• Outsourcing Allows Utility to Refocus IT

  By Patrick Thibodeau | 21 May, 2012 23:44

  Consumers Energy has hired an outsourcer to take over some of its day-to-day IT operations, and it hopes the move will allow its own data center workers to focus on projects that directly impact its bottom line.

• Is your Cloud provider exposing remnants of your data?

  By Thor Olavsrud | 10 May, 2012 23:31

  If your organization uses a multi-tenant managed hosting service or Infrastructure as a Service (IaaS) cloud for some or all of your data—and you aren't following best practices by encrypting that data—you may be inadvertently exposing it.

• Nissan, Under Armor report breaches of employee information

  By Jaikumar Vijayan | 24 April, 2012 06:37

  Nissan Motor Co. and performance apparel maker Under Armor have disclosed recent data breaches involving the potential compromise of employee information.

• Who's Got Your Mail?

  By Mathias Thurman | 24 April, 2012 00:03

  Trouble Ticket

• Workers did not exceed authorization when data stolen, says appeals court

  By Jaikumar Vijayan | 20 April, 2012 09:29

  In a somewhat startling decision, the U.S. Court of Appeals for the Ninth Circuit last week ruled that several employees at an executive recruitment firm did not exceed their authorized access to their company's database when they logged into the system and stole confidential data from it.

• Cloud security: how to protect your data

  By CSO staff | 14 June, 2011 21:17

  To use Cloud computing securely requires companies to know where their data is stored and who has access to it. Ironically, the reason Cloud is so popular is because organisations don't want to worry about these details.

  So can the issue be solved by adhering to standards? Increasing legislation? Maybe we need a global technical disaster to ‘sober up’ an industry drunk on the power of Moore's Law.

• Rio Tinto spying case a wake up call to CIOs?

  By Tim Lohman | 12 August, 2009 11:28

  The arrest of Rio Tinto executive Stern Hu in China on spying charges has brought home the need for CIOs to examine data security according to the CEO of security company PGP, Phil Dunkelberger.

• Building a data center security architecture

  By Andreas M. Antonopoulos | 11 June, 2009 03:13

  Data center architecture has been changing quite dramatically over the past few years. In many data centers, organic growth had left them broken up into application silos. The standard three-tier architecture was copied for each application leading to a fairly hierarchical network. In this architecture, some core security services, such as firewalls and intrusion prevention, were concentrated at the root of the network tree, closest to the ingress routers and around any  DMZs.

• More employees neglecting data security, survey says

  By Agam Shah | 11 June, 2009 08:38

  More employees are ignoring data security policies and engaging in activities that could put a company at risk, according to a survey released by Ponemon Institute on Wednesday.

• Information systems audit: the basics

  By Jennifer Bayuk | 18 May, 2009 23:57

  In the early days of computers, many people were suspicious of their ability to replace human beings performing complex tasks. The first business software applications were mostly in the domain of finance and accounting. The numbers from paper statements and receipts were entered into the computer, which would perform calculations and create reports. Computers were audited using sampling techniques. An auditor would collect the original paper statements and receipts, manually perform the calculations used to create each report, and compare the results of the manual calculation with those generated by the computer. In the early days, accountants would often find programming errors, and these were computer audit findings.

Whitepapers about data security

• 

  Build Archiving Systems to Meet Compliance Demands

  This paper reviews several of the most prominent Compliance regulations and where they stand today.

• 

  Delivering applications anywhere, anytime with maximum security and control over data

• 

  Data Protection 2.0: It’s Not Just Names and Numbers Anymore

• 

  Strategy Guide | How Not to Get Buried in Data