security problems

Relieving overloaded email systems

Mon, 05 May 2008 06:59:58 -0400

Sharing large documents, media files or data files is critical in the workplace and many CIOs rely on email systems because they are easy to use and familiar to most people. But as many IT executives know, making the email system the de facto content management system for communications has its drawbacks including bandwidth and storage constraints and increasing storage costs. Pepperdine University CIO Timothy Chester tells of his trials and tribulations dealing with this issue. At first, he instituted file size limits for the attachments passing through the university's email system but were unable to accommodate users' needs and folks turned to free email services from Microsoft, Yahoo and Google as well as social networks like Facebook and MySpace. That, in turn, created security problems for the IT department.

The solution? Turning to a secure file transfer solution that would be easy to use and cost-effective while at the same time providing relief for the over-burdened email system. In his case, it was Accellion, a product he says allowed students, faculty and staff at the university to use the email technology they already know yet still collaborate on sending large files quickly and easily without an exposure to security risks.

To read more about the Pepperdine IT experience:
- See this CIO Magazine article

For more stories from the FierceCIO network:
> Hard Drive Crusher is serious about security.
> Parallels adds Leopard Server support.
> First Atom devices coming in June.

ALSO NOTED: Fired Microsoft CIO gets a new job; Internet attacks get smarter;

Thu, 29 Nov 2007 06:59:58 -0500

> Fired Microsoft CIO gets a new job. Article
> Internet attacks get smarter. Article
> New CIO at CA. Article
> Wisconsin state budget under fire over tech rules. Article
> Harvard has security problems, too. Article
> Advice for CIOs from IBM. Article
> Linux developer on trial for murdering wife. Article
> Missing email costs the RNC plenty. Article

And Finally... Does it count to be cute in naming a web site? Article

ChoicePoint's security turnaround

Mon, 28 May 2007 20:01:37 -0400

ChoicePoint's CIO Darryl Lemecha knows a thing or two about security problems. Three years ago, a thief fraudulently obtained access to the company's customer information and ChoicePoint has since been doing all it can to recover from the debacle, including a complete overhaul of its security program. Since the incident, the company has been slapped with a fine of $15 million by the FTC--$10 million in civil penalties and $5 million for an FTC-administered fund to help consumers. As part of his security overhaul, Lemecha instituted a set of corporate governance principles others can follow: get everyone involved, continuously train, set expectations, actively audit and monitor, and be transparent in your actions.

Read about Lemecha's security turnaround in his own words:
- see this article in Optimize Magazine

Improving security on the cheap

Wed, 25 Apr 2007 20:01:36 -0400

Investing in expensive, complex security tools almost always pays off, but there are some much less expensive, common-sense steps you can take to improve security throughout the enterprise. First, periodically check for rogue wireless access points in corporate buildings. These access points give hackers an open door into the network. Second, enable Windows Update on all computers, but be sure to remember to verify that the systems are actually being patched. Third, don't allow HTML email through, because the text can open the door for security problems. Fourth, train users and IT staff on security procedures. Fifth, consider using Mozilla's Thunderbird and Firefox as possible alternatives to Outlook and Internet Explorer, because attackers tend to write malware for the latter software, not the former.

Read more security tips:
- read the article at InformationWeek

Are passwords passé?

Sun, 18 Mar 2007 20:01:38 -0400

Although passwords are considered by many to be the first frontier in the fight against security problems, some companies are actually abandoning them, considering them too weak a tool to do much good. Instead, these companies are taking more stringent measures like RSA tokens for two-factor VPNs and fingerprint readers for local log-ons. Another option is to change the way passwords are formulated, such as increasing the password length to 128 characters or greater. Some companies are even experimenting with combining the two. For example, employees would face a log-on screen and enter their PIN and RSA token information and get authenticated. Behind the scenes, RSA and Citrix would accept the two-factor token authentication information and pass an extremely long Windows password to authenticate to the needed Windows resources.

Read more about new methods of security:
- read the article at InfoWorld

ALSO:
- read this on the basics of passwords
- and this on providers passing up passwords for better technology

Why Antivirus technology is ineffective

Mon, 22 Jan 2007 19:01:38 -0500

Antivirus technology may be more ineffective than you think. Although vendors tout antivirus software as an effective solution to the growing virus threat, others believe that it fails to prevent computers from being infected--a failure that contributes to other organizational security problems, such as identity theft and computer fraud. This situation is fleshed out by numerous studies, including one by the Yankee Group that noted that 62 percent of enterprises have become infected with viruses, despite the fact that 99 percent have installed antivirus programs.

Learn more about the effectiveness of virus software:
- read this article at CIO Today

Microsoft sharing Blue Hat security insight

Sun, 19 Mar 2006 19:01:35 -0500

It might not seem like a huge philosophical change, but you have to admit that Microsoft's decision to share publicly the results of its Blue Hat 3 security conference is pretty good news. The conference, held last week, focused on global security and invited experts and security professionals to share insight, predictions and technology advancements from vulnerabilities in search engines to hackers aiming at Web applications. Of course, a lot of the talk focused on flaws and security problems with Microsoft's own products and tools.

For more on Microsoft's move to share:
- read this article at News.com

The debate over mobile security

Thu, 23 Feb 2006 19:01:38 -0500

While recent news clearly indicates that the mobile landscape is the next frontier of attack for malware and 'badware' writers, at least one mobile service provider doesn't believe that anti-virus and anti-spyware remedies should be automatically housed on mobile handsets as a primary defense. In fact, Verizon Wireless doesn't believe customers have to install any antivirus on phones at this point and says network security technology, such as scanners, is the best way to prevent mobile security problems. Obviously security vendors are itching to hit the cell phone device market and some pundits believe it's only a matter of time before that phone or personal data device is housing as many security tools as today's PCs.

For more on securing mobile devices:
- read this News.com article