Knowing what to do--and what not to do--can help you get into compliance and stay there.

By Carol Woodbury

Editor's Note: This article is an excerpt from "Compliance Without the Complexities," a free handbook that you can download from the MC White Paper Center.

The purpose of this article is to highlight the various aspects of compliance, specifically how to attain and maintain compliance. Many organizations have attained compliance, but a common complaint we hear is that maintaining compliance takes too long and costs too much. Through the practical experience of helping our clients--both large and small--attain and maintain compliance, we have built up a treasure chest of tips and techniques to help every organization address its compliance needs.

Obfuscation protects your source code from potential security threats while keeping the application's functionality in place.

By Joydip Kanjilal

Obfuscation is a process that involves converting your source code and data into an equivalent code or format such that it becomes difficult to reverse-engineer it using the decompiler tools without changing any of the application's code or functionality. This article discusses what obfuscation is, what the benefits of obfuscation are, and how you can use obfuscating tools in .NET, Java, and even JavaScript to prevent your code from potential threats.

How do you let the good guys in while keeping the bad guys out?

By Chris Peters

A lack of physical security combined with diabolical social engineering practices presents an ongoing challenge to network security personnel. Even if your company doesn't have a wireless network, it's a pretty sure bet that some of the laptops in your organization have built-in wireless capability. That means that a wireless laptop could act as a bridge, forming an opportunity for access to your internal network to anyone with an antenna, some precocious software, and the will to hack into your world.

A new solution from Patrick Townsend Security Solutions marks a giant step forward in encryption key management.

By Chris Smith

I was listening to a presentation on security and encryption key management at last summer's OCEAN conference when the speaker made a point eminently clear to the audience: It's not your encryption solution that is a challenge to manage, it's your encryption keys that take some finesse.

While Internet security breaches have increased noticeably of late, individual dangers are morphing into risks to entire countries.

By Chris Smith

The profusion of malware and the sophistication of attacks on personal, business, and now state entities seem to be increasing at a rate and level that is difficult even for security professionals to address.

Let's examine both sides of the security regulations debate.

By Pat Botz

Sarbanes-Oxley (SOX), government regulations passed in 2002 primarily as a response to egregious corporate behavior (a la Enron and others), turned six years old on July 30. Much has been said and written about SOX and its kin (HIPAA, GLBA, PCI DSS, SAS 70, etc.) in those six years as to whether these government regulations and industry standards actually help protect investors and consumers or whether they are merely a costly noose around the neck of U.S. businesses, strangling productivity for no discernable benefit. Now that SOX is six, is it any more obvious as to whether regulations and standards have made a positive difference?

By Paul Howard
For many organizations, the need to add to or introduce security in order to meet regulatory compliance is seen as a serious burden being imposed upon them with no defined advantages. This article examines security from all angles and exposes how it can be perceived as an asset and/or a burden to an organization.  

The chances of travelers losing sensitive data riding on laptops, mobile devices, or USB drives are running high today for anyone who doesn't effectively encrypt their data.

By Chris Smith

We usually think of encrypting data as a way to protect it from hackers and criminals, but did you ever consider that the U.S. federal government can now search your laptop without probable cause?