This article offers eight tips by auditors, consultants, and others who have been through IT security audits on what to look for in a compliance audit and how to beat these problems before the audit.
http://www.darkreading.com/document.asp?doc_id=128368
[Editor's Note (Valle): Since nobody passes security audits on the first try, it is good to learn from the wisdom of people who have been through it before.]
How to Detect Security Vulnerabilities in Your System
http://www.cio.com/article/107158/How_to
_Detect_Security_Vulnerabilities_in_Your_Systems/1
Highlights the importance of keeping up with Common Vulnerability and Exposure (CVE) in your network
Hackers Clean Up with Ajax
http://www.darkreading.com/document.asp?doc_id=128730
Web 2.0 technologies might be prettier to the end user but they are inherently more vulnerable.
NSA, DHS name top info assurance schools
http://www.fcw.com/article103179-07-09-07-Web
Don’t send your people to just any security school.
RFP: Penetration Testing
http://www.eweek.com/article2/0,1759,2155859,00.asp?kc=EWRSS03129TX1K0000614
A quick and dirty guideline for pen tests.
A trial of 3 people being tried in Britain for terrorism has uncovered how they used stolen credit card information obtained over the Internet to purchase communication forums and web hosting services to spread terrorist propaganda.
http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/AR2007070501945_pf.html
[Editor's Note (Valle): This news is sure to make anti-terrorist government officials look at ID theft in a new, more serious light.]
Security Company launches eBay for Zero-day exploits
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026363&
source=rss_topic17
I’m all for security researchers getting paid for their work but this marketplace has to make sure that cybercriminals are not on the other side of these transactions.
Court holds Belgium ISP liable for file sharing
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026360
This sets a worrisome precedence for all ISPs which in the past have taken no responsibility over what transverses over their network.
Hackers target C-level execs and their families
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9026048
A very good example of spear-phishing.
Data Leak Prevention in Flux
http://www.darkreading.com/document.asp?doc_id=128292
DLP is starting to get traction in the marketplace.
Credit card fraud takes a charitable twist
http://www.scmagazine.com/us/news/article/669553/not-so-sweet-charity-credit-card-fraud-takes-charitable-twist/
Be careful of small transactions on your credit card- the cybercriminals are testing it!
Investigating logic bomb attacks and their explosive effects
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1262766,00.html?track=sy320
A good article describing one of the worst type of attacks that can happen to you and your company.
6 ways to fight back against botnets
http://www.networkworld.com/research/2007/070607-botnet-side1.html?page=1
These 6 ways are also a great way to stay secure from many Internet-based malware.
Average Zero-day bug has 348-day lifespan
http://www.networkworld.com/news/2007/070907-average-zero-day-bug-has-348-day.html?fsrc=rss-security
How much havoc can hackers do in over just under a year?!!
The Information Security Management Community Top Ten is an awareness document that describes a series of key issues that organizations should immediately understand. The importance of corporate Governance, Risk and Compliance (GRC) is driving business decision and corporate strategies in the information age….
http://www.ism-community.org/files/folders/trainingandawarenessrelease/entry999.aspx
[Editor's Note (Valle): I came across this excellent PDF that companies that can use to get a quick overview of how good their current information security program is.
An eWeek’s slideshow that could be sent virtually around the office for a good laugh with the side benefit of a good dose of IT security education.
http://www.eweek.com/slideshow/0,1206,a=
210600,00.asp
[Editor's Note (Valle): The longer I am in this industry, the more I become a proponent of IT security education as a fundamental necessity. It is a shame that companies do not see more value in it.
