2FA Architecture — The threat to privacy of modern Internet Are we secured with multiple layers of security?   There is a huge initiative from industry leaders to double secure user account in order to regain access in case of lost password. That’s perfectly fine. It helps you recover credentials, but this study shows it opens a hole that might be one of the largest security and privacy threats. Both private users and enterprises employs services such as Google, Facebook, Twitter, LinkedIN and others and give trust to... [More]

Tags:  security security-intelligence

“Cybersecurity” has become an increasingly vague and generalized term. The concept of cybersecurity encompasses every angle from which infiltrators and others with malicious intentions can make their mark. From cyber espionage and hacking electronic medical records to keylogging and trojan viruses, the term cybersecurity does not adequately capture the extent to which threats have evolved. But there is some good news: 2017 has seen new technologies prove to be effective solutions. Most important, we're seeing new philosophies... [More]

  Are you a member of the TUC? IN THIS ISSUE Global Group Updates Member Interview TUC Webcasts Webcast Replays User Group Meetings Sponsors MEMBER INTERVIEW TUC Member Interview Todd Loveday , Maximo Project Manager, URS Corporation   Click here   to view other TUC Member Interviews WEBCAST REPLAYS Check out the replays of July's TUC webcasts!   Webcast Replay   ​ Monitoring of Your DataPower Multi-Tenant Environment   Webcast Replay   ​ Demonstrate the Value of Your Maintenance Department by... [More]

IBM wants to increase the value of your existing products by bringing you more content through the  Integrated Service Management Library . Please take a moment to help us understand what kind of content would be most useful to you by answering this very brief survey.

  How a pair of missing pants taught me about audit, surveillance, and customer service and the implications for technology controls. [Read this post.]

Tags:  security surveillance audit privacy

Don’t miss the next Tivoli User Community webcast: IBM’s Next Generation of IAM solutions – What You Need to Know Now on December 12, 2012 at 11:00 am ET, USA.   Reserve Your Webcast Seat Now   Overview: In Q4 2012, IBM Security completely revamped the Identity and Access Management portfolio to address today’s advanced security threats. Familiar products such as Tivoli Identity Manager and Tivoli Access Manager for e-business have new IBM Security names and exciting new capabilities. Plus we’ve announced brand new solutions... [More]

Tags:  ibm security user iam tivoli solutions tuc webcast storage community

I've posted  my thoughts on the 2012 IBM Tech Trends Report  at the IT Security Zone blog. Interesting how pervasive security is in the report. 

Tags:  security

There was a time, when logging in to your bank account was a simple matter of entering a user ID, entering a password, and accessing your account. Similarly, getting cash from an ATM, just entailed inserting your card, entering your PIN code, and grabbing the cash. Not any more. When you access your bank’s web page, something horrible, called ‘malware’, sits on your PC, remembering every character you type, and sending them all to its sociopathic owner, so that he can later rob you. When you visit your ATM, a hidden camera records the... [More]

Tags:  authentication security online atm banking identity

What kinds of security controls could have prevented the Skype account hijack attack? Can we do anything except rely on white hat penetration testing? [Read this post.]

Tags:  security skype pentesting

There are times when “security through obscurity” is a perfectly legitimate security control tactic, especially against opportunistic attackers. [Read this post.]

Tags:  security obfuscation

Could the IT DMZ be used as a model for controlling payment card fraud and help protect against skimming attacks like those at Barnes and Noble? [Read this post.]

Tags:  pci fraud payment-card security

Our common stereotypes of social engineering attacks don’t match up to the latest data in the Verizon 2012 Data Breach Investigations Report. [Read this post.]

Tags:  social-engineering security

RSA announces a new offering to protect password credentials. But is protecting the password file really that difficult? [Read this post.]

Tags:  passwd password security

The 2012 Global Reputational Risk and IT Study calls into question the assumption that IT security incidents have only temporary impact on reputation. [Read this post.]

Tags:  erm security reputation risk

News about the IBM Security zSecure suite  is regularly posted to SMC - System Z .   Recent news of particular interest from a compliance perspective: IBM Security zSecure Audit integration with QRadar SIEM

Tags:  mainframe z/os security servicemanagementconnect q1labs racf qradar acf2 siem db2 systemz ism cics topsecret zsecure

IBM Tivoli Access Manager for e-business is a single sign-on (SSO) solution that authorizes and authenticates user access to Web and other hosted applications. Tivoli Access Manager’s software is a highly scalable user authentication, authorization and Web SSO solution for enforcing security policies over a wide range of Web and application resources. It centralizes user access management for online portal and business initiatives. See the support and services Tivoli Access Manager V6.0 has for you and your business needs in the... [More]

Tags:  tivoli access iea manager

About an hour ago we launched the new developerWorks security site . I'm excited to have this corner of developerWorks to pull together all of the existing security articles on dW in one place. But more importantly we're looking forward to producing a steady stream of how-to articles and videos on producing secure code and securing your IT operations at the new developerWorks security site. The developerWorks security site has two key parts to its "Practices" area. The first section is devoted to secure software... [More]

Tags:  developerworks security dw

    “All or nothing” authentication for low end privilege escalation hampers end-user adoption due to the inconvenience associated with authentication. [Read this post.]

Tags:  authentication security mobile

The recent Amazon / Apple account hack shows three examples of the same type of fundamental security flaw: using personal information as a credential. [Read this post.]

Tags:  amazon strong-authentication pwdreset apple security authentication