Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
ID and password authentication: Keeping data safe with management and policies
Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements. Continue Reading
Is it impossible to successfully remove a rootkit?
In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove. Continue Reading
How to lay the foundation for role entitlement management
Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps. Continue Reading
-
Key management challenges and best practices
Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them. Continue Reading
Results Chain for Information Security and Assurance
Information Security Blueprint
Is Triple DES a more secure encryption scheme than DUKPT?
Both DES and TDES use a symmetric key, but Michael Cobb explains their separate and distinct roles in protecting financial transactions.Continue Reading
Developing a patch management policy for third-party applications
Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from ...Continue Reading
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web ...Continue Reading
How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities
For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how ...Continue Reading
-
Enterprise risk management frameworks: Controls for people, processes, technology
Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ...Continue Reading
How does SSL 'sit' between the network layer and application layer?
SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.Continue Reading
How secure is the Windows registry?
In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives.Continue Reading
What are the drawbacks to application firewalls?
Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance ...Continue Reading
What should be done with a RAID-5 array's failed drives?
Even one failed drive in a RAID-5 array can present an enterprise with serious data protection concerns. In this SearchSecurity.com Q&A, expert Michael Cobb explains which policies can protect and recover RAID-5 data.Continue Reading
How secure are document scanners and other 'scan to email' appliances?
Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices.Continue Reading
How can header information track down an email spoofer?
Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from.Continue Reading
How should security and networking groups manage the firewall?
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should these responsibilities be split? In this expert Q&A, security management pro Shon Harris reveals how ...Continue Reading
Will two different operating systems cause administrative problems?
Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher ...Continue Reading
IT security auditing: Best practices for conducting audits
Even if you hate security audits, it's in your best interest to make sure they're done right.Continue Reading