Security Management Strategies for the CIO
-
Mike Chapple, Ph. D., CISA, CISSP, is an IT security manager with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is a frequent contributor to SearchSecurity.com, and serves as its resident expert on enterprise compliance, frameworks and standards for its Ask the Experts panel. He previously served as site expert on network security, is a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.
See below for Mike's archive of advice on both compliance and network security. To submit a question for Mike, click on the "Ask a Question" tab above.
-
Do you have a question for our experts?
Contributions from Mike Chapple, Enterprise Compliance
- Can Skype phones threaten an enterprise network?
- What are the risks of placing enterprise users in a DMZ?
- What are the benefits of a tunnelless VPN?
- Do information leak prevention products protect critical data?
- How well do content filtering tools limit network traffic?
- Can a TCP connection be made without an open port?
- Are all data packets treated equally?
- Which security practices can lower exposure to zero-day attacks?
- Which wireless security assessment tools are commercially available?
- Should log traffic be encrypted?
- What enterprise tools can scan files for sensitive data?
- How should a desktop firewall policy manage open ports?
- What is the risk estimation model for SSL VPN implementation?
- Are honeypots safe to implement in a router?
- What is the cause of a wireless LAN's unsecured connection?
- Can Group Policy be used to change local user permissions?
- How do stateful inspection and packet-filtering firewalls differ?
- How do L2TP and PPTP differ from IPsec?
- What types of Web services can compromise Web server security?
- Can open ports increase LAN exposure?