IT Trenches:

information security


July 20, 2009  7:22 PM

Do you manage or develop websites and need to know more about securing them?



Posted by: Troy Tate
application development, application security, cross-site scripting, information security, internet security, OWASP, training, web application development, web security

If you do manage websites, then you should know about the Open Web Application Security Project (OWASP). This group is working to make web application security issues visible so organizations can make intelligent decisions about...

June 24, 2009  6:24 PM

Did you see this? – SYSTEM CLEANING: GETTING RID OF MALWARE FROM INFECTED PCS



Posted by: Troy Tate
anti-virus, antivirus, av, availability, bot, botnet, information security, integrity, malicious software, malware, registry, Security, trojan

I don't know about you but I do get frustrated when a white paper is advertised and it has little or no meat to it. Most times it seems like the whitepapers offered by vendors today are light marketing fluff with little substance to help IT folks do their job better. I came across a...


May 22, 2009  6:03 PM

Strong passwords? Try this test



Posted by: Troy Tate
authentication, complex password, information security, Password, password strength, Security, strong password, tool

Passwords are the bane of security but currently and historically the primary authentication method for users. Check out this article by Roger Grimes and see how your password policy stacks up using the Excel spreadsheet tool he provides for download. You can use the to convince management how weak...


May 22, 2009  3:24 PM

The Center for Internet Security defines security metrics



Posted by: Troy Tate
application security, Center for internet security, change management, CIS, incident management, information security, information security metrics, Metrics, patch management, Security, security metrics, vulnerability management

As an information security manager I am always struggling with how to measure the security posture of my organization. As they say, you can't manage what you can't measure. There's lots of talk out there about ROI (Return on Investment) or ROSI (Return on Security Investment). These may be business...


May 11, 2009  2:28 PM

FREE Disaster Resource Guide



Posted by: Troy Tate
bcp, business continuity, business continuity planning, crisis communication, crisis management, crisis planning, disaster prepareness, disaster recovery, dr, education, enterprise risk management, erm, information security, risk management, standards

If you are involved in IT you should also be involved in the disaster recovery planning and operations for your organization. There are quite a few resources to help with this activity. A very good free one just came across my desk that I wanted to share with you. It is called the...


May 7, 2009  7:33 PM

Is unified threat management defense in depth?



Posted by: Troy Tate
Defense in Depth, exploits, information security, information security management, Midmarket security, Security, Single Point of Failure, threats, Unified Threat Management, UTM, vulnerabilities

An ITKE poster recently asked a great question.

Experts tout unified threat management appliances as an ideal antimalware, intrusion prevention and content filtering firewall for midmarket companies. But doesn't this counter the long-standing security practice of defense-in-depth? With...


April 2, 2009  8:53 PM

5 Things we learned from the Conficker non-event



Posted by: Troy Tate
anti-virus, antivirus, Conficker, endpoint, endpoint protection, information security, lessons learned, malware, Microsoft, network, patches, patching, predicting future, Security

1. The media can take a story about Information Technology and say nothing of substance. What did the 60 Minutes story do for the IT industry? It made Symantec look like they could not effectively...


February 25, 2009  2:30 PM

Did you see this? – The Cheapskate’s Infosecurity Toolbox



Posted by: Troy Tate
information security, infosecurity, management, research, toolkit, tools

This may be a couple of years old, but the need for infosecurity tools and requirements for cheap solutions has not changed. This was first published in the CSO magazine in 2006. The tools have only gotten better since then. Hope you can find some use for the tools that it recommends in these...


February 24, 2009  3:14 PM

Financial crisis due to poor risk understanding & management – IT security next?



Posted by: Troy Tate
financial analysis, information security, measurement, Monitoring, risk, risk management, technology

I have written before about IT being an accelerator for the financial crisis. Another recent article, this time from Wired called


February 11, 2009  8:08 PM

Tracking down that user/computer that locks AD accounts



Posted by: Troy Tate
account management, Active Directory, AD, administration, analysis, anti-virus, antivirus, Data security, diagnostics, howto, information security, malicious activity, malware, Microsoft, Microsoft Windows, network security, Password, password management, policy enforcement, reporting, risk, risks, scanning, search, Security, security notification, tools, troubleshooting, Windows

With an environment spanning 18+ sites and more than 3000 computers around the globe, you could understand how challenging it would be to track down what device/user might be locking user accounts. There are tools out there that you can pay for that can help do this. However, Microsoft has some...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: