Security Policies

With all the benefits and opportunities the Internet provides, it can also be a very inhospitable place, requiring organizations' constant vigilance to protect themselves from attack. To better understand important security issues affecting organizations today, IDC recently completed a survey of more than 260 IT and Firewall managers and executives in the US and Europe that aimed to profile their organization's firewall deployments.

New network vulnerabilities appear constantly and the ability for IT security professionals to handle new flaws, fix misconfigurations and protect against threats requires constant attention. However, with shrinking budgets and growing responsibilities, time and resources are at constrained. Therefore, sifting through pages of raw vulnerability information yields few results and makes it impossible to accurately measure your security posture.

Medium organizations around the globe are increasingly concerned about cyberthreats, and the rising number of incidents shared publicly certainly justifies their worries. In the first half of 2009, for example, McAfee Labs saw almost as much new malware as it did in all of 2008. At the same time, most organizations have frozen or cut their IT security budgets. Threats up, budgets down. This is what we call the "security paradox."

Browsers are the least-protected and therefore easiest medium for transferring malware, which is why protecting your company against web-borne threats should be part of a total security solution. This brief explains the key benefits of implementing a web security solution with McAfee. Read more.

Stopping inappropriate data access. This turnkey solution safeguards servers - where business data is stored and accessed - with a combination of software and managed security services that automate critical areas of security oversight. By monitoring and tracking system access, the solution is effective at enforcing security policies.

In today's economy, companies are trying to assess if they can afford to become PCI compliant. What many of those same companies forget to consider whether they can afford not to be compliant. Since 2007, merchants who were found to be non-compliant with PCI DSS faced fines of $5,000 to $25,000 per month from Visa. It may seem expensive for merchants to install and maintain new security measures to become PCI compliant and validated, but these costs are only a fraction of what it would cost a company to be found in non-compliance or suffer a data breach. Learn more about PCI DSS compliance and how NeoSpire Managed Hosting can help.

If you're in IT, you understand all too well the challenge of competing priorities. Security is important-but so are all of your other jobs. That's why McAfee offers a practical approach to managing security and lays out an approach for managing security in just 15 minutes a day. Read more.

Data is a company's most precious asset-and maintaining secure access for a mobile workforce is vital for midsize organizations. This brief explains the key benefits of implementing a data security solution with McAfee. Read more.

Anti-virus by itself is no longer enough to protect endpoints, especially in this age of mobile devices and business users on the go. This brief explains the key benefits of implementing an endpoint security solution with McAfee. Read more.

Email is an indispensible tool for businesses today, but it's also a favorite vehicle for spammers and cybercriminals. This brief explains the key benefits of implementing an email security solution with McAfee. Read more.

Most midsized businesses aren't fully aware of the number of vulnerabilities that exist on their networks. Is it possible to address them all? This brief explains the key benefits of implementing a network security solution with McAfee. Read more.

The greatest threat to enterprise data security comes from inside threats. Securing the enterprise requires an understanding of the data leak points, environment, people, and processes for managing sensitive information. This white paper explains how network-based and endpoint-based solutions can work together to provide the broadest protection available while ensuring scalability and manageability, and that employee productivity is not impacted.

Encryption will help to protect data against unauthorized access by outsiders from lost or stolen devices such as laptops, thumb drives, and other removable media. But it does not protect against the insider threat-employees and contractors with authorized access to data who mistakenly or maliciously leak your most valuable assets.

This webcast features addresses the challenges of protecting corporate and confidential data. It focuses on the untold story of data privacy and many of the compliance challenges that companies now face. The webcast features Dennis Gaughan and Cynthia Babb and is 55 minutes and 33 seconds.

Information security policy development should not be a one-time event. In order to effectively reduce risk and maintain a proper governance structure, organizations must periodically update written security policies as part of an ongoing management process.

Fortify's report summarizes electronic as well as traditional methods of voting including absentee ballots.  This voting guide will provide recommendations for voters who want to make sure their vote counts and for federal and state governments on how to devise efficient and accurate voting processes and systems.

It’s widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What’s surprising to many is that this technology can play a significant role in actively defending networks. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide unprecedented network visibility, security and control.

Unmanaged employee use of email and the web can subject any organization to costly risks including litigation, regulatory investigations and public embarrassment.  Download this guide and learn how to deploy clearly written Acceptable Usage Policies (AUPs) for email and web usage, supported by employee training and enforced by proven technology solutions.

In this recent report, the Aberdeen Group’s research revealed that 100% of Best-in-Class companies consume some managed security services as part of their security strategy. The most widely deployed and easiest to implement managed security service is email security.

Learn more about the security risks and vulnerabilities faced by organizations, and the elements of a proactive security approach. Then find out how Tripwire helps organizations attain and maintain a good security posture using industry-leading configuration assessment and change auditing to harden systems against security breaches, automate compliance with security standards and policies, identify configuration changes, and resolve vulnerabilities.

Discover how to achieve and maintain FISMA compliance to ensure security of systems and data.

This paper describes a new approach to managing encrypted data that significantly strengthens an organization's security posture, while minimizing the cost and effort of PCI compliance. Read this white paper and find out more about how to comply with PCI compliance requirements.

Email compliance, security and content policy enforcement is a growing priority for all organizations.  Email content control solutions provide real-time scanning of email traffic and provide the foundation for proactive enforcement of regulatory and corporate policies.  However, the administrative burden associated with policy management imposed by most such products is significant.

This white paper will explore what security challenges wireless networks present, suggest best practices to ensure Wireless LAN security, and demonstrate how AirDefense Enterprise, a Wireless Intrusion Detection and Prevention System, can help you define, monitor and enforce your wireless security policy.

This paper outlines the specific elements of wireless LAN security (perimeter control, access control, date protection, and monitoring) and WLAN management (configuration, fault diagnostics, network usage, and policy enforcement). Reader will gain a keen understanding of how to effectively lockdown a wireless LAN and manage it for peak performance.