This community has been created as somewhere for anyone working in or interested in the information security industry. Please feel free to post in the forums (please try and keep your posts relevant to the category you are posting in). If you find anything offensive, please use the "this is...

Anyone with experience with Single Sign on? Am curious to hear your thoughts on this....

Is anyone aware of any freely available Security Awareness type content out on the net?...

Does the recently released Service Pack 3 for Windows XP offer many security improvements, and specifically improved data encryption (EFS)?...

Do you feel that networks are getting too complex to understand properly? And with 'properly' I mean that there is just too much happening for us gain such deep level understanding of our networks that we spot information leaks, misbehaving hosts and so forth. In my opinion the...

As the sales manager for a global applied information services company I was interested to find out if anyone has tried to implement an ISO 27001 system (Information Security Management System) and how they found it. SAI Global offer certification and training, around business improvement, including international standards such as...

Most TPAA are legal documents, but there security content vary a great deal I would like to hear feedback on what security domains can be includuled in a TPAA apart from confidentiality. I am sure there is a standard out there that deals specifically with this type of agreement....

The Absolute Security Computer. Today, the computer security industry offers for customers a huge amount of products aimed at the virtual protection of the PC. Unfortunately, the efficiency of virtual tools of the protection is doubtful, as any virtual protection can be broken by the same way. But, till now,...

Hi, Business Continuity is very important for any financial organization. As a part of Business Impact Analysis, one need to identify the Mission Critical Functions / Activities as a first step. My query is what is the PROCESS to do this? In my BCM projects, I have consulted with my...

I'd be interested in people's experiences of having web applications designed. Who creates the business logic specification, who defines the security requirements, and what parts of the design get left to the subcontractors? In the end, did you get what you wanted and did it pass its security tests?...

Peter Wood's podcast is very revealing in more ways than one. What struck me particularly was Peter's example of how he and a colleague got into a firm's premises and accessed the network without being challenged by the simple expedient of his colleague not wearing a jacket. The automatic response...

OK, so a government contractor lost another memory stick with sensitive stuff on it. But the real problem is not what was on it - it was the device itself. The press photo of it showed a cheapo device such as can be bought for fourpence at the local white...