How do you know that you've covered all the bases when it comes to wireless LAN security?

Organization after organization has disclosed that critical data banks have been compromised by hackers, couriers or consultants. The causes range from lost backup tapes to lost laptops to network hacks. What most of these cases have in common is the lack of strong technical measures to protect data that is by its nature highly sensitive.

I had yet another computer journalist call me to ask if Vendor X's security solution was THE security product to solve all our security problems. I get a call or e-mail like this about once every two weeks. Usually they've read the vendor's own PR, another newspaper article, or even my own column touting a particular product.

In an era when more and more intruders are coming after corporate data for profit, not just for fun, a layered approach to security is more important than ever. The approach must be built on sound policies that are effectively communicated throughout the organization and backed up with spending on the right controls, but not too much spending in any one area.

Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2 percent of companies responding to our survey say their organizations have an enterprisewide encryption plan.

Background checks mitigate risks in the hiring of workers. Yet doing them effectively can be difficult. Laws in the US relating to background checks and criminal records vary by state, and no comprehensive source of national information exists. And while the number of background check vendors has grown in recent years, many are ill-equipped. Share these ideas with HR and legal:

Scientists have reported an important speed breakthrough which brings closer the day when quantum encryption becomes a usable part of communications security.

It's a good time to be a malicious hacker. That's because even though it's not a time of revolutionary new techniques in hacking for profit, business is booming for the established methods. Despite increased investment in information security defenses, the good guys continue to lag badly behind. According to one report by Sophos, which called the recent uptick in ­malware a "deluge," by April 2007, more than 250,000 websites were hosting malicious code and more than 8,000 were being added to that total every day.

I'm a CISO who has worked in the US financial services industry both as a regulator and for a large services company. In this column I'm going to let you in on one of the biggest, dirtiest secrets in the industry: The companies that get the least amount of scrutiny from financial regulators actually present some of the greatest risks for systemic financial market manipulation and fraud. I'm talking about financial news and brokerage service companies.

Westpac Bank, IBM, the University of Ballarat and the Victorian government have today entered into a $4 million research alliance to tackle cybercrime in online banking.

As enterprises seek out ways to reduce IT costs, optimize resources and improve operational efficiencies, three technology trends have started to dominate: virtualization, service-oriented architecture and mobility. More promising yet is the intertwining of these unique technologies.

A British company has developed an intelligent security technology that can wipe data if a laptop is moved from its designated space.

What is true enterprise security and how do you get it? Bogus promises by vendors are all too common. In this interview, outspoken security analyst Nick Selby humorously tackles the truth about data leakage products, smartphone protection, hotspot threats and the word "solution." Nick Selby leads The 451 Group's Enterprise Security Practice. Selby also serves as The 451 Group's Director of Research Operations and is on the faculty of the Institute for Applied Network Security.

Digital rights management (DRM) technology has deep flaws despite the hope of content providers that encrypted files will deter illegal file sharing, a computer security researcher said Monday.

Vendors of data leakage prevention (DLP) systems claim that customers will avoid integration issues by using packaged tools that encompass all the different elements of the technology, but some early adopters of DLP are already running into serious problems.