achieve the right balance of protection, mobility and productivity.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Smartphones and enterprise security
Smartphones raise key security issues, which many organizations have yet to address.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Softening the business impact of security management
How better visibility, and automated management of business application connectivity enables a more agile business and enhances security. 
Read article
•Type: Article •Region: Worldwide •Level: Basic

So you think SharePoint is secure? Think again!
Jamie Bodley-Scott looks at the insecurities Sharepoint introduces and suggests a three dimensional model to stem the resultant flow of data.
Read article
•Type: Article •Region: Worldwide •Level: Basic

The beginning of the end for firewalls?
There’s a new focus in town: data access control will increasingly trump network access control.
Read article
•Type: Article •Region: Worldwide •Level: Basic

The DigiNotar, Comodo and RSA breaches: what have we learned?
Enterprises need to move past the shock and begin formulating their own compromise recovery and business continuity plans.
Read article
•Type: Article •Region: Worldwide •Level: Basic

The impact of the consumerization of IT on IT security management
Alexei Lesnykh highlights new threats and solutions.
Read article
•Type: Article •Region: Worldwide •Level: Basic

The last rites of traditional IT security
In a changing threat landscape anti-virus software is fast beginning to look past its sell-by date says Mark Kedgley.
Read article
•Type: Article •Region: Worldwide •Level: Basic

The low hanging fruit of IT security
How smaller organizations can remain secure on limited budgets. By Chris Stoneff.
Read article
•Type: Article •Region: Worldwide •Level: Basic

The mobile security conundrum
As the lines between portable computers and mobile devices become blurred organizations need to act to address security vulnerabilities which could lead to data breaches and downtime. By Andy Cordial.
Read article
•Type: Article •Region: UK/Worldwide •Level: Basic

The rise of APT
Defining Advanced Persistent Threats, by Amichai Shulman, CTO of Imperva.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Ten things IT should be doing to protect your data: but probably isn’t
Businesses today are struggling with proper data protection: Rob Sobers provides some help.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Understanding the correlation between data leakage and the security mission
In many apparently very secure organizations, data leakage enabled by advanced evasion techniques is a potential disaster just waiting to happen. By Professor John Walker.
Read article
•Type: Article •Region: Worldwide •Level: Basic

What are nation state information security attacks really telling us?
A change is necessary in the mind-set about how we protect IT to an approach that sees attacks as a part of doing business.
Read article
•Type: Article •Region: Worldwide •Level: Advanced

What do business continuity managers need to know about Heartbleed?
Andrew Waite gives an overview of the Heartbleed vulnerability.
Read article
•Type: Article •Region: Worldwide •Level: Basic

What’s missing from DLP?
Data loss prevention solutions don’t provide an information security panacea but adding PICWIC enhances them, says David Gibson.
Read article
•Type: Article •Region: Worldwide •Level: Basic

Why you should ‘supersize’ your business impact analysis
It’s time to move beyond the conventional perception that the BIA is simply how you decide which processes are ‘critical’ and what the objectives are for recovery time and recovery point.
Read article
•Type: Article •Region: Worldwide •Level: Advanced

Will virtualization and cloud computing change how we achieve security?
By Gert Hansen, chief software architect, Astaro.
Read article
•Type: Article •Region: Worldwide •Level: Advanced

You can't always stop a breach: but you should always be able to spot one
December 15th is the anniversary that Target's infamous security breach was discovered; but has anything really changed in the year that has gone by? Retailer after retailer is still falling foul of the same form of malware attack. So just what is going wrong?
Read article
•Type: Article •Region: Worldwide •Level: Basic

How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here