[PCWorld] You already know the basics of internet security, right? But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks. http://www.pcworld.com/article/201309/security_secrets_the_bad_guys_dont_want_you_to_know...

Windows Intune Beta Windows Intune simplifies how businesses manage and secure PCs using Windows cloud services and Windows 7—so your computers and users can operate at peak performance, from virtually anywhere. Windows Intune is a comprehensive solution that includes PC management, malware protection...

The Security Compliance Manager will help you accelerate knowledge to merge best practices, customize once to centralize decision making, and export to multiple formats to enable monitoring, verification, and compliance. The tool is designed to help accelerate your organization’s ability to efficiently...

Centre for the Protection of National Infrastructure: This publication offers security advice and good practice for any organisation looking to protect against the risk of a terrorist act or limit the damage such an incident could cause. It sets out how a security plan might be developed and updated...

Victor Beitner, a security expert who reconfigures photocopy machines destined for resale in Toronto, says businesses are completely unaware of the potential information security breach when the office photocopier is replaced. They think the copier is just headed for a junkyard but, in most cases...

[NIST] With the dwindling number of IPv4 addresses, the Office of Management and Budget (OMB) mandated that U.S. federal agencies begin using the IPv6 protocol. This document provides guidelines for organizations to securely deploy IPv6. http://csrc.nist.gov/publications/drafts/800-119/draft-sp800...

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure — 86 percent of the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real...

Using your laptop to get work done away from your office or on the road is becoming widely accepted. But this rapid growth in laptop computing has made portable systems the target for theft around the world. If your laptop computer is stolen, company information can be exposed, as well as your personal...

EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code...

As part of its commitment to make the SDL more accessible to every developer, Microsoft is delivering three new programs and tools: discover the Microsoft SDL Pro Network, the Microsoft SDL Optimization Model, and the Microsoft SDL Threat Modeling Tool v3. http://msdn.microsoft.com/en-us/security...

The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks. MSAT is an easy, cost-effective way to begin...

Security guru Joel Snyder from Opus One recently starred as the guest of a live Network World chat where he discussed the state of network access control. Snyder says that Microsoft is emerging as one of the clear winners of NAC, but that Microsoft's technology is a foundation from which to build, not...

If you're an IT pro who is looking a bit more seriously at Windows Vista for your enterprise environment, you should take a close look at the firewall. Once you realize what the Windows Vista firewall can do, you may want to renegotiate the agreement you have for that third-party security suite to remove...

What's new in Windows Vista SP1 or Windows Server 2008 Bitlocker? http://technet.microsoft.com/en-us/magazine/cc510321.aspx Urs

Microsoft today called for broad discussions about the safety of the Internet in an initiative it dubbed "End to End Trust" in a white paper released during the RSA Conference that opened today in San Francisco. In a keynote address at the security conference, Craig Mundie, chief research and strategy...

Security breaches that can be traced back to the actions of one individual are not the fault of one "stupid" employee but rather a failure to educate and engage the whole workforce around the importance of good security practice, according to a leading academic. Speaking at the Cyber Warfare 2008...

A management framework for organizing national cybersecurity efforts: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-draft-cybersecurity-framework.pdf Urs

SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices." The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to advance understanding and practices related to secure...

Taking a least-privilege approach to user accounts is a key part of any in-depth defense strategy, many analysts and security pros say. "I think it's very important … not even just as [a component] of security, but in the broader sense [of] risk posed to the business in IT," said Scott Crawford, an...

If it seems that -- despite your company's best efforts to educate users about security -- users are actually behaving less responsibly, don't panic. Your organization isn't the only one. In fact, Cisco Systems Inc. today is releasing the results of a disturbing third-party study it commissioned over...

ISC2, the non-profit international body that educated and certifies information security professionals, today announced the publication of its "Hiring Guide to the Information Security Profession". The free 30-page guide is designed to provide human resources (HR) with best practice tips on how to...

On December 6, analyst firm Gartner Inc., announced that Microsoft Intelligent Application Gateway (IAG) 2007 is positioned in the Visionaries quadrant of their 2007 SSL VPN Magic Quadrant report. Not only was IAG described as an “excellent new product”, but Gartner also noted that our acquisition of...

The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. But it continues to take on new dimensions. In today's security-conscious IT environments, people are often the weakest link, and malicious users are...

Windows' built-in security capabilities offer endpoint alternative to NAP/NAC Microsoft’s support of the IP Security (IPSec) standard was enhanced with the release of Windows Vista this year, and interest in the technology will likely grow with the introduction of Windows 2008. For smaller organizations...

Microsoft has filed a patent claim for the Strider HoneyMonkey malware/exploit detection system created by our internal research unit. The claim, currently being reviewed at Peer-to-Patent. The HoneyMonkey system, first discussed in August 2005, is best described as an automated Web patrol that uses...