Security Standards - Infoworld http://www.infoworld.com/t/2118 en After Heartbleed: 4 OpenSSL alternatives that work http://www.infoworld.com/t/encryption/after-heartbleed-4-openssl-alternatives-work-240304?source=rss_security_standards <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_web_1_hp.jpg" alt="After Heartbleed: 4 OpenSSL alternatives that work" width="243" height="182" align="right" /></div><p>Nobody needs to be reminded of the <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">severity of the Heartbleed OpenSSL bug</a>. Open Source Software Security Encryption Open Source Software Security Standards Fri, 11 Apr 2014 10:00:00 +0000 InfoWorld Tech Watch 240304 at http://www.infoworld.com Google, Microsoft, Salesforce back OpenID Connect -- but it's not enough http://www.infoworld.com/t/identity-management/google-microsoft-salesforce-back-openid-connect-its-not-enough-237258?source=rss_security_standards <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg" alt="Google, Microsoft, Salesforce back OpenID Connect -- but it's not enough" width="243" height="182" align="right" /></div> <p>After some four years of wrangling, the <a href="http://openid.net/">OpenID Foundation</a> has finally <a href="http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/">given the th Security Identity Management Security Standards Thu, 27 Feb 2014 11:00:00 +0000 InfoWorld Tech Watch 237258 at http://www.infoworld.com Where PCI compliance fails: Security testing, network monitoring http://www.infoworld.com/t/security-standards/where-pci-compliance-fails-security-testing-network-monitoring-235948?source=rss_security_standards <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 192px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/cash_register.jpg" alt="Where PCI compliance fails: Security testing, network monitoring" width="243" height="182" align="right" /><br /><em><p align="right">Credit: shuchun ke</p></em></div> Networking Security Compliance Network Monitoring Intrusion Detection Network Security Security Standards Vulnerability Assessment Fri, 07 Feb 2014 19:57:46 +0000 InfoWorld Tech Watch 235948 at http://www.infoworld.com Unchain your mobile users and just protect the data http://www.infoworld.com/d/mobile-technology/unchain-your-mobile-users-and-just-protect-the-data-219812?source=rss_security_standards <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/broken_chain.jpg" alt="Unchain your mobile users and just protect the data" width="243" height="182" align="right" /></div><p>PC sales continue to decline, mobile sales continue to climb, people work at home, and the <a href="http://www.infoworld.com/t/consumerization-it/the-real-force-behind-the-consumerization-it-181424">notion of strict work/life separation for e</a></p> Applications Consumerization of IT Mobile Technology Security Data Security Mobile Security Security Standards Tue, 04 Jun 2013 10:00:00 +0000 Galen M. Gruman 219812 at http://www.infoworld.com 9 top threats to cloud computing security http://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security-213428?source=rss_security_standards <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Cloud_Security_hp.jpg" alt="9 top threats to cloud computing security" width="243" height="182" align="right" /></div><p>Cloud computing has grabbed the spotlight at this year's RSA Conference 2013 in San Francisco, with vendors aplenty hawking products and services that equip IT with controls to bring order to cloud chaos.</p> Cloud Computing Security Cloud Security Data Security Security Management Security Standards Mon, 25 Feb 2013 20:12:21 +0000 InfoWorld Tech Watch 213428 at http://www.infoworld.com Why the Java threat rang every alarm http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-211061?source=rss_security_standards <div id="tw-edit" style="background: #ffffff no-repeat center top; float: right; width: 243px; position: relative; height: 182px; padding: 8px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/java_hp.jpg" alt="Why the Java threat rang every alarm" width="243" height="182" align="right" /></div><p>If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the <a href="http://www.kb.cert.org/vuls/id/625617" target="_blank">Department of Homeland Security, no less, urged users to disable </a></p> Application Development Oracle Java Programming Hacking Security Management Security Standards Vulnerability Assessment Web Security Security Fri, 18 Jan 2013 11:00:00 +0000 InfoWorld Tech Watch 211061 at http://www.infoworld.com Download the PCI Compliance Deep Dive Report http://www.infoworld.com/d/security/download-the-pci-compliance-deep-dive-report-204655?source=rss_security_standards <p>One of the most important industrywide computer standards, PCI is also one of the most specific, comprehensive, and prescriptive. Any IT professional who wants to establish a benchmark state of security satisfaction can do so by implementing PCI. This Deep Dive by InfoWorld contributing editor Roger Grimes, a leading authority on enterprise security, provides the essential details.</p> <p>This Deep Dive report covers the broad tenets of PCI, as well as the finer details, how PCI compliance fits into the bigger enterprise security picture, and how to survive a PCI audit.</p> Security Compliance Security Standards IDG Insider Fri, 12 Oct 2012 10:00:00 +0000 uphan 204655 at http://www.infoworld.com New security standard pushes for better support for digital certificates http://www.infoworld.com/d/security/new-security-standard-pushes-better-support-digital-certificates-200246?source=rss_security_standards <p>There is no silver bullet when it comes to encryption. Even the most complex, invulnerable encryption today could be child's play in the future. The NIST (National Institute of Standards and Technology) is <a href="http://www.pcworld.com/businesscenter/article/260922/new_nist_encryption_guidelines_may_force_federal_agencies_to_replace_old_websites.html" target="_blank">publishing new encryption standards</a> for public review to try and keep up with the times and stay a step ahead of the bad guys.</p> Security Federal Regulations Encryption Security Standards Web Security Thu, 16 Aug 2012 16:32:18 +0000 admin 200246 at http://www.infoworld.com 9 popular IT security practices that just don't work http://www.infoworld.com/d/security/9-popular-it-security-practices-just-dont-work-199548?source=rss_security_standards <div style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/44FEsecurity-hp.jpg" alt="9 popular IT security practices that just don't work" width="243" height="182" align="right" /></div><p>When it comes to IT security, FUD (fear, uncertainty, and doubt) is more than just the tool of overhyping vendors hoping to sell their next big thing.</p> Security Access Control Anti-spam Anti-spyware Anti-virus Application Security Authentication Cyber Crime Data Security Endpoint Protection Malware Network Security Password Security Patch Management Phishing Security Management Security Standards Security Tools Social Engineering Security Mon, 13 Aug 2012 10:00:00 +0000 Jason Snyder 199548 at http://www.infoworld.com The long life and slow death of the virtual server http://www.infoworld.com/d/data-center/the-long-life-and-slow-death-of-the-virtual-server-196557?source=rss_security_standards <p>As we continue to move wholesale into a world where <a href="http://www.infoworld.com/d/data-center/lets-kick-virtual-the-curb-194140">virtual servers are the rule</a>, we're starting to see just how different this new environment is. Server farms are evolving in unexpected ways, creating situations we didn't encounter prior to the widespread adoption of virtualization. One of these oddities is the seemingly eternal server. How do you manage the lifecycle of <a href="http://www.infoworld.com/t/servers/the-server-you-buy-today-could-last-decade-702">a machine that never dies</a>?</p> Computer Hardware Data Center Security Virtualization Server Virtualization Servers Security Standards Data Center Mon, 02 Jul 2012 10:00:00 +0000 Paul Venezia 196557 at http://www.infoworld.com Download the PCI Compliance Deep Dive report http://www.infoworld.com/d/security/download-the-pci-compliance-deep-dive-report-194426?source=rss_security_standards <p>Developed and enforced by the credit card industry, the PCI Data Security Standard contains a set of detailed tenets that every company dealing with customer data should adopt. InfoWorld security expert Roger Grimes explains the best approach to PCI compliance -- and the consequences of failing to do so properly.</p> <p>This PDF report provides the following benefits:</p> Security Federal Regulations Authentication Data Security Security Standards Security Technology Business Thu, 31 May 2012 10:00:00 +0000 uphan 194426 at http://www.infoworld.com Sloppy certificate authorities put on notice http://www.infoworld.com/d/security/sloppy-certificate-authorities-put-notice-178319?source=rss_security_standards <p>Microsoft has taken the unusually bold step of revoking the Windows Root Certificate Program's trust in a specific certification authority (CA), and the same CA is being blacklisted by browser makers Mozilla and Opera.</p> Security Microsoft Application Security Authentication Security Standards Vulnerability Assessment Web Security Tue, 08 Nov 2011 11:00:00 +0000 Roger A. Grimes 178319 at http://www.infoworld.com Microsoft offers ideas for users to beat the BEAST threat http://www.infoworld.com/d/security/microsoft-offers-ideas-users-beat-the-beast-threat-174146?source=rss_security_standards <p><a href="http://www.networkworld.com/subnets/microsoft/" target="_blank">Microsoft</a> is <a href="https://technet.microsoft.com/en-us/security/advisory/2588513" target="_blank">urging customers</a> to update vulnerable versions of SSL to a newer one that is not susceptible to <a href="http://www.infoworld.com/t/security/red-alert-https-has-been-hacked-174025">a recently published exploit called BEAST</a>, but in the meantime it recommends steps that lessen the risk of being victimized.</p> Security Microsoft Encryption Hacking Malware Security Standards Web Security Tue, 27 Sep 2011 17:20:12 +0000 admin 174146 at http://www.infoworld.com Red alert: HTTPS has been hacked http://www.infoworld.com/t/security/red-alert-https-has-been-hacked-174025?source=rss_security_standards <div style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/security_warning_hp.jpg" alt="Red alert: HTTPS has been hacked" width="243" height="182" align="right" /></div> <p>Only a handful of exploits per decade reveal a vulnerability that is truly significant.</p> Security Encryption Hacking Security Standards Web Security Security Mon, 26 Sep 2011 18:30:19 +0000 InfoWorld Tech Watch 174025 at http://www.infoworld.com Car hacks loom as autos go wireless http://www.infoworld.com/d/security/car-hacks-loom-autos-go-wireless-168664?source=rss_security_standards <p>Pretty soon cars could be warning one another of driving hazards that drivers aren't observant enough to avoid. That's the hope of the <a href="http://www.connectedvehicle.org/" target="_blank">Connected Vehicle Trade Association</a>, a group exploring the potential benefits of two-way car communications using GPS and wireless technologies.</p> Security Hacking Security Standards Security Tue, 02 Aug 2011 10:00:00 +0000 Roger A. Grimes 168664 at http://www.infoworld.com Software scores can help secure the Web http://www.infoworld.com/t/web-security/software-scores-can-help-secure-the-web-388?source=rss_security_standards <div style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg" alt="Software scores can help secure the Web" width="243" height="182" align="right" /></div><p>No one wants defect-ridden, insecure software, but unless your supplier is using a secure development methodology (and many times even then), your company is typically getting exactly that.</p> Application Development Security Application Security Security Standards Web Security Government Mon, 27 Jun 2011 16:50:03 +0000 InfoWorld Tech Watch 165388 at http://www.infoworld.com Why your security sucks http://www.infoworld.com/t/security/why-your-network-security-sucks-630?source=rss_security_standards <p>Security breaches are getting more mainstream media play than ever before, mainly thanks to organizations like Anonymous and <a href="http://www.infoworld.com/d/security/lulzsec-claims-cia-website-hack-372">Lulz Security hitting high-profile targets</a>. The cost of the destruction, <a href="http://www.infoworld.com/d/security/lulz-boat-hacks-sony-harbor-faq-061">particularly to Sony</a>, has been high. But ironically, attackers who do it for the glory rather than money may be providing a kind of public service.</p> Security Anti-virus Cyber Crime Data Security Endpoint Protection Hacking Malware Patch Management Security Management Security Standards Web Security Security Mon, 20 Jun 2011 10:00:00 +0000 Eric Knorr 164630 at http://www.infoworld.com Security expert: Mac OS X more vulnerable than Windows in some ways http://www.infoworld.com/d/security/security-expert-mac-os-x-more-vulnerable-windows-in-some-ways-286?source=rss_security_standards <p>Although Mac users are more likely to experience virus-free computing than <a href="http://www.networkworld.com/topics/windows.html" target="_blank">Windows</a> PC owners, there is nothing inherently more secure about <a href="http://www.networkworld.com/slideshows/2009/060309-apple-quiz.html" target="_blank">Apple</a>'s operating system, and in certain respects Mac OS X is more vulnerable than Windows, a <a href="http://www.networkworld.com/topics/security.html" target="_blank">security</a> expert tells Network World.</p> Security Mac OS X Microsoft Windows Security Standards Security Tue, 07 Jun 2011 10:00:00 +0000 admin 163286 at http://www.infoworld.com Make your mark by stopping hackers http://www.infoworld.com/d/security/make-your-mark-stopping-hackers-920?source=rss_security_standards <p>I remember being excited when I was asked to use a sledgehammer to tear down a covered garage that wasn't approved by the city. It had been standing beside my girlfriend's house for years. You could tell it was built intelligently and with love. The supporting beams were twice as thick as required by code, and every nail and screw was driven straight. The lumber itself was top shelf, not a knot or bend in it.</p> Security Data Loss Prevention Hacking Network Security Security Standards Security Tools Vulnerability Assessment Tue, 24 May 2011 10:00:00 +0000 Roger A. Grimes 161920 at http://www.infoworld.com We're doomed to insecurity in the cloud and on thin clients http://www.infoworld.com/d/security/were-doomed-insecurity-in-the-cloud-and-thin-clients-094?source=rss_security_standards <p>Working in the IT security field, you spend every waking hour striving to improve protection and lower risk. Then another computing technology emerges -- the Internet, wireless networking, mobile computing, social networking, and so on -- and you have to learn every security lesson all over, as if something new and surprising has come along.</p> Cloud Computing Data Center Security Cloud Security Data Security Thin Clients Security Management Security Standards Web Security Data Center Security Tue, 17 May 2011 10:00:00 +0000 Roger A. Grimes 161094 at http://www.infoworld.com