Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months... Yes, that's it? Or not? "Keeping a keylogger off your machine is about a trillion times more important than the strength...

[PCWorld] You already know the basics of internet security, right? But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks. http://www.pcworld.com/article/201309/security_secrets_the_bad_guys_dont_want_you_to_know...

The Security Compliance Manager will help you accelerate knowledge to merge best practices, customize once to centralize decision making, and export to multiple formats to enable monitoring, verification, and compliance. The tool is designed to help accelerate your organization’s ability to efficiently...

Centre for the Protection of National Infrastructure: This publication offers security advice and good practice for any organisation looking to protect against the risk of a terrorist act or limit the damage such an incident could cause. It sets out how a security plan might be developed and updated...

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure — 86 percent of the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real...

This paper [PDF] covers the technologies and security flaws phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against...

Protecting computer equipment is something that everyone should be concerned with today. It seems every week there is a news report of another stolen laptop with sensitive or confidential data on it. Here is a checklist that will help you prepare and protect your computer equipment while traveling anywhere...

If you're an IT pro who is looking a bit more seriously at Windows Vista for your enterprise environment, you should take a close look at the firewall. Once you realize what the Windows Vista firewall can do, you may want to renegotiate the agreement you have for that third-party security suite to remove...

When IT professionals look to reduce the total cost of ownership, or TCO, of their desktop machines, there are two key strategies that often come to mind. The first one is to get your desktop users' accounts out of the Administrators group. And the second one is to limit the applications that the users...

Security by obscurity is, in a nutshell, a violation of Kerckhoffs' Principle, which holds that a system should be secure because of its design, not because the design is unknown to an adversary. The basic premise of Kerckhoffs' Principle is that secrets don't remain secret for very long. Debate by...

Have you seen the recent television commercial that shows the Pentagon and says, "This building gets attacked 3 million times a day." The sad news is that it's true. Cyber-warfare and cyber-attacks have now become a reality. Ever consider how your business would be impacted if the Internet went away...

Microsoft has called on companies to work together to improve overall security, and not just rely on the police to do it for them. Ed Gibson, Microsoft's chief security advisor in the UK, said during his keynote at Infosecurity Europe 2008 that security affects the entire industry and that companies...

Microsoft today called for broad discussions about the safety of the Internet in an initiative it dubbed "End to End Trust" in a white paper released during the RSA Conference that opened today in San Francisco. In a keynote address at the security conference, Craig Mundie, chief research and strategy...

The rise of PCs, graphical user interfaces, the Internet, and Web 2.0 technologies have obviously had major impacts on the IT industry, but according to Microsoft (NSDQ:MSFT) CEO Steve Ballmer, the computing revolution that's about to take place will tie up all the loose ends from previous ones. In...

A majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth. The respondents also said they think identity management is relevant...

Michael Howard on SDL and the need for it; comments onJeff Jones blogs. See SDL blog: http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx Urs

A management framework for organizing national cybersecurity efforts: http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-draft-cybersecurity-framework.pdf Urs

SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices." The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to advance understanding and practices related to secure...

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" - in other words, a law enforcement Trojan. Leaked documents outline proposals by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions...

Taking a least-privilege approach to user accounts is a key part of any in-depth defense strategy, many analysts and security pros say. "I think it's very important … not even just as [a component] of security, but in the broader sense [of] risk posed to the business in IT," said Scott Crawford, an...

The Forensics Plan Guide defines the basic elements of a Forensic Plan from the first initial contact through submission of the final Forensic Report. The document also includes 'The Forensic Cookbook' which illustrates the use of selected products and procedures, providing additional insight and configuration...

Virtualization will become dominant in enterprises, but the security risks are fuzzy at best. Meanwhile, the usual defense–firewalls, security appliances and such aren’t ready for virtualization. http://blogs.zdnet.com/security/?p=821 Urs

From the Blog of Michael Howard: I really got a chuckle out of this news item, especially this line: “Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.” So we finally have...

Every day, adversaries are attempting to invade our networks and access our servers, to bring them down, infect them with viruses, or steal information about customers, partners or employees. You are looking at Microsoft Windows Server 2008 to help to address these threats? To assist you in taking full...

On December 6, analyst firm Gartner Inc., announced that Microsoft Intelligent Application Gateway (IAG) 2007 is positioned in the Visionaries quadrant of their 2007 SSL VPN Magic Quadrant report. Not only was IAG described as an “excellent new product”, but Gartner also noted that our acquisition of...