Click on a book cover for more information or to order.
SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--when you checkout.
Four Questions to Consider When Building a Security Platform
While most security professionals have come to grips with the fact that at some point they will fall victim to a compromise, the approach to security by and large still revolves around responding after something bad has occurred. Now this is by no means the fault of the security professional alone. The tools they have at their disposal, most of which offer a siloed view into their security posture, many times restrict their capabilities. To truly make the shift towards Continuous Advanced Threat Protection, security professionals need to evaluate tools and processes with a fresh set of eyes. This article outlines the four things to consider when making this necessary shift in security approach.
IT Performance Improvement Focuses on Project Management
In the November issue of IT Performance Improvement, "Oracle's Agile Product Lifecycle Management (PLM)" by Jessica Keyes; "Why Should the IT Helpdesk be Responsible for Authorizations?" by Dean Wiech; and regular columnist Nancy Settle-Murphy's "Seven Tips for Avoiding Another Epic Project Failure."
Breaking the Wall of Silence in a Virtual World
If you have ever led a virtual meeting, this scenario is familiar: You pose a brilliant provocative question, hoping to trigger a flurry of insightful responses. And instead, you hear ... Nothing. Nada. Zippo. Zilch. So what’s your next step? There are many techniques for generating more active participation in the virtual world. But first, you have to try to figure out the reasons for the silence. If you guess wrong, you might drive people further away from the virtual table. In this article from Communique, Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, explores some of the typical causes for a lack of participation, and will offer some remedies to help break through that painful wall of silence.
Basic Concepts of Multilevel Database Security
Mandatory access control (MAC) is a method of restricting unauthorized users from accessing objects that contain some sensitive information. An implementation of MAC is multilevel security (MLS), which has been developed mainly for computer and database systems at highly sensitive government organizations such as the intelligence community or the U.S. Department of Defense. This chapter from Multilevel Security for Relational Databases introduces the basic concepts of multilevel database security.
McAfee Report Reveals Organizations Choose Network Performance Over Advanced Security Features
McAfee today published a new report titled Network Performance and Security, exploring the challenges organizations face in deploying security protections while still maintaining an optimally performing network infrastructure. The report uncovered that an alarming number of organizations are now disabling advanced firewall features in order to avoid significant network performance degradation.
Android Malware Evolution
The evolution of Android malware, while mapping closely to the desktop trends, is often viewed at an accelerated pace. Malware and botnets have had time to grow and trial different methods of infections and potential uses, and the authors of the mobile counterparts are definitely applying these learned lessons. As explained in the chapter from Android Malware and Analysis, there are clear indicators that these are often the same groups working toward extending their list of infected machines to the Android world.
Software and Systems Architecture in Action
This book by Raghvinder S. Sangwan explores practices that can be helpful in the development of architectures of large-scale systems in which software is a major component. Examining the synergies that exist between software and systems engineering, it details an approach to architecture design that is driven from systemic quality attributes determined from both the business and technical goals of the system. This approach utilizes analytically derived patterns and tactics for quality attributes that inform the architect's design choices and help shape the architecture of a given system.
2014 Internet Security Threat Report
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Introducing the Crowd
Crowdsourcing existed long before the term gained popularity and visibility among the masses. They were all practical problems that needed to be solved to create value to the general public or studies that were taken up to prove the power of the crowd. This chapter from Leveraging the Wisdom of the Crowd in Software Testing discusses how this benefits software development.
UTF-8 for PHP and MySQL
IT Performance Improvement Focuses on Project Management
In this issue of IT Performance Improvement, Lory Wingate presents a case study of a creative, process-focused project. Alfonso Bucero's 10 keys to being influential. Muhammad Ehsan Khan on corporate governance. Jack Ferraro on discovering the project leader within. Also in this issue regular columnist Nancy Settle-Murphy does not leave remote meeting participants hanging!
Overview of Mobile Platforms
This excerpt from Mobile Social Networking and Computing: A Multidisciplinary Integrated Perspective gives an overview of mobile devices (hardware) and mobile operating systems (software), and discusses MSN development architecture.
Leveraging the Wisdom of the Crowd in Software Testing
Its scale, flexibility, cost effectiveness, and fast turnaround are just a few reasons why crowdsourced testing has been getting so much attention lately. While there are a few online resources that explain what crowdsourced testing is all about, there’s been a need for a book that covers best practices, case studies, and the future of this technique. Filling this need, this book by Mukesh Sharma and Rajini Padmanaban will help you leverage the wisdom of the crowd in your software testing. Its comprehensive coverage includes the history of crowdsourcing and crowdsourced testing, implementation practices, career options and future trends.
8 Ways to Stop Interruptions from Derailing Your Next Virtual Meeting
In this edition of Communique, Nancy Settle-Murphy explores practical steps that virtual meeting leaders can take to anticipate and effectively handle interruptions and other types of disruptions that may throw virtual meetings off-course.
New F-Secure Threat Report: Ransomware Rising, Even on Android
The first half 2014 saw an increase in online attacks that lock up user data and hold it for ransom -- even on mobile devices. According to F-Secure Labs' brand new 1H 2014 Threat Report, rising numbers of attacks from malicious software known as ransomware underscore the importance of data security for home, enterprise and government users. To find out the top countries for Android malware, the safest online market for mobile apps, and for more details about all the threats to PC, Mac and mobile, check out the full 1H 2014 Threat Report.
Survey of Secure Computing
Secure computing spans a wide spectrum of areas, including protocol-based security issues, denial of service, web and cloud, mobile, database, and social- and multimedia-related security issues, just to name a few. Even as threats present themselves, active mechanisms and good preparation can help to minimize incidents and losses arising from them, but it is also to be noted that security in computing is still a long way from complete. This chapter from Case Studies in Secure Computing: Achievements and Trends presents a survey of common issues in security attacks and defenses in computing through the application of cryptography and the aid of security models for securing systems.
Beyond PCI Compliance
An organization begins a journey when it achieves PCI compliance. It is usually a starting point for a continuing path to information security and assurance. It is very important for the organization to understand the potential challenges and effectively address them after they achieve successful PCI compliance. This excerpt from PCI Compliance: The Definitive Guide briefly discuss the challenges and success factors that the organization must be aware of to maintain compliance and achieve optimum information security for the enterprise.
Maintenance in the Digital World
This excerpt from Buying, Supporting, Maintaining Software and Equipment: An IT Manager's Guide to Controlling the Product Lifecycle deals with contracting for maintenance for both hardware and software purposes in the initial negotiation.
The Oracle Cloud
Read this chapter on "Oracle Cloud" from Jessica Keyes' The CIO's Guide to Oracle Products and Solutions.
Don't Leave Remote Participants Hanging: 8 Tips for a Meeting of Equals
Let's face it: It's almost impossible to make remote callers feel like they're on equal footing with people who are gathered in the conference room for the big meeting. But with some thoughtful planning, you can come pretty close. Taking the perspective of a frustrated remote participant, Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, offers eight tips for people who plan and run "hybrid" meetings, consisting of people who are gathered face-to-face and those who join from afar. Here she assumes that the meeting planners are using WebEx and phone conferencing, but these tips can apply with almost any kind of virtual meeting set-up.
Enterprise architecture is a term that has been broadly defined and used by both academics and practitioners. This excerpt from Enterprise Integration and Information Architecture: A Systems Perspective on Industrial Information Integration provides a clearer understanding of enterprise architecture.
Stream vs. Batch Processing: Which One Is Better for Operational Intelligence?
Many organizations across industries leverage "real-time" analytics to monitor and improve operational performance. Essentially this means that they are capturing and collecting data in lots from various systems and analyzing it in batches through periodic on-demand queries. By contrast, companies that are leveraging "streaming analytics" are continuously collecting and analyzing data and automatically course-correcting as events unfold, when there's still an opportunity to positively impact the outcome.
Team Building for a Strategic Initiative
This excerpt from Agile Strategy Management: Techniques for Continuous Alignment and Improvement focuses on getting a strategic initiative off to a good start.
Accountability Is Why Technology Should Shift to the Business from IT
In the May 2003 edition of the Harvard Business Review, Nicholas Carr wrote an article that ignited a firestorm. In "IT Doesn’t Matter," later expanded to a book, he argues that IT is a commodity and doesn't provide competitive advantage. In this article, Ryan Ward suggests that "To meet business efficiency and growth requirements, Information Technology departments need to adopt a mindset of building processes and solutions where the Business is ultimately accountable for their desired solutions and information." What do you think? Another firestorm?
Before You Take Your Next Trip
I don't know if you've ever read Stratfor's guidance on personal security, such as "Taming Chaos with a Personal Plan," but this new book, Personal Security: A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, "Before You Go," maps out expert advice and lessons from real life cases to give you insights into basic planning questions.
An Overview of the NoSQL World
Recently, a new generation of low-cost, high-performance database software, aptly named as NoSQL (Not Only SQL), has emerged to challenge the dominance of RDBMS. This excerpt from Large Scale and Big Data: Processing and Management explores NoSQL Key Systems and NoSQL Open Source Projects.
Heartbleed Disclosure Timeline InfoGraphic
This infographic looks at the vulnerability from March 21-April 7 from the perspective of NCSC-FI, Codenomicon, Google, Open SSL and other providers. In addition to the factual timeline, there is some analysis/commentary as well.
This report is based on Arthur D. Little’s survey of 50 market experts in Europe, as well as comprehensive secondary market research. This report provides an overview of the digital signature technology, its current and potential market, as well as the benefits and challenges it brings. It also presents examples of practical applications of digital signature solutions.
Data classification is the practice of assigning information into predefined groups where each group has a common risk and corresponding security controls. This excerpt from JJ Stapleton's Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity discusses how information can be organized into categories based on its impact of unauthorized disclosure due to insider or outsider threats. It also discusses the concept of data tagging of other attributes that affect data management.
Anonymity in Network Communication
In today’s interactive network environment, where various types of organizations and indiviudals are eager to monitor and track Internet use, anonymity is one of the most powerful resources available to counterbalance the threat of unknown spectators and to ensure Internet privacy. Find out more in this excerpt from Anonymous Communication Networks: Protecting Privacy on the Web by Kun Peng.
Future Trends in WAN Security
This is an excerpt from Intrusion Detection in Wireless Ad-Hoc Networks edited by Nabendu Chaki and Rituparna Chaki.
Security Issues in Machine-to-Machine Communication
This is an excerpt from Security for Multihop Wireless Networks edited by Shafiullah Khan and Jaime Lloret Mauri.
The Hybrid (Frugal) CISO
This excerpt from Kerry Ann Anderson's The Frugal CISO: Using Innovation and Smart Approaches to Maximize Your Security Posture presents theFrugal CISO as a hybrid professional. Frugal CISOs possess a diverse set of qualities and is adaptable in choosing to utilize them depending upon the specific circumstances in which they are operating. Being able to adapt to a variety of environments and circumstances is fundamental to information security that is dynamic and constantly under pressure to securely manage new technical innovations.
Knowledge Management and e-Learning: Putting Theory into Practice
Knowledge management and e-learning have synergistic effects. They both contain elements of leveraging knowledge internally and externally, and both could add to the strategic intelligence of the organization. The combination of these two areas is just starting to evolve, per the evidence of the Knowledge Management & E-Learning journal and the recent book publication of Knowledge Management and E-Learning. Closer attention is warranted in the integration of these fields in order to advance the current state-of-the-art. In this presentation, Jay Liebowitz talks about these areas from a strategic intelligence framework, and will show examples of how you can translate the theory into practice.
Killer Music: Hackers Exploit Vulnerabilities in Media Players to Infect User Machines with Advanced Malware
Listening to music can have a positive impact on our brain. And of course, music improves our mood because it triggers the release of the "pleasure chemical" Dopamine. But what most organizations don't realize is that, while music can have a positive impact on its employees, the media players employees use to listen to their music of choice, or watch videos, can expose them, their machines, and their organization to risk of exploits and advanced malware infections.
SDN/OpenFlow: Concepts and Applications
From the Internet to many data center applications, SDN has found a wide array of useful possibilities. Everyone seems to be talking about SDN and OpenFlow, but what do they really know? Is it the panacea the media proclaims? In this excerpt from Network Innovation through OpenFlow and SDN: Principles and Design, Ashley Gerrity and Fei Hu discuss SDN's many applications, including researching new protocols prior to implementing them in real networks, increasing connectivity in rural environments, making both cloud-based and regular data centers better, and supporting mobile device offloading.
Internet Exploitation: The Web, Your Computer, Your IT System
In this excerpt from Trade Secret Theft, Industrial Espionage, and the China Threat, Carl Roper details vulnerabilities and attacks from hardware, software, and firmware (supply chain security issues) as well as network attacks.
Mobile Medical Devices
This is an excerpt from Chapter 6 of Wi-Fi Enabled Healthcare by Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, and Aaron Earle.
Before You Decide to Outsource
This is an excerpt from Chapter 3 of Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud by Frank Siepmann.
Fundamentals of Complex Networks
This is an excerpt from Evolutionary Dynamics of Complex Communications Networks by Vasileios Karyotis, Eleni Stai, and Symeon Papavassiliou.
New Series on Critical Infrastructure and Cybersecurity Engineering
Edited by Ross Leo, Chief Systems and Security Architect at Cirrus Informatics, Inc., the objectives of this series include providing timely, well-researched, and informative pieces on the specific areas and issues associated with safeguarding America's critical infrastructures.
Maintaining Professional Certification
This is an excerpt from The Basics of Achieving Professional Certification: Enhancing Your Credentials by Willis H. Thomas.
Using PhoneGap Build
This is an excerpt from PhoneGap Build: Developing Cross Platform Mobile Applications in the Cloud by Bintu Harwani.
Leadership and Mentoring
This is an excerpt from The Four Components of a Fast-Paced Organization: Going Beyond Lean Sigma Tools by Robert Baird.
Creativity Life Cycle Models in Project Management
This is an excerpt from Creative, Efficient, and Effective Project Management by Ralph L. Kliem, PMP.
Learning from the Fast Developing Practice of Lean IT
If ERP can become agile, promote standardized work, reduce information waste and errors, and enable data-driven decision making, can it add value to a Lean enterprise? If you practice the four Lean principles well, but don't focus on value streams and their owners, will Lean IT produce sustainable results? Steve Bell, author of Lean IT: Enabling and Sustaining Your Lean Transformation and Run Grow Transform: Integrating Business and Lean IT, answers these big hairy questions and several essential others in this presentation from the Lean IT Summit 2013.
Enterprise Dark Data Is a Hidden Asset
Dark Data is a subset of Big Data: enormous but without formal boundaries as defined by database schemas. In other words, it’s the human generated content in documents, presentations, spreadsheets, notes, and other readable formats that make up the bits and bytes of a corporate file system.
Creativity and Project Management
Perhaps the best phrase that describes the need for creativity on projects is the one offered by Daniel Goleman, notable author on emotional intelligence, when he presented the maxim "I have to do it myself, and I can't do it alone." A project requires the contribution of individuals which includes their knowledge and creativity. A project, however, also requires that the individuals on the team work together to achieve common goals and objectives. More ...
Metrics for Hard Disk Drives and Solid State Devices
Ever run into one of those personalities who, when you ask the time of day, tells you how to build a clock? We're just looking for the time of day. We don't want or need to know how to build a clock. This metaphor applies well to data center storage. Storage vendors and suppliers have been known to claim leadership based on one (and usually only one) dimension of their product. While we can relate to the notion that a vendor needs marketing sound bites, we also know performance benchmarks alone are not the whole story.
IT Data Center "Green" Myths and Realties
Is "Green IT" a convenient or inconvenient truth or a legend? When it comes to green and virtual environments, there are plenty of myths and realities, some of which vary depending on market or industry focus, price band, and other factors. The following are some myths and realities as of today, some of which may be subject to change from reality to myth or from myth to reality as time progresses.
CA Security Council on Code Signing
Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world. The CA Security Council (CASC) is starting an education initiative around code signing. The use of code signing certificates is not as popular as using SSL certificates, but the risk might be greater. To start the initiative off, the group has posted a white paper that provides an overview of code signing, some configuration choices, and best practices.