-
Can Android virtual patching thwart malware attacks?
Application security expert Mike Cobb weighs the pros and cons of Android virtual patching to thwart Android malware attacks.
-
Explaining how trusted and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections.
-
Software security lifeclyce: Gaining executive support?
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains.
-
BIOS management best practices: Patches and Updates
Amid growing concern over BIOS threats, expert Mike Cobb discusses how organizations should manage BIOS patches and BIOS updates.
-
Dangerous apps: Should enterprises ban IE, Adobe?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise?
-
Enterprise user de-provisioning best practices
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.
-
How to manage information security legal issues
Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.
-
How to make an enterprise RBAC implementation easier
Learn the benefits of role-based access control based on job functions of network accessing employees, and how to make an RBAC implementation easier.
-
Minimum password length best practices
Should all enterprises mandate 14-character passwords, or are passwords alone not enough? IAM expert Randall Gamby offers his minimum password length best practices.
-
Considerations for cloud endpoint security
Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security.
-
Smartphone eavesdropping via keyboard vibrations
Is smartphone eavesdropping via keyboard vibrations a credible enterprise threat? Mike Chapple explains.
-
QR codes security: Do malicious QR codes pose a risk?
Expert Nick Lewis discusses QR codes security and whether malicious QR codes pose enough risk to justify disabling them.
-
Curb the spam virus threat via security training
Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.
-
Does Morto worm prove flaws in Windows RDP security?
The recent Morto worm had unusual success spreading via Windows Remote Desktop Protocol. Does that mean RDP is security too weak? Nick Lewis explains.
-
Avoiding cloud costs resulting from a cloud DDoS attack
A cloud DDoS attack on Web applications in the cloud could be expensive if it results in extra cloud bandwidth costs. Learn how to plan ahead.
-
Online banking at work: Avoid security issues
Is it OK to allow personal online banking at work? Get advice on avoiding online banking security issues with enterprise users.
-
Full-packet capture vs. capture network flow data
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.
-
Exchange Server administration policy
Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy.
-
Privileged account policy: Managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information.
-
Password storage vault: Credential validation
Randall Gamby offers advice on the credential validation process for an enterprise password storage system.
-
Submit your questions about infosec threats
Nick Lewis is standing by to give you free, unbiased advice on information security threats.
-
Submit your questions about IAM
Randall Gamby is standing by to give you free, unbiased advice on identity and access management.
-
Submit your questions about application security
Michael Cobb is standing by to give you free, unbiased advice on application security.