SearchSecurity
New & Notable
Manage
Using the cloud won't protect you from ransomware
Storing data in the cloud isn't a sure-fire ransomware defense method. Expert Rob Shapland examines how the cloud helps and hurts when it comes to ransomware attacks.
News
Windows patch diffing uncovers flaws for attackers
Microsoft's practice of automatic Windows 10 patching could be uncovering vulnerabilities in older systems that can be exploited by attackers, said Google researchers.
Get Started
How to build a threat intelligence team
The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.
Problem Solve
How hackers can use an Amazon Echo attack to eavesdrop
Hackers could take advantage of a physical Amazon Echo vulnerability to turn the Echo into a listening device. Judith Myerson explains how this works and what can be done about it.
Go Now: Malware Protection Best Practices
Should security teams clean up the malware and move on or format the hard drives to start over with a clean system? In this expert guide, security pros weigh in on how antimalware protects the enterprise.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Trending Topics
-
Emerging threats Problem Solve
Windows shortcuts are vulnerable to attacks
A Windows vulnerability targets shortcut files and enables hackers to automatically execute code. Expert Judith Myerson explains the flaw and how to stop it.
-
Windows security Manage
How a Stuxnet bug exposes infosec program shortcomings
A Windows Shell flaw used by the Stuxnet worm continues to pose problems years after it was patched. Nick Lewis explains how the flaw exposes enterprise security shortcomings.
-
PCI DSS News
Risk & Repeat: Does PCI DSS compliance matter?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.
-
Encryption technology Manage
Safety of Web Applications
In this excerpt from chapter three of Safety of Web Applications, author Eric Quinton discusses symmetric and asymmetric encryption.
-
Security industry trends News
Risk & Repeat: The future of cybersecurity conferences
In this week's Risk & Repeat podcast, SearchSecurity editors discuss how smaller, more targeted infosec conferences are making a name for themselves in the shadow of much larger events.
-
CISSP Get Started
How well do you know the basics of network security?
Think you know network security basics inside and out? Take this 10-question quiz to find out how well you’ve prepared for Domain 4 of the CISSP exam.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
asks:
What techniques does your organization use to help build a threat intelligence team?
-
Johna Till Johnson asks:
Which elements of an incident response plan pose the greatest challenge for your infosec team?
Find Solutions For Your Project
-
Evaluate
Add endpoint security using supplementary tools
Learn how network access control (NAC), data loss prevention (DLP) and robust data destruction tools secure the data in your corporate endpoints against data loss.
-
How machine learning can help find malicious apps
-
A closer look at the STIX threat intelligence framework
-
How to make a SIEM system comparison before you buy
-
-
Problem Solve
Windows shortcuts are vulnerable to attacks
A Windows vulnerability targets shortcut files and enables hackers to automatically execute code. Expert Judith Myerson explains the flaw and how to stop it.
-
How hackers can use an Amazon Echo attack to eavesdrop
-
How mouse movements can beat sandbox detection
-
How to deal with CLDAP DDoS reflection attacks
-
-
Manage
Preparing for Adobe Flash's 2020 end-of-life date
Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made.
-
The dangers of Docker APIs and shadow containers
-
Has the role of CISO finally arrived? (I vote yes!)
-
Examining Google's decision to remove trust in WoSign
-
-
E-Handbook | October 2017
Crafting a cybersecurity incident response plan, step by step
Download -
E-Zine | October 2017
What does a CISO do now? It's a changing, increasingly vital role
Download -
E-Zine | September 2017
Growing data protection risks and how to manage them
Download -
Buyer's Handbook | September 2017
How to make a SIEM system comparison before you buy
Download -
E-Handbook | September 2017
Secure DevOps brings better, faster, safer software
Download
Information Security Basics
-
Get Started
How to build a threat intelligence team
The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.
-
Get Started
Crafting a cybersecurity incident response plan, step by step
'Swift' and 'automatic': key characteristics of effective incident response. But how to get from where your plan is to where it needs to be? This handbook has the answers.
-
Get Started
Responding to security incidents requires preplanning
Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members.
Multimedia
Vendor Resources
- AWS Security Checklist –White Paper
- Authentication your Way –White Paper
- Delivering Convenient & Secure Access to the Modern Workforce –White Paper
Blog: Security Bytes
-
FBI's Freese: It's time to stop blaming hacking victims
The FBI's Don Freese spoke at the (ISC)2 Security Congress this week about the need to end the practice of blaming hacking victims. But will infosec professionals listen?Continue Reading
-
DerbyCon cybersecurity conference is unique and troubling
Walking up to DerbyCon 7.0 cybersecurity conference it immediately has a very different feel from the "major" infosec conferences. Attendees would never be caught loitering outside of the Black Hat ...Continue Reading
-
More Security Bytes Posts
Fearmongering around Apple Face ID security announcement
Project Treble is another attempt at faster Android updates
The Symantec-Google feud can't be swept under the rug
-
News
View All -
Data security breaches
NSA data breach ramps up Russia fears
An NSA contractor became the target of a cyberattack after storing agency spying software on a personal device, and this NSA breach has caused a rise in fears regarding Russia.
-
IoT security issues
Google finds and patches Dnsmasq DNS, DHCP server bugs
News roundup: Google researchers find and patch vulnerabilities in the Dnsmasq server that are used widely in routers and IoT devices. Plus, EU-U.S. Privacy Shield challenge and more.
-
Information security laws, investigations and ethics
Experts question Equifax breach testimony
The Equifax breach impact expanded and the company's former CEO answered questions in a congressional hearing, but experts were not satisfied by the answers.