Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Features list

advertisement 
FORWARD FEATURES 2015
(This list is subject to change)
JAN-FEB 2015
PREDICTIVE ANALYTICS
Predictive analytics doesn’t necessarily mean seeing an attack before it happens but, rather, helping
security professionals identify and track unknown malware, wherever it may be hiding. Because predictive
technologies are in their infancy, gaining a baseline understanding of the foundations upon which they are
being developed is a good first step, when exploring this new area.
WHAT DOES 2015 HOLD IN STORE FOR YOU?
What will be the big security issues in 2015 and are you ready to deal with them? From cybercrime, to
BYOD, to insider threats, one thing is certain: the rate, intensity and sophistication of attacks will only
increase. We ask some of the industry’s leading experts to predict what will be the biggest concerns in
2015.
MOBILE SECURITY/DEVICE MANAGEMENT
With mobile devices now seemingly everywhere and more and more applications flooding the market,
mobile monitoring and device management have never been so vital. As employees connect their own vast
mix of mobile devices to the enterprise – bringing devices designed for the consumer market into business
environments and then placing business and personal data side-by-side – security has become both
increasingly important and complex. What strategies should you introduce to reduce risk? How do you
ensure you are always in control of these devices, rather than the other way round? Computing Security
finds out.
MARCH-APRIL 2015
IDENTITY & ACCESS MANAGEMENT
Identity & Access Management (IAM) is regarded as essential for any organisation intent on ensuring
optimum management of electronic identities. Why? Because IAM technology can be used to initiate,
capture, record and manage user identities – and their related access permissions – in an automated
fashion. This ensures that access privileges are granted according to one interpretation of policy alone, and
that all individuals and services are properly authenticated, authorised and audited.
However, poorly controlled IAM processes may well lead to regulatory non-compliance, because, should
the organisation be audited, management will be unable to prove that company data is not at risk of being
misused. This feature looks at how you can avoid the latter situation and ensure you have an IAM system
in place that protects you from such exposure.
SIEM (SECURITY INFORMATION AND EVENT MANAGEMENT)
Security information and event management (SIEM) is a technology solution developed with the goal of
introducing greater intelligence and automation into the collection, correlation and analysis of log and alert
data, which, in turn, should allow security analysts to focus on what is most important. SIEM is all about
improving efficiency by enhancing the ability to deal with the mushrooming amount of data generated by
network and security devices. Or being able to detect an attack designed to elude a firewall or IPS (but not
both). Or even making reporting and documentation (for compliance purposes) more efficient. But how do
you justify the cost of investing in SIEM to the board in this straitened times? What are the compelling
arguments? And what is the likely ROI? We ask the experts.
PEN TESTING
A penetration test, or pen test, is a method of evaluating computer and network security by simulating an
attack on a computer system or network from external and internal threats. The process involves an active
analysis of the system for any potential vulnerabilities that could result from poor or improper system
configuration, either known and unknown hardware or software flaws, or operational weaknesses in
process or technical countermeasures. This analysis is carried out from the position of a potential attacker
and can involve active exploitation of security vulnerabilities. But can it detect all attacks? How
sophisticated is it? And are the dark forces getting too clever to be caught now, even by these latest
technologies?
MAY-JUNE 2015
INTERNET OF EVERYTHING
The Internet of Everything (IoE) brings together people, process, data and ‘things’ to make networked
connections more relevant and valuable than ever before. The IoE effectively turns information into actions
that create new capabilities, richer experiences, and real economic opportunity for businesses, individuals,
and countries. The Internet of Things (IoT), a broad concept plotting to make vast amounts of our physical
world interactive, IP-enabled, and ‘smart’. As billions of devices connect via the Internet, exchanging
information and taking autonomous actions based on continuous input, we will face a paradigm change that
will transform our personal lives and revolutionise business, warns research company Forrester’s Andrew
Rose. “These radical transformations will pose unprecedented data privacy and security challenges to
security and risk (S&R) professionals.” He states. How do organisations ensure that they don’t walk blindly
into this wave of opportunity and risk? How can they make the IoT work for them, rather than against?
HUMAN ERRORS/RISK
According to the ‘IBM Security Services 2014 Cyber Security Intelligence Index’ report), over 95% of all
incidents investigated recognise human error as a contributing factor. While organisations try to employ a
litany of different security controls in an attempt to limit their risk of becoming the victim of a security
incident or breach, human error is one factor that can’t always be controlled or relied upon. Considering
that each lost data record cost companies, on average, $145 per record in 2013, decreasing the human
factor is ideal for any company that wants to stay in business these days.
Some of the most common human errors include:

System misconfiguration

Poor patch management

Lost laptops or mobile devices

Disclosure of regulated (sensitive) information via incorrect email address

Opening infected attachments or clicking on unsafe URLS

Use of default usernames/passwords, or easy-to-guess passwords.
What should organisations be doing to defend themselves against such practices? Are they to blame
primarily for poor policy setting and monitoring? How do the best enterprises manage to get it right?
SECURE DATA ERASURE/E.O.L. IT
Organisations have an ever increasing volume of data stored across a multitude of media including virtual
systems, USB drives, tapes, memory cards, HDD - all of which requires managing. One of the biggest
challenges facing organisations, IT providers and IT recycling companies is ensuring end-of-life sensitive
data and intellectual property is erased securely and cost-effectively. Who should you turn to, in order to
get this right? What are the possible consequences of selecting the wrong vendor to manage this process
for you – and how do you know who you can really trust to dispose of your data – and possibly also
hardware – professionally and ethically?
JULY-AUGUST 2015
TARGETED THREATS
A targeted attack seeks to breach the security measures of a specific individual or organisation. Usually the
initial attack, conducted to gain access to a computer or network, is followed by a further exploit designed
to cause harm or, more frequently, steal data. Future attacks could be focused increasingly on the
modifying of data. The emergence of Stuxnet in 2010, for instance, revealed that targeted malware attacks
could be used to interfere with industrial control systems.
Analyzing the stages of an attack can provide insight into the tools, tactics and procedures of the attackers.
This behaviour helps indicate whether an attack can be linked to a broader campaign and helps build
intelligence that can be used to inform incident response procedures and help mitigate future advances by
the attacker. We investigate how businesses can keep themselves safe from such assaults.
MANAGED SECURITY SERVICES
Managed security services are designed to help you improve your information security – either by
outsourcing your security operations or supplementing your existing security teams. What Managed
security services providers promise is the expertise, knowledge and infrastructure that you need to secure
your information assets from Internet attacks, often saying that this can be done at a fraction of the cost of
in-house security resources. Does the reality live up to the promises, though? Or could you rely on your
own internal resources to deliver equally secure systems at lower cost, all under much tighter personal
control? Or would an MSP bring far better operational, financial and strategic efficiencies across the
enterprise?
ANTI MALWARE
Think of malware now and the name ‘Sony’ comes to mind. Soon after the devastating breach at Sony
Pictures Entertainment, the FBI was warning US businesses that hackers have used malicious software to
launch a destructive cyber attack in the US. Such attacks had been launched in Asia and the Middle East
previously, but none had been reported in the US. The FBI report did not say how many companies had
been victims of destructive attacks. Many believe that the Sony attack signals the onset of destructive cyber
attacks globally. How concerned should businesses in the UK be? How do they best protect themselves
from malware? Are the attackers fast gaining the upper hand?
SEPT-OCT 2015
CLOUD SECURITY
The market for cloud computing, in which software and information is available on demand via the Internet,
has surged in recent years. Market research firm IDC expects businesses worldwide to spend $57.4 billion
by 2014 – double that of only a few years previously. Does this signal a brave, new world of ‘cloud without
borders’ and is this necessarily the right way to go? How safe is your information in the cloud and who
really has control over it?
CYBERCRIME
One recent estimate of the cost of cybercrime to the UK put this at a staggering £27bn per annum (‘The
Cost of Cybercrime’, a report authored by business and technology consulting firm Detica, in partnership
with The Office of Cyber Security and Information Assurance in the Cabinet Office). A significant proportion
of this cost comes from the theft of IP from UK businesses, estimated at £9.2bn per annum, though the real
impact of cyber crime is likely to be much greater. The main loser – at a total estimated cost of £21bn – is
UK business itself, says the report, which suffers from high levels of intellectual property theft and
espionage. What is being done to protect UK businesses? Is it enough? Or are the cybercriminals getting
the upper-hand in a one-way battle?
DIGITAL IDENTITY (INC BYOD)
Having to disclose your digital identity, in exchange for the right to gain access to information or services
over the Internet, can be at odds with the need to retain control over personal data. One of the biggest
challenges for privacy is posed by the advance of ubiquitous computing: where computers are seamlessly
integrated in the environment – and (personal) data processing becomes increasingly invisible to the
individual. Users will generally not see what data is being processed, by whom and for what purpose. This
further decreases the possibility to control the disclosure of personal data and yet user control is key.
Digital identity management solutions could enhance online privacy by recognising anonymity as the
starting point, and by reducing the amount of personal information that is collected and passed to
transacting parties. But is this realistic in an ‘Internet of Everything’ world? And how does BYOD figure in
this equation? And CYOD also? We ask the experts for their views.
NOV-DEC 2015
APPLICATION SECURITY
Application security plays a pivotal role – through the use of software, hardware and procedural methods –
to protect applications from external threats. Indeed, security –once little much more than an afterthought in
software design – is becoming an increasingly important concern during development, as applications
become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of
threats. We look at how security measures built into applications and a sound application security routine
both serve to minimise the likelihood that unauthorised code will be able to manipulate applications to
access, steal, modify or delete sensitive data.
EXPLOIT PREVENTION TECHNOLOGY
Cybercriminals use exploits (a special type of malicious program which utilises vulnerabilities in legitimate
software) to secretly download malware which steals users’ personal data and money. Some exploits help
bypass antivirus protection, which makes this type of malware even more popular for cyber-attacks. What
steps can be taken to detect and block exploits as soon as they attempt to use software vulnerabilities?
How can businesses get a clear understanding of the behaviour of legitimate software components and so
detect any unusual activity that might indicate an exploit is at work?
GOVERNANCE, RISK AND COMPLIANCE
Governance, Risk & Compliance (GRC) plays an important role in any organisation’s continuous risk management
approach. It touches all parts of the organisation and therefore must be considered as part of the overall corporate
strategy to be truly successful. At the same time, the GRC landscape is continually changing. To remain competitive,
companies must have a strategy in place that keeps pace with new legislation and stakeholder expectations. But
what are the steps any business has to take to get this right, specifically where overall security is concerned? What
are the obstacles that can surface along the way? And how do you balance all of these ‘musts’, so they align in such a
way as to bring greatest benefit to the business?
ENCRYPTION
Business and commerce rely on encryption to ensure their activities run smoothly. That reliance goes
beyond just e-commerce, as encryption serves to protect their valuable information from potentially being
stolen or altered. The ease with which they can now process information has been aided by the valuable
protections offered by encryption. At the same time, encryption can be used by enemies just as readily as
by us, so it is important to remain ahead of the curve, in terms of encryption technology. How do you this?
What is the right solution for your organisation? How do you stay ahead of the game, so your systems
aren’t breached?
If you are interested in contributing editorially to any of these features or marketing around them contact:
Edward O’Connor
Media Sales Consultant
Tel: 01689 616 000
Email: Edward.oconnor@btc.co.uk
Brian Wall
Editor of Computing Security Magazine
Email: Brian.p.Wall@btc.co.uk
Related documents
Reading instructions for Stallings: “Computer Security”
Reading instructions for Stallings: “Computer Security”
Gallaugher2_0-PPT
Gallaugher2_0-PPT
Separate Domains of IT Infrastructure
Separate Domains of IT Infrastructure
CH 8 – Review - WordPress.com
CH 8 – Review - WordPress.com
all
all
Virtual Worlds - Cyberspace Law and Policy Centre
Virtual Worlds - Cyberspace Law and Policy Centre
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
2.3.1.A VulnerableUser
2.3.1.A VulnerableUser
SIEM Based Intrusion Detection
SIEM Based Intrusion Detection
A Survey on different Attacks on Mobile Devices and its Security
A Survey on different Attacks on Mobile Devices and its Security
18_DataCenter_Security_Overview
18_DataCenter_Security_Overview
Mobile device
Mobile device
Download
advertisement