-
Understanding certificates and keys in C2B transactions
Expert Michael Cobb details the SSL handshake and the role of public and private keys in a C2B transaction.
-
The costs and benefits of Android GMA
Expert Michael Cobb details the costs and benefits of Android GMA, which raises the bar for mobile browser security.
-
When should you enable or block silent updates?
In light of the increasing popularity of silent updates, expert Michael Cobb examines their security and application-compatibility implications.
-
Tips on good Android lock patterns
Get advice from expert Michael Cobb on how to secure your Android device with good Android lock patterns.
-
Sharing security intelligence: Where to begin
Expert Nick Lewis explains how enterprises can forge strong security networks that support sharing security intelligence.
-
How to measure AV vendors' research teams
Is your enterprise conducting an anti-malware comparison? Expert Nick Lewis provides metrics to find the best fit for your enterprise's needs.
-
Security criteria for third-party data recovery
Expert Nick Lewis discusses the security requirements enterprises should establish when selecting a third-party data recovery services provider.
-
Should enterprises help users find secure mobile apps?
Expert Nick Lewis explains the role enterprises should play in helping BYOD users define malware and identify secure mobile apps.
-
Avoid joining DDoS attacks via the Low Orbit Ion Cannon
Recent DDoS attacks by Anonymous show why enterprises must avoid the Low Orbit Ion Cannon tool and other Web-based malware. Expert Nick Lewis explains.
-
The Global Payments data breach: What went wrong?
Expert Nick Lewis discusses the Global Payments data breach, focusing on lessons to be learned for PCI DSS-compliant enterprises.
-
Auditing remote desktop access software
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.
-
Has risk-based authentication finally matured?
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.
-
Types of SSO: Comparing two vendors' SSO approaches
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.
-
Using IDaaS and XACML for a hybrid IdM system
Is IDaaS a wise choice for managing access to cloud and on-premise systems? Randall Gamby discusses hybrid identity management systems.
-
Streamlining the compliance review process
The compliance review process can be complicated, especially when getting input from others. Mike Chapple offers advice to streamline the process.
-
Security vs. compliance: Is 'checkbox security' OK?
Mike Chapple discusses the compliance vs. security challenge and why a "checkbox security" mentality may actually be a good thing.
-
How do I know if I need a GRC product?
Is it necessary to purchase pricey GRC or compliance management software to meet PCI DSS and HIPAA compliance requirements? Mike Chapple discusses.
-
Monitoring P2P activity by IP address
Mike Chapple discusses whether you should be monitoring P2P activity with site crawling and info gathering websites like YouHaveDownloaded.com.
-
Patent-infringing products: Too risky to purchase?
Mike Chapple discusses whether enterprises should purchase next-gen firewall products from allegedly patent-infringing vendors.
-
Protecting your database with a triple-homed firewall
Mike Chapple discusses database security best practices and how to protect against unauthorized Web access by using a triple-homed firewall.
-
Submit your questions about infosec threats
Nick Lewis is standing by to give you free, unbiased advice on information security threats.
-
Submit your questions about IAM
Randall Gamby is standing by to give you free, unbiased advice on identity and access management.
-
Submit your questions about application security
Michael Cobb is standing by to give you free, unbiased advice on application security.
Security Management Strategies for the CIO