Bipin Chandra has just published a new white paper on the security on developerWorks community called "A t
You might also be interested in....
Security intelligence is the smart way to keep the cloud safe.
How much does a data breach cost your company? That's one of the toughest questions an IT security professional can be asked. The effects of a data breach are potentially catastrophic for a company, but it's a difficult task to quantify the risk.
That's why IBM has sponsored the Ponemon Institute's 2014 Study on the Cost of Data Breaches. This far reaching study is based on 1690 interviews across 10 countries and 16 sectors and is based on actual experiences of companies instead of could-have-happened theoretical discussions.
The Ponemon Institute has released both a global report and 10 country specific reports:
One of the most eye-popping charts in the report analyzes the reported data to show the clear relationship between the size of the breach and its cost: Keep in mind that this is not some hypothetical computer model. This is a regression based on the actual interviews and their reported data.
The 2014 Ponemon Cost Of Data Breach study is must reading for anyone needing to build a business case for protecting against data breaches.
Nikunj Panchal and Subramanian Krishnan have recently published an article on developerWorks showing how to integrate your PGP-based public key infrastructure with WebSphere Cast iron's built in support for data encryption so that you can acheive true-end-to-end data protection for all your enterprise orchestrations based on Cast Iron
You might also be interested in
Getting Started With WebSphere Cast Iron
The publication also includes three detailed scenarios covering real-world implementations of a Cast Iron Integration Solution.
I know everyone's scrambling to figure out what has to be patched to fix the Heartbleed bug. Please keep in mind that Heartbleed is a bug in the OpenSSL implementation of SSL, not a flaw in SSL itself. I know that many IBM products don't use OpenSSL and aren't affected by the Heartbleed bug. Having said that, there are probably some IBM products that DO need to be patched. And I wouldn't dare try to enumerate them.
Because IBM has a team of people whose job is specifically to monitor security vulnerability announcements and make sure the affected IBM products are made aware and to make sure patches get rolled out. They are the IBM
Jon Tate has published a post on the System Storage Redbooks blog with more details on how to get plugged into the PSIRT team's announcements about Heartbleed and other security alerts. So go check that post out and get plugged in.
You might also be interested in.....
Encrypting Data With Confidence
IBM has published a new white paper on encrypting data at enterprise scale. Learn about encrypting mission critical data with confidence and reduce security risks across the enterprise and beyond.
Many IBM products use the IBM Global Security Kit component for SSL and other encryption tasks. Oktawian Powązka has just published a new white paper at the security on developerWorks community that goes into detail about what you can and can't do with GSKit for FIPS and Suie B compliance. This white paper is a must read for anyone who has to worry about compliance to these stan
You might also be interested in:
Encrypting Data With Confidence:
IBM published a new white paper on encrypting data at enterprise scale. Learn about encrypting mission critical data with confidence and reduce security risks across the enterprise and beyond. Download "Encrypting Data With Confidence."
Sean Foley and Azadeh Ahadian have published part
From the abstract:
The growing number of relational databases on the cloud accentuates the need for data protection and auditing. IBM InfoSphere® Guardium® offers real time database security and monitoring, fine-grained database auditing, automated compliance reporting, data-level access control, database vulnerability management, and auto-discovery of sensitive data in the cloud. With the Amazon Relational Database Service (RDS) you can create and use your own database instances in the cloud and build your own applications around them. This two-part series explores how to use Guardium to protect database information in the cloud. This article describes how to use Guardium's discovery and vulnerability assessment with Amazon RDS database instances.
You might also be interested in .....
Tolly Test Report: IBM Security Web Gateway Appliance
Tolly evaluated the IBM Security Access Manager Web Gateway Appliance (AMP 5100) for its web protection effectiveness, performance, and ease of use. Read this report to see the details of the AMP 5100's abilit to block 100% of the inline-preventable OWASP Top 10 Web threats from 2010-2013.
Tim Jones has just published "Had
Encrypting data can be a scary prospect because of the difficulty managing the encryption keys. But now you can embed key management into your apps with KMIP4J and manage your keys in an open standard way. The programmers behind KMIP4J have just publ
The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government computer security standard used to accredit cryptographic modules. FIPS 140-2 defines four levels of physical and software security; level 1 is the lowest, level 4, the highest.
In this article, IBM software engineers Benjamin Fletcher, Eric Barkie, and Bhargav Perepa provide step-by-step instructions for integrating the FIPS 140-2 HTTP/HTTPS client libraries, created by IBM Research, into IBM Worklight Studio hybrid and native iOS and Android apps. Reading this article will earn you the ability to invoke these library APIs to create FIPS 140-2 encrypted network requests and transmit them to FIPS 140-2 certified SSL termination points inside and outside the firewall of private enterprise networks through a reverse proxy architecture.
We've posted Ori Pomerantz's white paper, "IBM
At the recent Smarter Analytics Live 2013 forum in Melbourne, IBM senior consultant for enterprise content management solutions Adrian Barfield noted that fraud investigators often spend only 20 percent of their time actually doing the analysis work to uncover data wrong-doing. A full 80 percent of the effort goes toward figuring out what information to use and how to use it since today's data stream includes a diversity of information sources and types. Barfield says this has the effect of flipping the conventional model of security information processing upside-down -- you create the context for your investigation by sifting through large volumes of information.
Barfield cautions that "things are becoming more and more complicated" because analyzing structured data is a different task from analyzing unstructured data. Also, you often need to make a correlation between the two types of data: For example, reconciling structured activity logs with less structured help-desk logs or security incident reports. Security officers need a way to quickly identify patterns and build and deploy new security models.
One such tool to help organize this new security paradigm is the open source Apache UIMA project; Unstructured Information Management applications are software systems that analyze large volumes of unstructured information in order to discover knowledge that is relevant to the user. IBM developed UIMA to help make its Watson artificial intelligence platform a reality.
Another IBM tool that helps determine what data is relevant for a fraud investigation is the Intelligent Investigation Manager, a bundle of techniques that optimizes fraud investigation and analysis by dynamically coordinating and reporting on cases and analyzing and visualizing fraud within structured and unstructured data across silos. The component that bridges the gap between structured and unstructured data is Content Analytics with Enterprise Search:
Senior Product Manager for the IBM Enterprise Content Management Solutions Jeffrey Douglas explains more about Intelligent Investigation Manager components in this video interview. 10:44
IBM Security Solution Architect Dr. David Druker delivers two scenarios that demonstrate how IBM Security (in this case, QRadar, Web Gateway, Network Intrusion Prevention System, InfoSphere Guardium, Endpoint Manager, and AppScan Enterprise) provides the best security insight by combining data from across an organization's entire infrastructure. Scenario 1 shows a user browsing, then attacking an application. Scenario 2 highlights what happens when a privileged user manipulates a database. The IBM Security package detects the activities, correlates the information, and secures the system. Pure security intelligence at work.
Comments (3) Visits (7255)
See below for an announcement from Kathryn Zeidenstein about some new video tutorials on InfoSphere Guardium policies
Hi community members
Back in 2011 or so the lab services team had done a LotusLive education session on policies that was very well received. I have taken the first of these presentations and broken it into 4 modules that are now hosted on the InfoSphere Guardium YouTube channel.
You can find links to all 4 of the modules on this new page on the InfoSphere Guardium community wiki. http
Here are the direct links:
Break out the popcorn!!
Have a great weekend.