Security and Risk Management Strategies Coverage Areas

Umbrella Technology Focus:

Planning and creation of security architecture, infrastructure, and programs for complex global enterprise networks. Technology focused reports on vendor product offerings.

Primary Areas of Focus for 2008

• DISTRIBUTED SECURITY ARCHITECTURES, PERIMETERS, AND ZONES: Centralized policy management systems with distributed policy enforcement points; layered protections, including network zones and other separation approaches; firewalls; and intrusion detection and response systems (IDRS)

• SECURITY MANAGEMENT AND AUDIT: Configuration, patch, and vulnerability management; security event information management systems that aggregate data for analysis, monitoring, reacting, and reporting; and feedback and audit trails

• SECURITY EVALUATION: Optimizing security spending, managing non-quantifiable risks; evaluating risk management approaches, insider defense and separation architectures, host security, content security, and application security testing

• ENDPOINT SECURITY: Assessment, enforcement, quarantine, and remediation mechanisms for hosts and mobile devices; host intrusion prevention; and trusted system technologies

• CONTENT SECURITY: Pre-empting malicious software (malware) through integrated anti-virus, anti-spam, anti-spyware, and anti-phishing defenses; message (email and IM) filtering/hygiene; file and disk encryption; information leakage detection or prevention; and rights management technologies

• APPLICATION AND DATABASE SECURITY: Code scanning; web application firewalls, securing the SDLC, AJAX security, database monitoring and encryption

Additional Areas of Focus for 2008

• Compliance including eDiscovery and Payment Card Industry (PCI) Data Security Standard
• Security metrics and measurement
• Security software suites
• Privilege control and least privilege

Published Content List