Stories about: IT People

Web-based e-mail is booming. Services such as Gmail, Yahoo Mail and Hotmail are convenient, accessible and, best of all, free. Many of us have come to rely on them without giving it a second thought.

What is true enterprise security and how do you get it? Bogus promises by vendors are all too common. In this interview, outspoken security analyst Nick Selby humorously tackles the truth about data leakage products, smartphone protection, hotspot threats and the word "solution." Nick Selby leads The 451 Group's Enterprise Security Practice. Selby also serves as The 451 Group's Director of Research Operations and is on the faculty of the Institute for Applied Network Security.

In the past, most enterprises defined a disaster as an act of nature--a hurricane, tornado, flood or fire that wipes out their ability to conduct business as usual. Today, with worldwide networks, 24/7 customer call centers and Web applications, a common electrical failure could spell disaster when communication is interrupted in the supply chain, online transactions are halted or networks are down. Online resource Dictionary.com has even added "business failure" to the list of calamitous events that define a disaster.

Security is a people problem. OK, you already knew that. But recently the SANS Institute finally recognized it too, in its list of the top 20 Internet security risks of 2007. Topping the chart of new, hard-to-defend-against risks were vulnerabilities in custom Web applications and (drum roll, please) "gullible, busy, accommodating computer users, including executives, IT staff and others with privileged access."

Penetration tests conducted by a group of non-IT students has set the cat among the pigeons in the security community, spurring analysts and security professionals to emphasise the importance of certified penetration tests.

Security technologies delivered via the SAAS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure.

A child with a chocolate-smeared shirt says, "I didn't do it." The phone rings, and Mum assures you, "There's nothing to worry about." A systems administrator carrying a box of tapes says, "We'll have everything back up in a few minutes." Sometimes the first words you hear -- despite their distance from the truth -- tell you everything you need to know.

Mobile security threats are a relatively minor annoyance to a handful of users in Europe and Asia. However, conditions are rapidly ripening for these threats to start overwhelming both companies and individual users in North America.

Convincing business executives to address information security issues can be a nightmare for some IT managers. Liz Tay speaks with management consultant Jed Simms, executive chairman of Capability Management, about communicating security risks in a business-savvy manner.

Consolidation (of smaller players) and convergence (of physical and IT security technologies) keep CSOs on their guard.

Tsunami, bombings, hurricanes - the past year's disasters have been a wake-up call for Australia's government risk management practitioners.