System News
back2 3 4 5 6 7 8 9 10 11 12 next
Archived Security Articles
30 Mar 2015
open to premium members only
Thoughts about Common Criteria (CC) Evaluations [41668]
US Scheme of the CC run by the National Information Assurance Partnership (NIAP)

Josh Brickman writes, "I want to share some of our thoughts about Common Criteria (CC) evaluations specifically those under the US Scheme of the CC run by the National Information Assurance Partnership (NIAP). NIAP is one of the leaders behind the significant evolution of the Common Criteria, resulting in ratification of a new Common Criteria Recognition Arrangement last year.

In 2009, NIAP advocated for a radical change in the CC by creating Protection Profiles quickly for many technology types. As described by NIAP[i]:

In this new paradigm, NIAP will only accept products into evaluation claiming exact compliance to a NIAP-approved Protection Profile. These NIAP-approved Protection Profiles (PP) produce evaluation results that are achievable, repeatable, and testable - allowing for more a more consistent and rapid evaluation process.[ii]..."
(Get More Information . .)

25 Mar 2015
open to premium members only
Is Your Shellshocked Poodle Freaked Over Heartbleed? [41551]
"named" vulnerabilities in commonly used libraries

Mary Ann writes,"Security weenies will understand that the above title is not as nonsensical as it appears. Would that it were mere nonsense. Instead, I suspect more than a few will read the title and their heads will throb, either because the readers hit themselves in the head, accompanied by the multicultural equivalents of 'oy vey' (I'd go with 'aloha 'ino'), or because the above expression makes them reach for the most potent over- the-counter painkiller available.

For those who missed it, there was a sea change in security vulnerabilities reporting last year involving a number of mass panics around 'named' vulnerabilities in commonly-used - and widely-used - embedded libraries..."
(Get More Information . .)

16 Mar 2015
open to premium members only
Three Big Data Threat Vectors [41428]
The Biggest Breaches are Yet to Come

Troy Kitch writes, "Where a few years ago we saw 1 million to 10 million records breached in a single incident, today we are in the age of mega-breaches, where 100 and 200 million records breached is not uncommon.

According to the Independent Oracle Users Group Enterprise Data Security Survey, 34% of respondents say that a data breach at their organization is "inevitable" or "somewhat likely" in 2015.

Combine this with the fact that the 2014 Verizon Data Breach Investigations Report tallied more than 63,000 security incidents - including 1,367 confirmed data breaches. That's a lot of data breaches..."
(Get More Information . .)

11 Mar 2015
open to premium members only
Oracle Directory Server Enterprise Edition (DSEE) to Oracle Unified Directory (OUD) [41313]
Upgrade and Co-existence

Greg Jensen writes, "As a follow up on 'Why Customers Should Upgrade Directory Server Enterprise Edition (DSEE) to Oracle Unified Directory (OUD)?', I would like to illustrate in a case study how easily upgrade can be achieved.

An upgrade process can be defined as the steps required for moving from a state where application leverage data managed within a DSEE directory service to a state where applications leverage data managed within an OUD directory service.

There are multiple ways to achieve that goal:..."
(Get More Information . .)

04 Mar 2015
open to premium members only
Securing Information in the New Digital Economy [41197]
Joint Oracle and Verizon Report

To learn more about Securing Information in the New Digital Economy, read the joint Oracle and Verizon Report.

We are in the midst of a data breach epidemic, fueled by a lucrative information black market. The perimeter security most IT organizations rely on has become largely ineffective. Nearly 70% of security resources are focused on perimeter controls, but most exploited vulnerabilities are internal.

Effective modern security requires an inside-out approach with a focus on data and internal controls...
(Get More Information . .)

01 Mar 2015
open to premium members only
Establishing a Mobile Security Architecture [41196]
Beyond Brute Force: 3 User-Friendly Strategies for BYOD Security

Organizations of today are at a point of transition from using personal or company-issued devices with restrictive controls to using these devices to meet the personal needs of the end user. One thing most security experts agree on is the high-risk posture that comes with the adoption of mobility. This risk is present because of the practice of extending the corporate perimeter onto the mobile device. To expect that a consumer-grade $300 smartphone can replace the security layers of the enterprise (firewalls, intrusion prevention, anti-malware, access control frameworks, multifactor authentication, and more) is just not a reasonable expectation without a focused look at how enterprises should extend their enterprise security framework to the mobile platform...

The Oracle mobile strategy is all about providing a secure and available mobile experience from any device, from anywhere, and at any time. From mobile clients to back-end enterprise systems, Oracle's mobile platform offers the reliability, scalability, availability, and portability that enterprises expect in a modern, enterprise-grade platform. With the unique capabilities of this platform, mobile devices, services, and applications can be rapidly and securely developed, creating an ever-expanding list of possibilities...
(Get More Information . .)

back2 3 4 5 6 7 8 9 10 11 12 next