March 14, 2005 (Computerworld) --
I had the opportunity to spend almost a week at this year's RSA Conference in San Francisco. Of all the information security conferences, I enjoy this one the most. It combines an abundance of informative seminars covering various technical levels with a floor show of leading-edge vendors showing off new products and enhancements. What sets it apart is the breadth of the seminars and the quality of the presenters. Many are industry leaders who, rather than trying to sell a product, are there merely to educate attendees on particular subjects. (That's not to say that there weren't the occasional product pitches.) I like to talk with vendors to learn about new technologies, but mostly I'm hoping to validate decisions I have already made. For example, we selected RSA Security Inc. for our two-factor authentication. After visiting competing vendors, I was satisfied that RSA was the right choice for our deployment. Another decision was to go with Guidance Software Inc. in Pasadena, Calif., for what I consider to be the leading forensics software on the market. At this conference, I had the opportunity to review the upcoming Version 5.0 of its Encase product line, and I was very impressed with the list of enhancements. It seems as if each year a technology theme colors the conference. Last year, it was identity management. This year, the buzz was for virus gateways. This was timely. Malicious code has been entering our network, and virus gateways seem to be the answer. Some background: We recently segmented areas of our network according to the nature of the infrastructure we're protecting. For example, since our wireless network is susceptible to various attacks, we segmented it so that users are on a network with no logical relationship to other areas of the infrastructure. Another network houses our financial systems and is segmented from other areas because of the sensitivity of the data. There are other segments for desktops, databases, revenue-generating systems, monitoring systems, security infrastructure, development, executive staff and the legal, accounting, and sales and marketing departments. This segmentation lets us protect users and control what they can access. For example, we created a network for our PeopleSoft application and one for our human resources department. The firewall rules restrict PeopleSoft administrative activities to the HR network, which is a very clean rule. We can deal with exceptions on a case-by-case basis. The self-service interface for employees remains open to almost all networks, but we control access to administrative areas. If an employee in the finance department needs administrative access to the PeopleSoft application, we can easily deal with his case with a point solution. So malicious code
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary live webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Online Security Issues in Regulated Industries
Download this research paper, free for a limited time, compliments of Webroot! (Source: Webroot Software) In June 2008, Computerworld invited IT and business leaders to participate in a survey on online security initiatives at their organizations. The goal of the survey was to better understand Web and e-mail security issues faced today within the regulated education, financial services, government and health care industries. The following report represents top-line results of that survey. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Security Management Zone
Security management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure.
Visit the CDW Security Management Zone nowSee All Zones
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
In Security Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected.
Click here to read the latest column by Jon Espenschied
See your link here
Subscribe to
Computerworld 
or
Other Security Stories
From Laggard to Leader: Transforming the Data Center
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. 
Download this research paper, free for a limited time, compliments of Webroot!
Read up on the latest ideas and technologies from companies that sell hardware, software and services. 
Security Management Zone
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Identity & Security Management
In Security
Computerworld