Access "Next-generation security awareness training"
Everyone agrees that security awareness training is critical to managing enterprise risk. Yet most infosecurity practitioners say their training programs are inconsistent at best--and ineffective at worst. Break room posters, buttons, e-mail newsletters and "tips of the day" are useful for issue-specific training. But they're less effective for long-term understanding and application of the security fundamentals--the stuff we need to get right. "In the old days, we put together a deck of slides and a script and mailed them out to division managers," says David Stacy, global IT security director for St. Jude Medical, a St. Paul, Minn.-based medical equipment manufacturer with 4,000 employees distributed throughout the world. "We'd tell them they need to communicate the material to their employees. "The truth of the matter," Stacy adds, "is that you get uneven results. Some managers blow it off, others would spend only 15 minutes on it." Stacy is among a growing number of infosecurity managers who are supplementing or replacing traditional awareness programs ... Access >>>
Premium Content for Free.
Microsoft security improving, while Trustworthy security lacks effort
by Lawrence M. Walsh
Microsoft is making significant strides to clean up its security mess, but Trustworthy Computing still has a long way to go.
Microsoft's internal auditor discusses the company's IT security outlook
Scott Charney is Microsoft's internal auditor, see what he and his team control.
NetIQ's five-point security architecture
Even with expanded support and agents, NetIQ's SIM product remains a Windows-centric solution.
- Microsoft security improving, while Trustworthy security lacks effort by Lawrence M. Walsh
Microsoft Security Response Center revamps its patch processes
Microsoft Security Response Center revamps its advisory and patch processes.
Profile: Symantec CEO John Thompson
Symantec's CEO breaks business and cultural barriers in his drive to build a security superpower.
How to address enterprise IT security concerns with executives
Five tips to win friends and influence C-level execs in your organization.
- Microsoft Security Response Center revamps its patch processes
Next-generation security awareness training
by Andrew Briney
Put your posters and buttons away. A more effective solution is at your fingertips.
Hacking in 2003: Examining this year's hacking techniques
A look at the foibles, follies and felons of infosec in 2003.
Using HoneyD configurations to build honeypot systems
by Marcus J. Ranum, Contributor
Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.
Detecting a Linux server hack
by Jay Beale, Contributor
Learn how to detect if your Linux server have been hacked or compromised.
Tips and tricks for IDS deployment best practices
by Jack Danahy, Contributor
Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.
- Next-generation security awareness training by Andrew Briney
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...