Access control is the order of the day for this issue. All of our reviews focus on aspects of access control and management. This, of course, is a key aspect of enforcing the security of the enterprise. We address the topic with two First Looks and two Group Test reviews.

Preston Wood is one CISO on top of the integration of enterprise security and networking operations, says Jim Carr.

For decades we have fussed around with how we describe our profession. It started with data security, evolved to computer security, and then took off in several directions. Today most professionals are pretty well satisfied with information security.

During last year’s winning season, baseball’s Detroit Tigers got proactive in defending their IT security network, reports Dan Kaplan.

Depending on who you ask, the five-year old Sarbanes-Oxley Act is either a costly failure or a stroke of genius, reports Dan Kaplan.

The value to Kelly Services of a newly deployed SIM tool goes beyond securing its staff and customer data, reports Jim Carr.

Recent high profile data breaches have underscored the need for robust information security within organizations. But with names like Pfizer, TJX and the Department of Veterans Affairs dominating headlines, smaller organizations might infer that they have nothing to fear. Nevertheless, no company — large or small — is immune to a data breach or network intrusion, and the best form of protection is a holistic and proactive approach.

One of the most common concerns I find when asking security managers about their legacy physical security systems is that, generally, they are not very sure of the level of assurance that exists in their systems, and if they are truly safe from vulnerability or attack. They often dont actually understand their systems ability to withstand attacks from the data network nor do they comprehend what risks they introduce onto the network.

There is a general belief by end-users and executives that most information security incidents contain a level of extraordinary activity and usually do not occur during a typical work week. The thought is that security events against a corporation are few and far between, so the resources spent on protecting against potential incidents do not provide a good return on investment. The security industry has countered by spending significant time in showing the value of protective investments in hopes of altering the belief that security does not equate to an effective ROI.

It appears that today, business contingency, disaster recovery, and compliance are the hot phrases in information technology circles. Risk analysis in particular, is grossly misunderstood by IT professionals. It is bandied about by executives who, due to no fault of their own, do not have a clear concept as to what the phrase really means. That is primarily because the calculation of risk is not something for which an IT professional has traditionally been responsible, not to mention trained. Also, the derivation of risk analysis requires a different level of thinking as opposed to understanding Active Directory or voice over internet protocol (VoIP).