security audit Resources

ZDNet Dictionary Definition

Security Audit: An examination of networks and computer systems by an independent consultant to determine an organization's vulnerability to criminal invasion (crackers, viruses, arson, etc.) and natural disasters (fire, tornados, earthquakes, etc.)....; Full Security Audit Definition >>

ZDNet Resources

The importance of Ratproxy: In a way it's a server-side anti-viral, aimed at catching injections of malware as they happen. Thus any Web host which wants to be honest and fight the bad guys can, proactively and in the background. by Dana Blankenhorn; Tags: Web, Enterprise Security, Security Audit, Ratproxy, Caturday, Web Hosting, Channel Management, Security, Internet, Marketing, Dana Blankenhorn; Blog posts 2008-07-08
Windows Security Analyzer (exe): This tool runs over 100 tests to gauge server security against best practices. Some tests include explanations and background information. It also calculates entropy and NIST Special Publication 800-63 compliance. The Windows Configuration Security Analyzer comes with a DOS batch script that system administrators can run on their servers to...; Tags: Windows Security, Security Audit, Server, Microsoft Windows, Tool, Productivity, Security; Software downloads 2007-11-22
Chris Nowell Unix Security Analyzer (exe): This tool tests Solaris, AIX, HP-UX, and Linux against best practices. Some tests include explanations and background information. The Windows Configuration Security Analyzer comes with a shell script that system administrators can run on their servers to gather data for the Analyzer. Unlike other tools, the script is easy to...; Tags: System Administrator, Security Audit, Tool, Productivity, UNIX, Operating Systems, Servers, Software, Hardware; Software downloads 2007-11-22
HackBar (xpi): Hackbar is a simple security audit / penetration test tool. This toolbar will help you in testing SQL injections, XSS holes, and site security. It is not a tool for executing standard exploits and it will not teach you how to hack a site. Its main purpose is to help...; Tags: Security Audit, Toolbar, IZI Services, HackBar, Security; Software downloads 2007-09-26
Dark Reading Article: "Eight Sure-Fire Ways to Beat a Security Audit": Experts share tips on how to avoid the most common pitfalls in an audit. Learn from those who went before you, and you may just ace your next security audit.; Tags: Security, Security Audit, IBM Corp.; White papers 2007-07-09

Using the Security Audit Journal on the IBM System i: Many people want to or have to audit the effectiveness of security on their system, to evaluate whether a security plan is complete, to make sure that the planned security controls are in place and working. This type of auditing is performed by the security officer as part of daily...; Tags: Security Audit, IBM Corp., Security; White papers 2007-06-01
Using WinReporter to Perform Security Audits on Windows Networks: WinReporter is the perfect tool to provide network administrators with an accurate picture of their infrastructure. WinReporter offers a set of 50 predefined reports that will help the network administrator in his audit and monitoring tasks: hardware upgrades, software updates and licensing, security checks, etc. WinReporter goes further and lets...; Tags: Network, Security Audit, Microsoft Windows, Network Administrator, IS Decisions, WinReporter, Network Administration, Networking, Security; White papers 2007-01-04
Survive a security audit: Brush up on these information security standards: Review key standards related to information security management in this sample chapter from How to Cheat at Managing Information Security. Covered standards, with which every security manager or CISO should be familiar, include: ISO 27001/BS 7799- the primary standard covering information security management ...; Tags: Information Security, Audit, Security Audit, Standards, Security; Book chapters 2006-10-11
IBM Tivoli and Consul: Facilitating Security Audit and Compliance for Heterogeneous Environments: Security and compliance challenges are greater than ever because of increased regulatory requirements and costs of compliance failures, increased complexity in technologies and IT environments, and a lack of predictability and visibility across infrastructures. To help address these challenges, IBM continues to expand its security management portfolio through development and...; Tags: Security Audit, Environment, Compliance, Security Management, IBM Corp., Security; White papers 2006-03-01
Security Audits: Identification and remediation of security vulnerabilities: This informational brochure from Covetrix describes the innovative penetration testing techniques that its security specialists use when conducting the most comprehensive IT security audit available today. Find out how Covetrix engineers use reconnaissance, social engineering, and external penetration testing to reveal network design flaws that could leave your company vulnerable...; Tags: Covetrix, Security Audit, Network Administration, Security, Networking; White papers 2005-10-01
IT Director’s Reference Series: Managing Security Audits: The IT infrastructure is a corporation's most valuable asset, delivering competitive advantages, processing the bulk of business transactions, and storing confidential information on all areas of the company, including financial data, customer and supplier databases, engineering schedules, business plans, human resource records, and email. Today most of this...; Tags: Security, IT Infrastructure, Ecora Software Corp., Security Audit; White papers 2004-12-01
Are you ready for your Next Security Audit?: Today, security audits are a fact of life for IT departments. Preparation is the key to successfully passing a security audit. In this whitepaper: Managing Security Audits, you’ll read how to prepare for an audit, how to focus on your strengths and know your weaknesses, what to do after...; Tags: Preparation, Security, Security Audit; White papers 2004-11-01
How Innovative Day-to-Day Technology Operations Will Improve Your PCI Ranking: The Payment Card Industry Data Security Standard prescribes a 12-step program with explicit requirements to protect cardholder information. It also includes security audit procedures that must be validated by a PCI authorized third-party assessor. The PCI-DSS requirements apply to PCI acquirers, merchants, and service providers' inability to prove compliance can...; Tags: Security Audit, Payment Card Industry Data Security Standard, PCI, Security, Storage, Hardware; Webcasts

Additional Resources

21 months later, Vista is still more secure than XP: Last October, roughly one year after the release to manufacturing of Windows Vista, I did a comparison of how well Windows Vista was living up to its promise of being more secure than its predecessor, Windows XP. My data source was the Microsoft Security Bulletin Search page, where I tallied...; Tags: Security, Microsoft Windows Vista, Microsoft Windows Vista (Longhorn), Microsoft Windows XP, Microsoft Windows, Operating Systems, Software, Ed Bott; Blog posts 2008-07-25
Microsoft joins 'patch DNS now' chant; Apple patch missing: On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...; Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine; Blog posts 2008-07-25
Britain moves against illegal file sharing: CBC News out of Canada is reporting that British ISPs are making an aggressive move against illegal file sharing by implementing a program designed to discover copyright violators, who will be sent warning letters and may potentially have their internet connections disconnected. For more on the article,...; Tags: File-sharing, Peer To Peer (P2P), Internet Service Providers (ISPs), Internet, Nathan McFeters; Blog posts 2008-07-25
GMail adds "https:"-only connections but still not by default: Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default. In the Settings tab, at the very bottom, GMail users can now select...; Tags: Google Inc., Google Gmail, HTTP, E-mail Providers, Cloud Computing, Internet, Ryan Naraine; Blog posts 2008-07-25
How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability: The short answer is being paranoid about tackling a known vulnerability. It's 2001, and Daniel J. Bernstein DJB, author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what's to turn into the "sky is falling" critical Internet vulnerability in 2008, in...; Tags: DNS, Vulnerability, Anomaly, Attack, OpenDNS, MaraDNS, NSS, Domain Names, Networking, Internet, Dancho Danchev; Blog posts 2008-07-25
Offshore outsourcers likely to beef up security following Bangalore blasts: A series of bombs have exploded in Bangalore and companies that have technology operations in India are likely to need increased security precautions following what appears to be a terrorist attack. According to various reports from Reuters and Rediff.com, nine bomb blasts have rattled Bangalore, which hosts...; Tags: India, Bangalore, Rediff.com India Ltd., Sacchin Uppal, Outsourcing, Business Security, Security, It Operations, Business Operations, Outsourcing & Subcontracting, Larry Dignan; Blog posts 2008-07-25
Heap-based buffer overflow reported in RealNetworks RealPlayer: Update 07/25/2008: Aaron Portnoy of TippingPoint's security research group was kind enough to point out that I'm actually not affected by this, since I've installed the newest version of RealPlayer.Â From Aaron's email: Notice the Secunia advisory states it affects RealPlayer 10.5... the latest is 11.x, which now uses...; Tags: Vulnerability, RealNetworks Inc., Buffer-overflow, RealNetworks RealPlayer, Secunia Research, Vendor, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Nathan McFeters; Blog posts 2008-07-25