Achieving Compliance with GSi Code of Connection (CoCo)
In November 2005, The Government published ‘Transformational Government – Enabled by Technology’, which documents the steps necessary to achieve effective delivery of technology for Government. To develop the necessary trust and confidence within the Public Sector communities and between Government and the citizens, a common approach to risk management and the implementation of an Information Assurance framework becomes increasingly important .
The aim of the Code of Connection (CoCo) is to develop the trust required both within and between communities, which then allows more effective use of shared systems and services. The CoCo provides a minimum set of security standards that organizations must adhere to when joining the GSi. This paper addresses some of the key challenges of achieving and maintaining compliance with the GSi Code of Connection (CoCo) for the GCSX, which must be achieved by September 30, 2009.
Click here to download it now »
Achieving Compliance with Massachusetts Data Protection Law 201 CMR 17.00
By March 1, 2010, all organizations with operations and/or customers in the state of Massachusetts will be required to follow comprehensive information security requirements regarding both paper and electronic records containing personal information. These requirements include enforcing password security, encrypting all personal information stored on laptops and removable devices and ensuring up-to-date firewall protection, operating system patches and the latest versions of security agent software. Read this whitepaper to learn how your organization can meet the necessary requirements and improve its security practices.
Click here to download it now »
Reducing the Cost of Achieving PCI Compliance with Lumension® Compliance and IT Risk Management
Organizations across the globe are required to demonstrate PCI compliance to ensure that cardholder data is protected and secure from numerous internal and external threats. The challenge for most organizations is that demonstrating compliance is usually performed on an ad hoc basis and without a clear process to regularly support multiple audit requests. Most organizations struggle to gather audit data and compliance measurements due to a lack of automated compliance workflows across the organization. Some of the typical issues around PCI compliance include the following:
- High cost of demonstrating compliance
- Lack of standardized IT audit processes
- Reporting on multiple regulations, mandates and policies
- Lack of enterprise visibility and prioritization of IT risk
This whitepaper will examine PCI DSS and explain how Lumension® Compliance and IT Risk Management can help organizations reduce the cost of addressing compliance by streamlining and automating the IT audit process, unifying control and compliance frameworks, automating assessment and remediation processes, and enabling continuous monitoring of their compliance and IT risk management posture.
Click here to download it now »
Achieving Compliance: Australian Information and Communications Technology Security Manual (ACSI 33)
This paper highlights security practices that the Defence Signals Directorate (DSD) requires agencies to follow and explains how Lumension solutions help protect citizens’ information by:
- Enforcing a trusted application environment where only authorised applications can execute on government systems.
- Enforcing removable device usage and data encryption policies to prevent data loss or theft.
- Providing detailed auditing and forensics capabilities that track all data transfer attempts, as well as what specific data was moved to or from a removable device.
- Streamlining and automating the vulnerability management process to effectively mitigate the majority of risk due to un-patched operating systems and applications and system mis-configurations.
Click here to download it now »
Achieving Federal Desktop Core Configuration Compliance with Lumension® Solutions
The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration set applicable within United States Federal Government agencies. Private enterprises may also choose to utilize this established framework as a foundation for their own security configuration baselines. All federal agencies that utilize or plan an upgrade to either Windows XP or Vista must report compliance, with FDCC reporting requirements dictated by the standard FISMA reporting guidance. The FDCC specific configuration requirements are generally based on the “Principle of Least Privilege” restricting user and machine rights. This whitepaper examines the FDCC requirements, the compliance challenges including vulnerability management, change control, and system security management and also highlights how Lumension’s SCAP Validated FDCC scanner is integrated with a complete vulnerability management solution to effectively enable compliance with these standards.
Click here to download it now »
Reduce the Cost to Achieving HIPAA Security Compliance with Lumension® Solutions
Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online. Lumension helps organizations address these compliance challenges by providing the proactive risk management and the required audit readiness to meet many aspects of the HIPAA Security Rule.
Click here to download it now »
Achieving NERC Cyber Security Standards Compliance with Lumension
The North American Electric Reliability Corporation (NERC) is a non-profit corporation chartered to ensure that the bulk electric system in North America is reliable, adequate and secure. NERC CIP standards and guidelines apply to all Responsible Entities (REs) within the bulk-power system, including investor-owned utilities, most generation and transmission (G&T) cooperatives, owners or operators of electrical power generation, transmission or balancing facilities in North America, primary entities ensuring compliance, such as NERC and the Regional Reliability Organizations. REs are required to retain 12 months of auditable data, documents and records on their information security controls and specific logs for 90 days in order to be compliant with the new CIP standards.
This whitepaper reviews each of the NERC Cyber Security Standards and maps the requirements to technical controls enforceable with Lumension solutions. Lumension helps REs address NERC CIP compliance challenges and ensures audit-readiness by delivering end-to-end vulnerability management, endpoint protection and data protection solutions that:
- Automate vulnerability management to minimize the attack surface
- Prevent malicious software with complete protection
- And protect information from loss or theft
Click here to download it now »
Best Practice Guide to Managing Your Critical Risk
In a downward economic climate, the threats to organizations continue to increase. Sophisticated cyber-criminals are infiltrating organizational networks to disrupt businesses, creating an environment where it becomes critical to manage your risks. Learn the best practices to managing your organization’s critical risks.
Click here to download it now »
Best Practice Guide to Protecting Your Vital Information
Organizations today need to find the right balance between protecting corporate information and access to data and applications. From the mobile workforce to increasing cyber-criminals and the dynamic IT environment, most electronic communications are uncontrolled and unmonitored, creating more opportunities for data to be lost, stolen or mis-used. Learn the best practices to protecting your organization’s vital information.
Click here to download it now »
Compliance with Data Handling Procedures in UK Government
A recent UK Data Handling Procedures in Government Report set out clear and mandatory procedures to be followed by all government employees that have access to and responsibility for citizen data. The Report was drafted at the request of Prime Minister, Gordon Brown, in response to HMRC’s loss of 2 compact discs containing 25 million child benefit records in November 2007. As a result of this data loss and to thwart future episodes related to this type of preventable loss, all departments placed immediate restrictions on their use of removable media and subsequently all departments have initiated programmes to encrypt laptops and USB memory sticks. The Report sets out significant changes to government departmental policy with regard to secure handling of citizens’ data and individual departments must show compliance with the new Data Handling procedures within their annual report at the end of 2008.
This paper aims to guide government employees and their partner agencies on how Lumension’s tightly integrated portfolio of solutions including Data Protection, Endpoint Protection, Vulnerability Management and Security & Compliance can assist in meeting these data handling requirements, specifically with regards to the control and visibility of removable media used by government personnel; the auditing of data transferred to and from such media and the encryption of data stored on portable devices.
Click here to download it now »
Endpoint Security, Endpoint Management: The Cost-Cutter’s Case for Convergence
This latest Aberdeen Group benchmark report, sponsored by Lumension, is for any organization that relies upon end-user computing platforms (e.g., personal computers, workstations, laptops, notebooks) - and their associated applications, data, and network connectivity - to carry out strategic business objectives. It describes how the companies with top results keep these endpoints "clean and ready." To distinguish Best-in-Class companies from Industry Average and Laggard organizations in protecting and managing endpoints, Aberdeen used the year-over-year changes in the following performance criteria related to their endpoint systems:
- Number of actual security-related incidents
- Number of non-compliance incidents (e.g., audit deficiencies)
- Total management costs
Companies with top performance based on these criteria earned Best-in-Class status. Read this report to learn specific recommendations on achieving Best-in-Class status and how to focus first on the security of endpoint systems, then on compliance, then on optimizing ongoing management for greater efficiency and lower cost.
Click here to download it now »
Endpoint Security: Moving Beyond AV
Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability, filling in the gaps that anti-virus (AV) was never designed to cover. Organizations have invested heavily in traditional AV solutions, often stacking AV filters from multiple vendors along the data path in the desperate hope that one of the products would stop malware from infecting the corporate or government endpoints. While AV plays a crucial role in identifying known malware and cleaning infected systems, the reality is that relying on layers of the same defense mechanism leaves organizations completely exposed to attacks and data theft from unknown or designer malware that can be delivered in web-based active code, downloaded encrypted code fragments, and persistent botnets. Security teams that know they need more than AV are now deploying application whitelisting technology to protect laptops, desktops, server and Point-of-Sale endpoints from unidentified malicious code as well as undetected code injections - and they are finding significant operational benefits due to fewer interruptions responding to infected endpoints.
This Ogren Group Special Report, Endpoint Security: Moving Beyond AV, commissioned by Lumension, presents the market demand for application whitelisting with recommended actions for security decision makers. Information in this report derives from Ogren Group research and interviews with enterprise security executives of global organizations.
Click here to download it now »
Fact or Fiction Security Survival Guide: Solving Misconceptions, Myths and Mistruths about Security
The security space can be one of the most confusing territories to traverse as an IT decision-maker. These days there are just so many misconceptions about security’s hot topics that it can sometimes be difficult to know what is true or false about security strategies and technologies anymore. Finding the right course of action can be difficult enough when the “map” has no key, let alone when that key is wrong.
This survival guide will dispel the many misconceptions regarding security strategies and technologies, including endpoint security, vulnerability management and data protection. Lumension sets the record straight about each misconception you’re most likely to encounter from the barrage of fear tactics used to push security solutions today.
Click here to download it now »
Fact or Fiction: Debunking the Top 5 Misconceptions about Data Protection
One of the latest trends in IT security has been the shift in focus toward data-centric protection. Data is the most valuable asset an IT department must protect, and technology has evolved to meet this requirement. Encryption technology and data leakage protection solutions, which tend to rely heavily on content filtering technology, have helped shore up many organizations’ data stores, but the problem is that as companies adjust their data protection strategies they have fallen prey to a number of misconceptions about data protection. Security officers should do their best to learn the truth so that they can develop a well-balanced data protection program.
Click here to download it now »
Fact or Fiction: Debunking the Top 5 Misconceptions about Endpoint Security
Security experts have done a reasonable job over the past several years preaching to businesses about the increasingly porous nature of the enterprise network perimeter. Most organizations have gotten the message loud and clear, understanding the critical importance of enforcing security policies on the endpoints and shoring them up from attack.
Unfortunately, some enterprises have been less effective than others when acting on that message. This is because even in the wake of this increased enlightenment over the importance of endpoint security, there still remains many a misconception about the topic. We’d like to dispel a few of the biggest myths so that enterprises can better understand how to protect themselves from attacks against their clients.
Click here to download it now »
Fact or Fiction: Debunking the Top 5 Misconceptions about Vulnerability Management
Vulnerability management can be a powerful means toward reducing the threat surface within an enterprise IT environment. But because vulnerability management technology has been around in some form or another for so long there has been plenty of time for the din of marketing-speak from various vendors to confuse users about the true nature of vulnerability management tools and practices.
The following are some of today’s most common myths perceived about vulnerability management, along with explanations for why these beliefs are false. Understanding the true nature of vulnerability management will allow organizations to better mitigate risk and to ultimately strengthen the synergy between IT security and operations.
Click here to download it now »
FDCC: Achieving Compliance with the Lowest Total Cost of Ownership
Experience shows that federal government agencies improve their security posture and reduce IT support costs by complying with the Federal Desktop Core Configuration (FDCC). Standardizing agency desktop configurations has proved very effective in limiting agencies’ security vulnerabilities, simplifying issue resolution, and reducing operational costs. The question is how to comply with the FDCC most effectively and with the least effort from the agency IT group. Automation tools available for FDCC compliance differ in how effectively they assess desktops for compliance, how easy they make it to interpret the results, whether they can remediate out-of-compliance desktops, and whether they can be used for other types of reporting besides FDCC. This white paper, intended for agency IT executives, explains how the differences between FDCC automation tools affect security and IT costs. The paper concludes with a description of Lumension’s Vulnerability Management Solution, which has received Security Content Automation Protocol (SCAP) validation as an FDCC scanner from the National Institute of Standards and Technology (NIST).
Click here to download it now »
Five Ways to Reduce Your Audit Tax
Taxes are certainly not fun, but there is something worse: an audit. Combine the two in a risk and compliance scenario and you have the onerous “audit tax,” a figurative term used to describe the expenses a company incurs when deploying resources and manpower to satisfy the burgeoning set of internal and external compliance and audit mandates. The good news is that there are ways to reduce the audit tax burden. This whitepaper outlines five methods organizations should consider to streamline their compliance efforts and thereby reduce their audit tax.
Click here to download it now »
HIPAA and Beyond: How to Effectively Safeguard Electronic Protected Health Information
HIPAA lacks the depth and breadth on which to build an information security program as it takes a myopic view of security and privacy with Protected Health Information (PHI) being the center of its universe. But there is much more to information security than PHI. Healthcare organizations must look beyond HIPAA and take a global view of their infrastructure because while HIPAA is a static regulation, healthcare organizations exist in a dynamic IT world with new threats coming about daily. When HIPAA first came out, vulnerability assessments, patching and configuration remediation were only typically performed quarterly at best. Now with zero-day threats, lack of a defined network perimeter and focus on information protection, the need for real-time patching and proactive endpoint and data protection is a basic requirement. Read this whitepaper to learn how to use HIPAA as the starting point for your security program, and then using best practices and Lumension solutions to improve your overall security posture.
Click here to download it now »
How to Effectively Protect Data in Transit and Assure Governance with NHS Directive
In December 2007, the office of David Nicholson CBE, the Chief Executive of the NHS in England, wrote to all Chief Executives of all Strategic Health Authorities, Special Health Authorities, NHS Trusts and Primary Care Trusts, restating the key responsibilities and accountabilities for securing effective information governance and to clarify required actions. Within the content of the letter (Gateway reference number 9185) are specific requirements for securing data in transit.
This document examines how Lumension’s Endpoint Security Suite, which includes Application and Device Control, assures NHS Trusts of governance with all of the stated requirements for securing data in transit and maps the solution’s capabilities to these specific requirements.
Click here to download it now »
IT GRC: Managing Risk, Improving Visibility, and Reducing Operating Costs
This latest Aberdeen Group research report describes the policy, planning, process, and organizational elements of a successful IT governance, risk management and compliance (IT GRC) implementation. This report takes an in-depth look at key capabilities of best-in-class organizations, including:
- Identifying weaknesses in existing risk management processes
- Translating risk assessment data into actionable recommendations
- Adjusting to new or updated regulatory requirements
Based on the findings within the report, Aberdeen presents some key recommendations that organizations can leverage to better manage IT risk and reduce their cost of compliance.
Click here to download it now »
Laying the IT Security Foundation: Corralling Conficker and Other Threats in an Evolved Environment
The traditional security approach addresses each individual attack as it crops up through a detect and blocking schema. However in today’s ever-changing IT environment, sophisticated threats such as Conficker worm continue to evolve and keep security professionals in an unending game of cat and mouse. Read this paper to learn how to:
- Regain control of your environment and address the root cause of attacks
- Automate the detection and remediation of OS and application vulnerabilities and mis-configurations
- Prevent threats such as Conficker from wreaking havoc on your business
- Enforce a trusted application environment
Click here to download it now »
Local UK Government Data Handling Guidelines
The Local Government Association and the Society of Information Technology Management (SOCITM) published their guidelines for local council information security and data handling to provide a local government response to the Information Commissioner’s “Data Handling Procedures in UK Government” published in June 2008. Read this paper to learn how Lumension solutions help local councils reduce risk and ensure compliance with these best practices. By enforcing application and removable device usage policies, local councils can ensure that only authorised personnel are able to connect removable storage devices or run authorised applications on government endpoints.
Click here to download it now »
Lumension Vulnerability Management Solution: Automating the Vulnerability Management Lifecycle
Any computer that is exposed to the internet, unsanctioned applications, or unprotected storage devices can be infected with viruses, Trojans, worms, keyloggers, spyware, rootkits, and other malware. By preying upon vulnerabilities in operating systems and applications – from ubiquitous internet browsers to email and office productivity suites – these infections can quickly lead to stolen data, disrupted operations, and threats to the privacy of customers and employees. In 2007 alone, well over 6,000 new vulnerabilities were reported, an average of 124 per week. Nearly 90% of those vulnerabilities could be exploited remotely. In addition, poorly installed or misconfigured devices can create vulnerabilities that allow data corruption, eavesdropping, and theft.
Because vulnerabilities can be found literally everywhere – from gateways and routers to DNS servers, web servers, desktops, and laptops – many IT departments run a “catch as catch can” defense. But using swarms of IT personnel to constantly hunt down vulnerabilities, figure out and then apply the appropriate patches, and hope for the best is a waste of resources. Automating the vulnerability management lifecycle – discovery, assessment, prioritization, remediation, and reporting – lets you keep your information resources safe from external threats around the clock, freeing IT personnel to work on business-focused projects.
This whitepaper will examine how Lumension Vulnerability Management Solution enables organizations to mitigate their critical risk by integrating the five phases of vulnerability management:
- Discovering assets
- Assessing vulnerabilities and misconfigurations
- Prioritizing risks
- Mitigating non-patchable risks
- Remediating vulnerabilities
- Reporting and monitoring
Click here to download it now »
Minimizing Security-Related Total Cost of Ownership
Any security professional worth his or her salt understands that the job at hand isn’t just a matter of protecting the technology ecosystem, it is a question of doing so without racking up costs that will raise the CFO’s eyebrows. In today’s economy, though, the antes have been raised. Nowadays security gurus aren’t just expected to keep security-related problems at bay as cheaply as possible. They are also counted on to find ways to reduce the total cost of ownership (TCO) of all IT assets by minimizing risks, reducing network complexity and optimizing resources. This whitepaper examines how to minimize your security TCO through proactive solutions that are no longer a luxury, but a necessity to compete in today’s economic environment. By investing in the necessary Endpoint Protection, Data Protection, Vulnerability Management and Reporting and Compliance solutions, IT resources can be freed up to work on strategic initiatives that drive profit to the bottom line.
Click here to download it now »
Millennial Meltdown: Balancing Innovation with Productivity and Security
While tools such as Web 2.0 applications, IM, P2P and portable USB media can be great for business innovation and productivity, they’re often dreadful for IT security. The first instinct of many businesses is to simply ban the use of such technology. This may eliminate the danger, but it cuts off innovation at the knees. In order to truly get ahead, organizations must find a way to strike a happy balance that allows for the safe use of new technologies. This paper highlights the need to:
- Educate employees about the risks
- Define policies that offer flexibility and control
- Implement ways to monitor and enforce those policies
By taking these important steps, organizations will reap benefits their competitors may well be giving up through wholesale bans on new technology. The workforce will not only be more productive and innovative, they’ll also remain happier and more loyal to the company cause.
Click here to download it now »
New Insider Threat Emerges in the New Economy
Information security experts are bracing for the law of unintended consequences to swing into action in 2009 as layoffs, downsizing and low morale add to the risk of insider threat, looking to profit off of proprietary intellectual property, customer contact lists, trade secrets and any other sensitive information. Many employees have admitted as much themselves in recent surveys - last December the majority of participants in a survey reported that if they were fired tomorrow they would definitely take company data with them to their next employer. To neutralize the threats posed by insiders with ample motivation, IT departments must take away the means and the opportunities to commit crimes. In this whitepaper you will learn how employees and partners are engaging with your IT assets and intellectual property as well as key steps to prevent this new insider threat within your organization.
Click here to download it now »
Ogren Group Security Analysis - Lumension: a Case Study in Proactively Managing Endpoint Risk
The Ogren Group found that EC Suite, a major processor of credit card transactions for e-commerce organizations, saved considerable time and effort in their IT and security operations as a direct result of their preventive security measures and procedures using Lumension solutions.
EC Suite’s preventive security approach has yielded a stronger security profile against malicious attacks, reduced overall IT and security operational expenses, and enhanced operational efficiencies. The primary direct savings come from Lumension Endpoint Protection Solution to thwart malicious attacks at the endpoints and Lumension Vulnerability Management Solution to rapidly close vulnerabilities in the infrastructure, while Lumension Data Protection Solution prevents leakage of confidential data that could be ruinous to the business.
Read this Ogren Group Security Business Analysis to learn how EC Suite achieved:
- 258.3% rate of return in the first year
- 964.0% average rate of return over three years
- 6-9 month payback period
Click here to download it now »
Patch Management 2.0: Evolving Patch Management Technology to Proactively Combat Security Threats
The realities of security and compliance have changed considerably since patch management faced its first big paradigm shift some years ago. At that time many organizations wrestled with the transition from manual patching and remediation to an automated process. Of course, nothing in security is ever static, so it is no surprise that patch management has continued to evolve since then. Though still automated, today’s best patch management tools and techniques are significantly different from their predecessors. This whitepaper will explain how to remain on top of increasing security attacks and will:
- Provide an historical perspective on the changing patch landscape
- Explain the importance for organizations to evolve their patch management technology
- Describe how Lumension’s suite of patch management and vulnerability remediation technologies extend patch automation to every element of the IT infrastructure
Click here to download it now »
Portable Panic: The Evolution of USB Insecurity
As USB devices have evolved into useful storage media, they’ve also turned into a security nightmare for organizations. The usage of USB devices should be encouraged and embraced today in our tightening economy to aid in the reduction of operating costs. Take control of the removable media threat, control the flow of inbound and outbound data from your endpoints and enable managed use of these productivity tools by enforcing removable device usage policies.
Click here to download it now »
Taking Control of Your Data: Protecting Business Information from Loss or Theft
Safeguarding your data is critical to running your business and protecting the privacy of employees and customers. The news is rife with reports of information lost or stolen from laptops left in cars, thumb drives dropped in airports, or CDs lost in the mail. Employee information, patient medical records, credit card numbers, corporate intellectual property – all can be lost or stolen in an instant, unless you have complete control over how data is stored, copied, and transported. Though malware and hackers take most of the blame for theft from networks and computers, critical information can just as easily be lost or stolen and misused while at rest on physical storage devices. In fact, 70% of all serious incidents are sparked by insiders. The ease and speed with which gigabytes of data can be copied to a thumb drive, for example, requires a security solution that controls not only what devices can be attached to a computer but also how much data can be copied at a time and whether it is encrypted.
This whitepaper will examine how Lumension Data Protection Solution enables organizations to control the movement of vital business data and ultimately ensure it is protected, and take an in-depth look at the four key phases of rolling out such a solution:
- Catalog removable storage and media devices
- Define endpoint policies
- Roll out Lumension agents
- Monitor devices and data flow
Click here to download it now »
The Best PCI Audit of Your Life: Are You Ready?
Two years of experience with PCI DSS (Payment Card Industry Data Security Standard) shows that companies are relying upon the same broken compliance strategy where too much money is spent, too little ROI is achieved, and even less effective security is gained. PCI compliance should not be treated as a single discrete effort. This myopic view of regulatory compliance creates the situation where organizations are constantly reinventing the wheel, wasting time and effort, and ultimately blowing security budgets. This whitepaper will detail a strategy that enables companies to painlessly become audit-ready, gain PCI compliance and ultimately ensure effective security. And it will discuss Lumension’s Security Suite, which maps technical controls to PCI standards and continuously monitors, assesses and reports the status of your environment, making your PCI audit the most efficient and actionable of your life.
Click here to download it now »
The State of Data Protection: Fighting Security Threats
Securing business-technology systems isn’t getting any easier. Attackers have changed their tactics and now are developing more clandestine types of spyware, Trojans, and keystroke loggers than the highly visible and destructive worms and viruses of the past. They’re also gaining access through maliciously crafted web sites that infect PCs, and they’re infiltrating web servers through common software vulnerabilities, such as inputs not properly validated. As internal and external risks grow in number and complexity, more businesses are evaluating the best ways to defend their vital business data.
This Lumension-sponsored TechWeb research will highlight:
- The greatest threats to your security
- The greatest operational hurdles to optimizing your security efforts
- The primary reasons IT security technologies and services are purchased today
- When to think about leveraging Software-as-a-Service
Click here to download it now »
The Total Economic Impact of Lumension Application and Device Control
This study, from Forrester Research, illustrates the financial impact of moving from a difficult-to-enforce, ”voluntary” compliance solution to the IT-driven Lumension Endpoint Security solution that automatically enforces endpoint security policies. The TEI study should be seen as a guide to better understand and evaluate Lumension Endpoint Security.
Click here to download it now »
Virtualization is Here… Are You Ready?
Why You Need to Know Top 5 Security Concerns before You Rush to Virtualize
It’s no wonder why virtualization is sweeping its way through the enterprise at breakneck speed. Virtualized machines and virtualization technology provide numerous technical and cost advantages. As organizations virtualize servers they are able to consolidate hardware and improve the space utilization efficiency within the data center, save energy and costs.
Unfortunately, in their haste to take advantages of all of the benefits, security is being addressed after the fact. Paul Zimski, Vice President of Solutions Marketing, outlines key security concerns to watch out for.
Click here to download it now »
Whitelisting Technology Improves Security, Reliability and Performance Via Trusted Change
Traditional approaches to endpoint protection have become ineffective in today’s dynamic computing environments. Battling the onslaught of viruses, malware, and plain old poorly designed applications has become a reactive game with a losing proposition. To escape this mode of always falling one step behind emerging threats, you need a new endpoint security model.
An application whitelist provides the means to take charge of your information environment by making the shift from focusing only on what you know is bad to allowing only what you know to be good. This whitepaper will examine the many benefits of utilizing an application whitelisting solution such as Lumension Endpoint Protection, and take an in-depth look at the four key phases of rolling out such a solution:
- Discovering and monitoring your application ecosystem
- Rolling out pilots and clients
- Enforcing protection
- Fine-tuning your application ecosystem
Click here to download it now »
Why “Free” Patch Management Tools Could Cost You More
Today’s current economic situation underscores the importance of scrutinizing all business expenses, particularly within IT. Although point patching products may look more attractive on the surface, closer inspection often reveals hidden costs and missing capabilities. The result: fragmented patch management and weaker security posture while also being a more costly and cumbersome option for organizations to maintain.
Click here to download it now »
Why End-Users Are Your Weakest Security Link
This paper examines why end users pose the biggest security risk and outlines key strategies for C-level executives and security staff to effectively address their weakest security link: their end users. Learn the key steps to ensure that corporate policies are effectively enforced and read how Lumension customers have successfully implemented controls to manage the risk that is inherent with their employees’ use of technology.
Click here to download it now »
2008 Annual Summary - And a Look Ahead to 2009
Lumension’s 2008 Annual Report and Threat Predictions for 2009 finds removable media as the leading cause of data breaches with phishing, malware and botnets continuing to thwart 2009 security tactics. Find out how you can stay ahead of the threat curve in 2009.
Click here to download it now »
Lumension VMS vs Microsoft WSUS
Tolly engineers tested the Lumension Vulnerability Management solution and the free Microsoft® Windows Server Update Services 3.0 SP1 and designed a model to compare the long-term Total Cost of Ownership (TCO) for both products. Tolly’s testing found that the Lumension Vulnerability Management solution provides much lower TCO than Microsoft’s free Windows Server Update Services and provides a full range of services including patching Microsoft, non-Microsoft, and custom applications; built-in reporting, software removal, flexibility of management control, granular patch control, Common Vulnerabilities and Exposures (CVE)-based patching, discovering new/unauthorized client system, up-to-date asset assessment and network visibility.
Click here to download it now »
Demystifying IT Risk to Achieve Greater Security and Compliance
Managing IT risk is part of running any business these days. Regardless of what business you’re in, understanding IT risk can help you increase network security, reduce management costs and achieve greater compliance. Corporate leaders who fail to identify, assess and mitigate IT risk are setting themselves up for serious security breaches and financial losses down the road. And those leaders who think that managing IT risk is the job solely of the IT staff may be in for a big shock.
Read this whitepaper to learn how to gain the upper hand when it comes to assessing IT risk and managing compliance.
Click here to download it now »
Six Critical Elements to Achieve Economies in FISMA Compliance
A FISMA compliance approach that relies on a manual and labor-intensive process can produce mountains of paper and elec¬tronic documents that no one can organize and make sense of. Such a compliance strategy results in overwhelming confusion where the assumption is that everything is in place because personnel are too busy to make sense of it all: that is, until things break down and all the fingers are pointed at the agency.
This Corporate Integrity whitepaper highlights the six critical elements agencies should keep in mind in order to reduce the burden of FISMA compliance, while achieving greater control and security. These recommended best practices are:
- Agility
- Consistency
- Efficiency
- Transparency
- Accountability
- Security
By implementing approaches and solutions to automate the monitoring of information systems for changes, vulnerabilities, and controls to validate that the agency is staying within its defined boundaries in the SSP, agencies and contractors can streamline reporting processes, improve overall security and reduce the overall burden of FISMA compliance.
Click here to download it now »
Three Ways to Prevent USB Insecurity In Your Enterprise
With great advantages come great responsibilities. As the advances in USB devices have made them invaluable to most business users' workday processes, they have also exposed their organizations to three enormous risks: data loss, data theft and malware propagation. Learn how removable device policy enforcement can mitigate these risks while enabling managed use of these necessary productivity tools.
Click here to download it now »
Three Ways to Prevent Insider Risk Within SCCM-Managed Environment
Learn how removable device policy enforcement can minimize risk of data loss, data theft and malware propagation, while enabling managed use of these necessary productivity tools—seamlessly within your Microsoft® System Center Configuration Manager-managed environment.
Click here to download it now »
The Great Balancing Act: Using USB Flash Drives in Government Environments
USB flash drives and other portable devices are valuable tools in the typical government staffer’s virtual toolkit. These handy devices allow workers to efficiently accomplish their duties and carry out their tasks for the public good. But left unchecked, the use of portable devices can also potentially infect public systems with malware, inadvertently expose classified information and/or citizens’ personally identifiable information (PII), and otherwise breach the public’s trust. Read this paper to learn how to enable the use of these productivity tools, while mitigating the risk.
Click here to download it now »
Best Practice Guide to Reducing Your Threat Exposure
As enterprises slowly emerge from the fallout of the economic climate, IT organizations are assessing the damage laid waste by cut budgets and exponentially increasing external threats. The picture may seem scary at the moment, but by taking advantage of the right best practices, your organization can go a long way toward reducing its threat exposure.
Click here to download it now »
Best Practice Guide to Reducing Your Cost of Compliance
With IT budgets remaining flat through 2010 and the cost of compliance expected to rise, IT organizations must find ways to streamline compliance spending to maintain IT operations and IT security service levels in the coming year. Here are some useful best practices to slash regulatory overhead and improve the effectiveness of your compliance spend.
Click here to download it now »
Best Practice Guide to Minimizing Your Insider Risk
In today’s increasingly collaborative and always-accessible working environment, organizations are challenged to balance the need to put information at the fingertips of productive workers with the responsibility to preserve the privacy and integrity of sensitive data stores. Balancing productivity with security is a fine line, but by taking advantage of the right best practices, your organization can go a long way toward minimizing insider risk and protecting data.
Click here to download it now »
Four Steps to Cure Your Patch Management Headache
The need to speed up patch deployment across today’s highly complex and distributed IT environment has never been more important. The heat is on to proactively safeguard your systems and endpoints from the newest exploits as the time it takes hackers to exploit a known vulnerability continues to shrink. Using patch and vulnerability management as the principal component of your risk mitigation strategy and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term.
Click here to download it now »
Laying the IT Security Foundation - Key Steps to Preventing Cyber Attacks
Government systems are getting hit on a daily basis by new and ingenious external attacks. Federal, state and municipal agencies, plus government contractors, must find a way to adjust to this evolving threat landscape to prevent these threats from wreaking havoc. It is imperative that government organizations get back to the basics of security and lay a strong security foundation to weather these attacks by proactively addressing their root causes.
Click here to download it now »
Six Critical Elements to Achieving Economies in Healthcare IT Security and Compliance
Healthcare organizations and their business partners are facing compliance trauma from every aspect of the business. Security and privacy regulations have been in place since 1996 within the United States with HIPAA, but for the first decade of its existence HIPAA had no teeth. Today, healthcare organizations face increased liability, fines, as well as audits to demonstrate that protected health information (PHI) is adequately secured. Healthcare organizations are also being forced into a state of compliance-critical condition by the HITECH Act and a host of other regulations.
Approaching IT security and compliance in healthcare is not a simple task — there are a variety of approaches, some add overhead and encumber an organization, while others enable operational efficiencies to be achieved along with improved security of PHI. This paper highlights six critical elements healthcare organizations should consider to achieve economies in IT security and compliance.
Click here to download it now »
Anatomy of Insider Risk - Why You Could Be Your Worst Enemy
Organizations today are typically aware of the problems they face from inside the firewall, but so many leaders focus on the risk of thieves and disgruntled employees, that they leave too much room for error from the much more common insider threat: well-meaning, but negligent, insiders. Ill-trained and poorly monitored, these hapless employees and partners have the potential to cause as much damage as the bad apples of the bunch. Learn the four steps to minimizing the risk from negligent insiders.
Click here to download it now »
Best Practice Guide to Addressing Web 2.0 Risks
With the rise of user-generated content, social networks and readily available information offered by the Web 2.0-enabled workplace, users are more connected to people and ideas than ever before. This new level of connectivity also introduces significant risk. Learn best practices to find the proper balance of risk vs. productivity through improved policy, controls and education of users.
Click here to download it now »
Practical Steps to Ensure GCSX Code of Connection Compliance and Beyond
The GCSX Code of Connection is an important step along the journey to provide a secure infrastructure for public sector business. In isolation, GCSX Code of Connection compliance may be seen to deliver little extra value back to the organisation, so it is important that a successful implementation be used as a catalyst for an improvement in overall organisational compliance. This white paper discusses the importance of the GCSX Code of Connection and then addresses the larger issue of compliance management and how this can be effected using a structured approach.
Click here to download it now »
Don't Wave the White Flag Over Red Flags Rule
The Red Flags Rule, designed to mandate businesses that extend credit to customers to pay attention to the danger signs that could signal fraudulent activity as a result of identity theft, is enforceable as of December 31, 2010. Organizations that automate and harmonize compliance efforts across multiple regulations including the Red Flags Rule not only can enable a greater level of efficiency of controls, but also can bolster their overall IT risk management capabilities in the process. Learn the key capabilities organizations leverage to enable real-time visibility of compliance with the Red Flags Rule and other regulations.
Click here to download it now »
Six Critical Elements to Achieve Economies in NERC CIP Compliance
The interconnected computer systems and networks of electric, natural gas, and water distribution systems pose a significant risk to the nation’s critical infrastructure. This has put utilities under the microscope as they face increasing pressure for accountability regarding IT risk and compliance. The most taxing compliance demands on utilities stem from the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements. And as of July 1, 2010 these utilities face the next step in being auditably compliant, meaning organizations must meet the full intent of each CIP requirement and prove compliance to an auditor. It is no longer sufficient to be substantially or even fully compliant internally. Utilities that cannot demonstrate compliance face fines of up to $1 million per day per CIP violation. To achieve auditable compliance requires the utility to undergo internal audits, spot checks, and the ability to provide documented evidence of compliance or non-compliance to the CIP standards. This paper highlights the critical elements utilities must keep in mind to achieve economies in NERC CIP compliance as well other mandates.
Click here to download it now »
Protecting Financial Enterprise Data from Two Faces Risk
Addressing targeted threats from outside and from within the typical financial organization
Whether it’s from treacherous insiders stealing data or malicious cybercriminals hacking into company resources, financial institutions face risk from both inside and outside the organization. While each side of the coin poses unique threats, the financial sector can minimize the double-sided risks with very similar tactics. Learn how to minimize these risks by resting on the security fundamentals of solid vulnerability management, device control, application control, and sound monitoring and reporting practices.
Click here to download it now »
Create Your Natural Advantage – Integrating Desktop Power Savings with Patch Management
Organizations stand to save themselves a significant amount of money by managing the power consumption of their IT systems. But if they aren't careful, they could potentially save their way right into a security and operational nightmare. When power management is not centralized nor built into your overall IT operational processes it can often impede system maintenance, patching and vulnerability scans. That's why organizations must carefully consider their tools, strategies and policies around power management if they're seeking to go green without compromising their operational efficiency or security posture.
Click here to download it now »
3 Strategies to Protect Endpoints from Risky Applications
Though most organizations have invested considerable time and effort in improving their endpoint risk management processes, many of them are ill-equipped to handle the myriad of third-party applications that are increasingly introducing the most risk into today's IT environment. That's because as the typical IT organization has worked on reducing the risk profile of PC and server operating systems, cyber criminals have started to look for greener pastures — namely among third-party applications.
Click here to download it now »
Six Critical Elements to PCI DSS Compliance and Beyond
Organizations that fully comply with PCI DSS are considered secure credit-card processors; however, compliance and security are not necessarily synonymous. An organization can be compliant and still experience a security breach, and can also be non-compliant and maintain a secure infrastructure. The question is: What good is compliance? Approached correctly, compliance can be a catalyst for implementing effective security measures. However, this requires an understanding of the principles behind the requirements, not just adherence to minimum requirements. Security is more than a list of checkboxes — it involves a holistic approach and processes to protect the organization. Compliance with standards such as with PCI DSS provides a foundation for achieving security, but by itself it does not adequately protect the organization.
Read this paper to learn the six critical elements to developing and implementing a security program that enables organizations to achieve compliance with PCI DSS and ensure the protection of critical information.
Click here to download it now »