The increasingly heavy reliance on a highway as dangerous as the Internet can mean only one thing: The practice of encrypting everything is likely just over the horizon.

By Chris Smith

The Internet just in the past year has become a dangerous place indeed. This is ironic since during that same year, more people than ever are using the Internet for a growing list of purposes from personal dating to bill paying. Apart from hard statistics that document the increase in malware and phishing schemes, it seems every time I run a virus check lately, I find something has latched onto my system. With identify theft and data loss/leakage on the rise and compliance regulations directing us to follow ever-better security practices, the days of allowing data to remain unencrypted may soon be coming to a close.

Bytware's use of QR Codes on its promotional literature at COMMON challenges the widespread U.S. use of a more primitive barcode technology.

By Chris Smith

Have you ever stood in front of the self-serve checkout scanner in the supermarket trying to get your cookies to be read by the barcode scanner? Personally, I admire the brave souls who take anything more than a small number of items to the self-serve counter. Sometimes you can scan in everything you are buying, and sometimes you can't. Of course, that's why there is an attendant standing in the middle between the rows of scanners: to help. At least, I hope that's why she's there and not because store management thinks people will cheat and skip scanning an item or two.

In this article, Carol Woodbury discusses how moving to i5/OS V6R1 will provide more security for your organization.

By Carol Woodbury

When asked to write this article, my immediate reaction to the question posed in the title was, "Only if people use the function provided in V6R1." There is a plethora of security functions and features in the current releases of i5/OS. The problem is, many shops don't take advantage of them. So why is V6R1 any different? To answer that question, we have to take a trip back a few releases.

In this article, Carol Woodbury discusses the issues surrounding compliance as well as items to address to remain in compliance.

By Carol Woodbury

I wish I had a magic formula for ensuring that your organization's security configuration was in compliance. Unfortunately, it's just not that easy. It seems that there's at least a slight twist to every organization's compliance implementation. This article endeavors to provide guidelines for you to use to determine how best to attain and remain in compliance.

By Chris Smith

Worried about viruses, worms, hackers, spam, and unwanted Web content? IBM released a new security appliance this week that promises to simplify and fortify small business networks.

The proper management of security starts way before and goes way beyond technical decisions. Technical decisions are extremely important for proper information security management, but they are neither the starting point nor the most important decisions related to effective information security management.

Yet most organizations treat information security as a purely technical issue. This, in my opinion, is why we keep seeing major incidents at large and familiar organizations (e.g., TJX). Not until high-level management understands that security is primarily a business issue and begins to assert its proper role in the security process will the state of affairs in information security begin to change. Only when this happens will it be possible to ensure the appropriate execution of the other roles. The objective of this article is to support this assertion and to describe the security business process needed to make meaningful improvements in the management of information security in the entire industry.

With frequent reports of lost backup tapes, stolen laptops, and database breaches, it's time to look at the new laws and regulations that protect the privacy of data.

The reason we're hearing about all of the breaches and loss of data is because of a law first passed in California and then enacted by most other states that requires organizations to notify individuals when their private data (e.g., social security number, bank account number, credit card number, or driver's license number) has been lost, breached, or thought to have been breached. As of this writing, 38 states have passed some version of a breach notification law. Most states provide some form of exemption from notification if the lost or stolen data was encrypted. This has driven many organizations to consider encrypting their backup media.

There's more than one way to secure and protect your important data.

Over the last few years, hundreds of corporations have been featured in headlines for data security breaches. According to the Privacy Rights Clearinghouse, the records of over 158 million U.S. residents have been exposed by security breaches since January 2005. That's more than half of the U.S. population.

Lost or stolen backup tapes contributed to a large number of these breaches, yet protecting backup data is still often overlooked. Many companies believe that it is useless to protect these tapes because they contain "old" information only used for disaster recovery (DR), but even just one compromised backup tape can cost a company its reputation, its competitive advantage, and thousands in fines. The Ponemon Institute research firm reported that data breaches cost companies an average of $182 per compromised record in legal fees and other expenses.