Security Management Strategies for the CIO-
How to mitigate the risk of a TOCTTOU attack
Are TOCTTOU attacks, exploiting time-of-check-to-time-of-use race conditions, a threat to your enterprise file systems? Expert Michael Cobb discusses the dangers and how to mitigate them.31 Aug 2011
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.31 Aug 2011
-
Framework for building a vulnerability management lifecycle, program
A robust vulnerability management program requires the integration of inventory, change and configuration management.30 Aug 2011
-
Ranum chat: Enterprise information security architecture
Security expert and Information Security magazine columnist Marcus Ranum continues a new bimonthly feature where he goes one-on-one with a fellow security industry insider. This month, Marcus talks...30 Aug 2011
-
How MAC and HMAC use hash function encryption for authentication
Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb.30 Aug 2011
-
Microsoft BlueHat prize wins over Black Hat Crowd
Security pros say Microsoft’s contest to encourage development of new security technologies for its products is promising.30 Aug 2011
-
Organizations need a new data security model to combat today’s threats
Modern threats require a fundamental shift in information security away from the fortress mentality.30 Aug 2011
-
Survey: APT attacks a top concern, but many firms fail to enforce policies
A new survey from whitelisting vendor Bit9 found many firms are relying on the honor system to prevent unauthorized downloads.30 Aug 2011
-
Bring back the lulz by changing up your information security model
Security needs more lulz, but it’s not happening until we change our protection models, understand how our respective businesses work and concentrate on current threats and adversaries.30 Aug 2011
-
Browser makers block rogue SSL certificate
DigiNotar, a certificate authority said fraudsters began issuing public key certificate requests for a number of domains, including Google.com. The firm revoked all fraudulent certificates.30 Aug 2011
-
VoIP security best practices: Securing communication in the workplace
VoIP communications can be a great money-saver, but without solid VoIP security best practices, it can introduce new risks.30 Aug 2011
-
Morto worm, an old-school Internet worm, spreading via RDP
Security firms say the Morto worm isn’t a Trojan, but an Internet worm that spreads via Windows Remote Desktop Protocol (RDP).29 Aug 2011
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.29 Aug 2011
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps.26 Aug 2011
-
How to set up SFTP automation for FTP/DMZ transfer
Transferring files from a DMZ to an internal FTP server can be risky. In this expert response, Anand Sastry explains how to use SFTP automation to lock it down.26 Aug 2011
-
Jose Granado on the benefits of penetration testing, ‘human hacking’
Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well.26 Aug 2011
-
In wake of Android Trojans, enterprises need Android security policy
Does your enterprise have an Android security policy? Senior Site Editor Eric B. Parizo says the growing number of Android Trojans now demand it.25 Aug 2011
-
SSL alternatives? Crafting Web-security programs for emerging threats
Expert Nick Lewis reacts to breaches at SSL certificate issuers and tackles whether enterprises should turn to SSL alternatives.25 Aug 2011
-
Evolution of online banking malware: Tatanarg Trojan and OddJob Trojan
Online banking credentials are one of the most lucrative bits of information available to steal. Expert Nick Lewis advises how to keep cutting-edge Trojans off company machines.25 Aug 2011
-
Locate IP address location: How to confirm the origin of a cyberattack
What's the best way to determine the origin of a cyberattack? Expert Nick Lewis weighs in.25 Aug 2011
-
News
-
Latest Headlines
-
Featured
-
Information Security Magazine
The information security pro’s resource for keeping corporate data, applications and devices secure
Download Now!
-
-
-
Premium
Editorial-
E-Books
-
E-Zines
-
E-Handbooks
-
- Multimedia
-
Security
Topics-
Topics
- Enterprise Data Protection
- Application and Platform Security
- Enterprise Identity and Access Management
- Government IT Security Management
- Information Security Threats
- Information Security Careers, Training and Certifications
- Security Audit, Compliance and Standards
- Security for the Channel
- Enterprise Network Security
- Information Security Management
-
Hot Topics
-
-
Tutorials
-
Advice & Tutorials
-
Technology Dictionary
-
-
Expert
Advice-
Tips
-
Answers
-
Ask a Question
-
-
White
Papers-
Research Library
-
Product Demos
-
Resource Centers
-
- Blogs
-
Certification
Central