Security Management

This paper details risks to software deployed in the cloud and what steps to take to mitigate that risk.

HP Fortify on Demand: The quickest, most affordable way to accurately test and score the security of your applications.

Fortify Software conducted a candid interview with Avi Rubin, Professor at Johns Hopkins University and specialist in the field of eVoting security risks. He discusses the concerns around software security as well as the voting solutions surrounding software independence.

For a CISO, open source introduces a new source of risk and unique security challenge: how do you influence developers over whom you have no direct management control? Jennifer Bayuk, former CISO of Bear Stearns, provides insight on best practices for evaluating, deploying and managing open source code.

While investments to secure the enterprise continue to rise, breaches into company systems and data are skyrocketing. These cyber crimes are consistently debilitating organizations operations, reputations and ultimately, viability. Today’s CEOs are demanding aggressive strategies to protect their business. CIOs and CSOs are working together to employ proven Business Software Assurance approaches across the enterprise to stay ahead of constant threats.

This webinar explores 12 of the most common security traps in Java by examining the causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, we look at vulnerabilities from a developer’s perspective, focusing on the source code.

Matt Rose, Senior Software Security Consultant at Fortify Software, shares his findings from a year analyzing millions of lines of code. He unveils his top ten most common vulnerabilities and provides detailed examples of each. These technical examples come from his experience working with fortune 500 companies, government agencies, and major ISVs.

Adrian Asher, Chief Security Officer at Betfair, an online UK betting exchange explains how he manages a “culture of security” and protects the Betfair brand in this 20-minute candid interview.

With an extensive background in police, military, government, and industry security, Howard Schmidt explains how to respond to the changing landscape of cyber threats and how business leaders are helping set the standards for application security. He then profiles industry role models who are setting the standard for application security.

Fortify's report summarizes electronic as well as traditional methods of voting including absentee ballots.  This voting guide will provide recommendations for voters who want to make sure their vote counts and for federal and state governments on how to devise efficient and accurate voting processes and systems.

At the beginning of 2012, IBM asked a group of executives from leading companies to share how they were approaching reputational risk management. View this infographic to see the surprising results.

Educating Everyone To Guard the Cloud

IBM has written this paper to enable discussion around the new security challenges that the cloud introduces.

Global organizations are increasingly emphasizing business resilience, that is, the ability to adapt rapidly to a continuously changing business environment.

Many organizations move a wide variety of sensitive information with file transfer protocol (FTP), and these servers are proving to be easy targets for thieves. Read this paper to learn more about IBM Sterling Managed File Transfer that helps you manage and control the critical information flows in your company's dynamic business networks.

This white paper explains why protecting sensitive information and ensuring privacy have become high priorities.

Download this free IBM white paper to learn best practices for outsourcing application development.

Find out where you stand on the path to PCI compliance with our checklist of the"digital dozen" requirements.

The Payment Card Industry Data Security Standard (PCI DSS) is a global security program created to increase confidence in the payment card industry and reduce risks to PCI members, merchants, service providers and consumers. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud.

Is your information at risk? Read this whitepaper to find out how the IBM WebSphere MQ FTE solution, built on WebSphere MQ, offers reliable, secure and auditable file transfers.

In the IBM white paper, "Achieving end-to-end information security: Five critical steps," you'll learn a more sophisticated approach to information security.

Explore a topic often overlooked during discussions about data security: the risk of insider threats. This report, "Stopping insider attacks: how organizations can protect their sensitive information," provides an overview of the issue of insider attacks and offers suggestions that may help organizations mitigate their risk. Plus, listen to a podcast about stopping insider threats.

Stopping inappropriate data access. This turnkey solution safeguards servers - where business data is stored and accessed - with a combination of software and managed security services that automate critical areas of security oversight. By monitoring and tracking system access, the solution is effective at enforcing security policies.

The disaster that seemed daunting in good economic times can be insurmountable when the economy takes a turn. This essential article outlines the "Five elements of business recovery," which can help you reduce the risk of lost revenue that downtime of any kind represents.

Take a business-level view of security and risk management, so you can prioritize security activities and focus on those that make the most strategic sense. With this white paper, learn to direct resources to mitigate risk and costs.