vulnerability management

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Automating Vulnerability Management for PCI DSS Compliance

This white paper identifies the problems encountered in addressing network security risks through vulnerability management. It describes how automated vulnerability management contributes to compliance with industry standards such as the Payment Card Industry Data Security Standard PCI DSS and assists the user in proactively identifying security weaknesses before these are...

Tags: GFI Software Ltd., Vulnerability Management, PCI, Security, Storage, Hardware

White papers 2007-07-06

Preempting data warfare: The art of comprehensive vulnerability management

This sample chapter, taken from Larstan's the Black Book on Corporate Security, discusses the importance of comprehensive vulnerability management. Comprehensive vulnerability management reduces exposure and risks from security incidents that might otherwise occur as a result of having longer time intervals between inspections.This sample chapter, taken from...

Tags: Corporate Security, Larstan Publishing, Vulnerability Management, Security

Book chapters 2005-12-02

Vulnerability Management Is Critical to Managing Enterprise Risk

Vulnerability management is an emerging market that has captured the interest of enterprises concerned with mitigating and managing the threats within their networks. As the vulnerability management market space expands, comprehensive vulnerability management will bring together the assessment and scanning of vulnerabilities within and outside the network perimeter, the remediation...

Tags: Computer Associates International Inc., Vulnerability Management, Networking

White papers 2005-05-01

Additional Resources

Nsauditor 1.9.8 (Windows)

Nsauditor Network Security Auditor is a network security software and vulnerability scanner that allows auditing and monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack it and create a report of potential problems that were found. Nsauditor is a complete...

Tags: Network, Auditing, Monitoring, Microsoft Windows, Nsasoft, Nsauditor Network Security Auditor, Nsauditor, Networking

Software downloads 2009-11-28

End-to-end encryption is the key to protecting data and reputations

In order to avoid the financial and brand damage associated with data breaches, businesses need to consider deploying end-to-end encryption as a tamper proof way of securing data. Commentary - Media outlets around the globe highlight new data breaches at an alarmingly regular rate. Forrester estimates that the cost...

Tags: PCI, Organization, Data Breach, PCI DSS, Encryption Key, encryption, security, Paul Meadowcroft Thales, Special to ZDNet, Paul Meadowcroft, Thales, Special to ZDNet

News items 2009-11-11

Microsoft patches Windows worm holes, drive-by download flaws

HolesIt is like trying to patch a rotten ship!Does that mean Linux is a rotten ship too?NTAnd unfortunately most of the world is on that ship And unfortunately most of the world is on that ship RE: Microsoft patches Windows worm holes, drive-by download flawsAll OS are subject to "Intrusion...

Tags: Linux, Patches, Construction, Operating systems, SECURITY, Microsoft patches Windows worm hole, Microsoft patches Window, worm hole, Microsoft Patches, flaw, Microsoft Corp., patch management, attacked, window, Microsoft Windows

Discussion threads 2009-11-10

My Top Scary Technology Trends

The Most Terrifying:Google.Kills good companies by handing out "freebies". VERY scary.Machines replacing humansI thought they were tools to enhance our experience on earth.The worst is when customer is an AI telephone. "I'm sorry, could you repeat your last phrase. I did not understand". I thought the buttons were bad enough.RE:...

Tags: cloud computing, Storage management, Google Inc., hardware, virtualization

Discussion threads 2009-10-29

CyberThreats: Complacency abounds

We are making it easier for attackers??The first line of the quoted Gartner article says that the threats have remained the same but we're "seeing some new and clever evasion techniques"Then the last line says that "The biggest change was the decline in ability to prevent or shield vulnerabilities"So Gartner...

Tags: SECURITY, attacker, cyberthreats

Discussion threads 2009-10-21

News to know: Apple; Alex; Microhoo; Droid; FCC

Here are today's notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET's around-the-Web tech coverage. Sam Diaz: Another strong quarter for Apple; credit strong iPhone, Mac sales Jason D. O'Grady: Apple announces most profitable...

Tags: FCC, Google Inc., Larry Dignan, Advertisement, Information Technology, Dana Blankenhorn, Mary Jo Foley, Apple Inc., Microsoft Corp., Adrian Kingsley-Hughes, Sam Diaz, Microsoft Windows 7, Microsoft Windows, E-books, Federal Government, Service-Oriented Architecture (SOA), Operating Systems, Software, Personal Technology, Government, Web Services, Enterprise Software

Blog posts 2009-10-20

News to know: Apple; AT&T; Google Books; Palm Pixi; Verizon; Best Buy-Microsoft

Here are today's notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET's around-the-Web tech coverage. Sam Diaz: Live blog from Apple's "It's only Rock n Roll" event Apple afterthoughts: The real news is what...

Tags: Google Inc., Larry Dignan, Apple iPod, Palm Inc., Verizon Communications Inc., Andrew Nusca, Mary Jo Foley, AT&T Corp., Apple Inc., Microsoft Corp., Sam Diaz, Linux, Digital Music, Digital Media, Government, Operating Systems, Software, Personal Technology, Consumer Electronics

Blog posts 2009-09-10

University of Utah Writes New Thesis on Risk Management

The University of Utah is ranked as one of the top public research universities in the nation. It's also the oldest and largest institution of higher education in the state. The challenge was the need to keep its systems secure, and within HIPAA compliance. University deployed QualysGuard providing control of...

Tags: Qualys Inc., Risk Management, University Of Utah, Asset Management, Hipaa, Regulatory Compliance, Security, Financial Services, Operational Planning, Finance, Business Operations, Regulations, Healthcare, Government, Human Resources, Policies And Procedures

Case studies 2009-09-01

Adobe plugs critical ColdFusion, JRun vulnerabilities

Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms. The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead...

Tags: Adobe Systems Inc., Macromedia JRun, Allaire ColdFusion, Vulnerability, XSS, Cross-site Scripting Vulnerability, Development Tools, Software Development, Software/Web Development, Ryan Naraine

Blog posts 2009-08-18

Alleged TJX hacker spun a wide web of cybercrime

Just goes to show no one's doing their homeworkWe keep pushing computerized systems out further and further into important aspects of our lives, and yet the security portion isn't baked in and is really an afterthought. Put a national security slant on all of this, and the possibilities are...

Tags: Hacking, PCI Standard, wide Web, hacker, cybercrime, Web, security

Discussion threads 2009-08-18

VMware's SpringSource purchase sparks head scratching; Still doesn't solve the Microsoft problem

VMware's purchase of SpringSource for $420 million has sparked a fair amount of head scratching among analysts who argue the virtualization software company paid too much and still failed to solve its Microsoft problem. Global Equities analyst Trip Chowdhry noted that SpringSource had roughly $10 million in...

Tags: VMware Inc., Microsoft Corp., SpringSource, Virtualization, Hardware, Larry Dignan

Blog posts 2009-08-11

Secure Auditor 2.0.1258 (Windows)

Secure Auditor is a Unified Risk Management Solution which enables user to perform Enumeration, Scanning, Auditing, Penetration Testing and Forensics on different operational systems from single console with 30 embedded Utilities like Cisco Configuration Manager, Oracle Password Auditor, Windows Password Auditor, Oracle Event Log Viewer, Windows Event Log Viewer, Oracle...

Tags: Oracle Corp., Secure Bytes, Microsoft Windows, Operating Systems, Software

Software downloads 2009-08-06

The How and Why of PCI

Companies that offer online credit card transactions must understand and follow Payment Card Industry PCI standards, particularly the Data Security Standard DSS. This standard includes comprehensive requirements to secure and protect electronic payments, and to assure the privacy of customer account information. Compliance involves building and maintaining a secure network,...

Tags: PCI, MessageLabs Ltd., Operational Accounting, Security, Financial Services, Finance

White papers 2009-08-01

A Good Year for Security Collaboration

Guest Editorial by  George Stathakopoulos It seems like just yesterday when I was at Black Hat.  Now as I get ready to fly to Las Vegas again, I look forward to seeing a lot of security researchers, hearing their latest exploits and how they fared over the...

Tags: Microsoft Corp., Conficker Working Group, Security, Ryan Naraine

Blog posts 2009-07-27

Some important truths about pen-testing

Guest editorial by Alberto Soliño Penetration testing is a highly scientific, metrics-driven approach to IT security that has been in practice since almost the dawn of the modern computing era when programmers first began conducting organized tests, or “hacks” of their own, or others’ technologies to test...

Tags: Process, Security, Penetration Testing, IT Security, Information Technology, Organization, Ryan Naraine

Blog posts 2009-07-20

SecSip: A Stateful Firewall for SIP-Based Networks

SIP-based networks are becoming the de-facto standard for voice, video and instant messaging services. Being exposed to many threats while playing an major role in the operation of essential services, the need for dedicated security management approaches is rapidly increasing. This paper presents an original security management approach based on...

Tags: SIP, Network, Security Management, Session Initiation Protocol (SIP), Firewalls, Security, Security Administration, Network Security, Emerging Technologies, Networking

White papers 2009-07-17

Sanook.com Turns to HP for a Computing System That Is Able to Keep Up With Its Growth

Sanook.com is a leading integrated Internet service provider, established in 1998 as a subsidiary of MIH Group - the communications giant headquartered in the Netherlands. Sanook.com wanted to serve tremendous increasing amount of users - more than 50 per cent a year and reduce operational costs. The challenge was to...

Tags: Hewlett-Packard Co., Sanook.com, Internet Service Providers (ISPs), Performance Management, Blade Servers, Business Services, Utility Computing, Internet, Servers, Business Intelligence, Human Resources, Workforce Management, Hardware, Enterprise Software, Software, Data Management

Case studies 2009-07-01