The title is very abstractive, isn’t it ? But that’s what we should confront. What does it mean? It means that we have a little budget to buy the security products and services, as well as employing talent guys to help us. The following points will help you out as you set out to secure your company.
1. Enforce the security policy and raise the staff awareness. Let all the employees know what they are entitled to while the rest is forbidden, if they are attempt to do something bad ,let they know we are watch on that , that is the power of deterrent . By this way, we can use 20% effort to prevent or discourage the occurrence of 80% incidents. Read more…
Security itself isn’t cheap. Adi Shamir says that security and cost are inversely proportional: to halve your vulnerability,
you have to double your expenditure.
November 26th, 2008
Jenny
WordPress released a new stable version 2.6.5. The officical WordPress organization advises all users to upgrade to this new version. The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x.
当前,虚拟化被Gartner列为接下来最为引人关注的新技术。果不其然,我现在也开始关注研究虚拟化。一般说,虚拟化有三种 – 服务器虚拟化、应用虚拟化、桌面虚拟化。这三种都进入了我们的视野。当前看,虚拟化能够带来的好处主要有两种:其一是费用节省,可能是直接的硬件成本,因为原来一些legacy的应用操作系统利用效率较低,现在可以共享硬件了等,也因为可以节省空间和电力;其二是更为快速的推出服务和管理服务。
出去功能性和维护管理之外,安全性毫无例外也是我的重要关注。看过了两篇很棒和不错的文章。很棒的是Gartner的,作者是Neil;不错的是Tripwire的,作者是Gene.
- Practical Steps to Mitigate Virtualization Security Risks, Gene Kim, CTO, Tripwire, Inc.
- Security Considerations and Best Practices for Securing Virtual Machines, Neil MacDonald, Publication Date: 6 March 2007
到目前为止,对于服务器虚拟化环境中的安全要点,我愿意总结出下面四点: Read more…
1. Improving business processes
2. Attracting and retaining new customers
3. Creating new products and services (innovate)
4. Expanding into new markets or geographies
5. Reducing enterprise cost
6. Improving enterprise workforce effectiveness
7. Expanding current customer relationship
8. Increasing the use of information/analytics
9. Targeting customers and markets more effectively
10. Acquiring new companies and capabilities (M&A)
(Source : Gartner EXP Survey 2008)
1. Delivering projects that enable business growth
2. Linking business and IT strategies and plans
3. Attracting, developing and retaining IT personnel
4. Improving the quality of IT services
5. Implementing IT process improvements
6. Improving IT governance
7. Building business skills in the IT organisation
8. Using information/intelligence in operations, products or services
9. Reducing the cost of IT
10. Managing IT risk and exposure
(Source : Gartner EXP Survey 2008)
1. Business Intelligence (No. 1 for 2006 and 2007)
2. Enterprise applications (ERP, SCM, CRM)
3. Servers and storage technologies
4. Legacy modernisation, upgrade or replacement
5. Technical infrastructure
6. Security technologies
7. Networking, voice and data
8. Collaboration technologies
9. Document management
10. Service Oriented (SOA)
CIOs continue to invest core technologies that can drive distinctive solutions
(Source : Gartner EXP Survey 2008)
“You don’t know who is swimming naked until the tide goes out.” In our world, we don’t know whose systems are running naked, with no controls, until they are attacked.
I changed the theme to “Clean Press“. It’s very simple, concise, crisp. As Dave said it focuses on content. I slightly modified it by changing the sidebar to right. If you like this one, Click to download Clean Press (right sidebar).
近日,央视接连两天对百度竞价排名的弊端进行了报道,各大媒体也没有放过这个机会,百度的媒体形象一度跌入低谷。联系到Google深入人心的“不作恶”形象,两形之下,给人高低立判之感。当公司发展到一定阶段,“民心所向”和“政治”就成为一个非常重要的环节。
虽然百度在国内市场占有率遥遥领先,但是由于其“竞价”方式的排名,搜索结果往往让人难以接受,从而放弃。尤其是专业人士,很依赖搜索结果的公正和客观,如果发现搜索出来的是一个报价的排名,还不如直接看广告了。
我在Google和百度上面分别搜索“信息安全”和”Security”,搜索结果大家一看就可以感觉到百度“竞价”排名对你的嘲弄: Read more…
朋友分享来的”东东枪”译版的奥巴马选举胜利后的演说稿,非常精彩。与大家共享:
Hello,Chicago!
芝城父老,别来无恙,
If there is anyone out there who still doubts that America is a place where all things are possible, who still wonders if the dream of our founders is alive in our time, who still questions the power of our democracy, tonight is your answer.
余尝闻世人有疑,不知当今美利坚凡事皆可成就耶?开国先贤之志方岿然于世耶?民主之伟力不减于昔年耶?凡存诸疑者,今夕当可释然。 Read more…
架构师不应该专注于技术本身,不是可以使用多么炫的技术,而是应该更加客观地、理性地分析业务的需求,合理地使用技术。给大家分享一个朋友寄来的故事:
联合利华引进了一条香皂包装生产线,结果发现这条生产线有个缺陷:常常会有盒子里没装入香皂。总不能把空盒子卖给顾客啊,他们只好请了一个学自动化的博士后设计一个方案来分拣空的香皂盒。博士后拉起了一个十几人的科研攻关小组,综合采用了机械、微电子、自动化、X射线探测等技术,花了几十万,成功解决了问题。每当生产线上有空香皂盒通过,两旁的探测器会检测到,并且驱动一只机械手把空皂盒推走。
中国南方有个乡镇企业也买了同样的生产线,老板发现这个问题后大为发火,找了个小工来说你他妈给我把这个搞定。小工果然想出了办法:他在生产线旁边放了台风扇猛吹,空皂盒自然会被吹走。 Read more…
VMware 提供移动终端上的虚拟化产品 – MVP (Mobile Virtualization Platform)。基于MVP,终端用户可以同时运行多个虚拟的移动操作系统, 例如一个作为公司业务使用,另外一个给自己娱乐游戏使用。这样的技术乍一听起来有点悬,就手机、PDA那么小、那么弱的计算能力,还虚拟呢,那计算能力不就更弱了。但实际上,移动终端的计算能力在近几年来已经获得了快速提升,开始有渐渐重复当年的笔记本电脑的态势。 Read more…
Know where your data is, who has access to what, read your logs, guard your perimeter, minimize complexity, reduce access to “need only” and segment your networks.
美国Computerworld报道一位被裁的系统管理员被逮捕,罪名是对前雇主-位于纽约的某基金公司勒索钱财。
这个前雇员叫Viktor Savtyrev,他对于裁员协议中的补偿条款不愿意,所以写邮件给公司的总顾问和管理层,威胁说如果不提高他的补偿,他将毁坏公司的计算机系统。并威胁说,在攻击服务器系统后,还会通知媒体曝光。
虽然这个故事在当前金融危机的大背景下,很有代表意义,对各大准备裁员的公司都有警示意义。但是这件事情本身并不新鲜,以前类似的“信息安全”案件还有不少。 Read more…
Recent Comments