Security Management Strategies for the CIOSecurity Schools:Data Protection Security School
Data Protection Security School
SearchSecurity.com's Data Protection Security School will help infosec professionals formulate a comprehensive strategy and pinpoint technologies that can help them secure sensitive information throughout the network -- including data in motion and data at rest.
SearchSecurity.com is always looking for ideas for future lessons in our Data Protection Security School. Contact us if you have feedback on this school or ideas for future content.
-
Mobile device policy: How to prevent data theft
In this Security School lesson, expert Lisa Phifer covers the technologies, policy items and processes your enterprise needs to be considering as mobile workforces ramp up and security and compliance concerns emerge.
Lisa Phifer owns Core Competence Inc., a network security consultancy. -
Data encryption demystified
Five years ago, security professionals needed a deep understanding of cryptography to make encryption work. Today, thanks to advancements in "practical" cryptography, data encryption is more user-friendly, and easier to implement and manage across multiple applications. Still, there are many security considerations when it comes to data encryption, including what to encrypt, which type of encryption to use, how to manage keys, how to balance data security and data availability, how encrypted data is accessed across multiple applications, and much more. This lesson will "demystify" the complexity around encryption and provide security managers with a practical deployment roadmap.
-
Locking down database applications
In this lesson, learn how to secure database apps by building roles and privileges and monitoring access to prevent insider abuse, plus satisfy regulators by properly segregating duties and limiting application access to sensitive database data.
About the author:
Andreas M. Antonopoulos is a Senior Vice President and Founding Partner with Nemertes Research. -
How to build secure applications
In this lesson, learn how to build security into the software development lifecycle, implement a practical, efficient change management system and test your applications using a black-box or white box technique.
About the author:
Diana Kelley is a partner with Amherst, N.H.-based consulting firm SecurityCurve.
This lesson also features special guest contributor Ed Moyle, QSA and partner with SecurityCurve. -
Mitigating Web 2.0 threats
As companies look to cut costs, Software as a Service has gained ground in the enterprise. Similarly, social networking sites like Facebook and LinkedIn are must-haves in today's workplace. David Sherry reviews how to secure these services and defend against a variety of Web 2.0 threats.
About the author:
David Sherry is chief information security officer at Brown University. -
Data loss prevention
While every CSO and security manager knows the importance of protecting sensitive data, there is still a big gap between that understanding and the actual implementation of tools to do the job. This lesson will provide a comprehensive overview of the ways in which data loss prevention technologies can help protect intellectual property and confidential data.
About the author:
Rich Mogull is the founder of Securosis LLC, an independent security consulting practice. -
E-discovery and security in the enterprise
The new Federal Rules for Civil Procedure now allow a judge to request electronically stored information, and the inability to respond can be costly.
In this lesson, learn about updates to the FRCP and how to prepare for ligitation, and understand the technologies that can assist in the process.
About the expert:
Frank Lagorio, JD, is principal analyst for Contoural Inc. -
Database defenses for a new era of threats
. All too often, precious corporate databases containing customer records and other sensitive data are forgotten or ignored. This lesson offers an overview of the basic tools needed to secure a company's databases against today's emerging and most dangerous threats.
About the author:
Rich Mogull is the founder of Securosis LLC, an independent security consulting practice. -
Executing a data governance strategy
Today data is siloed in many applications and databases with no documentation on how trusted it is and the relationships among applications that capture and use data. In this lesson, learn how you can remedy these issues with a mature data governance strategy.
About the author:
Russell L. Jones is Partner AERS - Security & Privacy Services with Deloitte & Touche. -
Preventing data leaks
Today's most devastating security breaches often originate from within. In some cases, insiders accidentally or inadvertently leak confidential or proprietary IP. In other cases, insiders commit corporate espionage on behalf of a competitor. The challenge is that information is everywhere, and "trusted" insiders can access and transfer it using multiple applications and devices: Web browsers, email and IM clients, databases, peripheral and flash drives, USB tokens, and so on.
This lesson in SearchSecurity.com's Data Protection Security School will examine "must have" data losss prevention policies, processes and technologies for combating this growing threat.
-
Enterprise strategies for protecting data at rest
Many of today's data security breaches can be attributed to lost data. While security pros often focus on network soft spots, storage and e-discovery practices are often overlooked. This lesson will outline e-discovery services and how to ensure successful storage-security teamwork.
Learn more: Enterprise strategies for protecting data at rest
-
Watching the watchers
In this Security School lesson, expert Andreas explores how to monitor the activities of your most trusted insiders with a combination of policy, process and technology to keep unauthorized access and data loss to a minimum.
Andreas M. Antonopoulos is a senior vice president and founding partner with Nemertes Research. -
Realigning your data protection priorities
In this Security School lesson, expert David Sherry explains how your organization should react to the shift of organized online criminals from coveting credit card numbers to identity information and how to re-prioritize your efforts in protecting your organization.
David Sherry is chief information security officer at Brown University. -
Network content monitoring must-haves
Technologies that monitor how data moves in and out of organizations are rapidly intersecting. Data loss prevention, digital rights management and database activity monitoring, just to mention a few, all have overlapping functions and purposes not only to secure data but to help organizations with their compliance mandates. In this security school, you’ll learn about these intersections and how to best prioritize and strategize for your data protection investments.
About the expert: Mike Chapple is an IT security professional with the University of Notre Dame and a technical editor for SearchSecurity.com. -
Security visibility: Honestly assessing security posture
In this security school, you’ll learn how to gain the clearest visibility into the state of your company’s information security efforts. You’ll learn strategically how to make the most of your SIM, log management, network monitoring, GRC and penetration testing tools and services to provide a centralized collection of intelligence you can use to evaluate your company’s state of security.
Aaron Turner is the co-founder of N4Struct, an information security consultancy focused on helping organizations identify how to solve some of the toughest industrial espionage cases.Learn more: Security visibility: Honestly assessing security posture