 |
|
|
|
|
| 1. |
How security audits, vulnerability assessments and penetration tests differ |
| Learn how security audits, vulnerability assessment and penetration tests differ, and how these tests help promote a more secure environment. |
| URL: |
|
| 2. |
Risk management methodologies |
| Expert advice regarding best practices for risk management methodologies. Also learn how vulnerability management and risk management tools differ and how they can help protect your environment. |
| URL: |
|
| 3. |
Taking the CISSP exam without the required experience |
| Learn about the Associate CISSP, a program offered by (ISC)2, that enables you to take the CISSP exam without the required experience. |
| URL: |
|
| 4. |
Powering down vs. logging off |
| Find out whether it's better for employees to power down systems or log off when they leave. Learn what organizations can do to protect their systems and how to reduce the likelihood of an attack. |
| URL: |
|
| 5. |
Log anonymizer tools |
| In this Ask the Expert Q&A, our security management expert discusses what an anonymizer is and how it helps protects your identity while you are browsing the Internet. |
| URL: |
|
| 6. |
Policy management resources |
| Learn where to find resources that will help you create and manage security policies, procedures and checklists. |
| URL: |
|
| 7. |
Integrated security solutions |
| Our security management expert examines how the continual insider threat warrants the need for integrated security solutions and explains how creating a self-defending network helps meet this need. |
| URL: |
|
| 8. |
How to transition from a UNIX environment to the security management field |
| Learn how to transition to a career in security management, if you were once a UNIX specialist and whether it would be wise to opt for a vendor specific or a vendor neutral certification during this phase. |
| URL: |
|
| 9. |
Gap analysis procedures |
| In this Ask the Expert Q&A, Shon Harris, SearchSecurity's security management expert advises what should be done before a gap analysis is performed, and, provides six common steps of a gap analysis, so organizations will know what to expect before they begin this program. |
| URL: |
|
| 10. |
How to create and enforce employee termination procedures |
| In this Ask the Expert Q&A, Shon Harris, our security management expert, reviews how the the security group, HR and management should work together to define and enforce employee termination policies, and reviews what should be done during each stage of employment. |
| URL: |
|
| 11. |
What are the best options for handling segregation of duties? |
| In this expert Q&A, security management expert Shon Harris explains the benefits to a separation of duties and reveals the best ways to implement tight access control within your enterprise. |
| URL: |
|
| 12. |
Should computer exams be transmitted as PDF files or Word files? |
| Mike Rothman discusses the difference between PDF and Word files and which file type would be more securely transmitted during computerized examinations. |
| URL: |
|
| 13. |
David Mortman, Security Management |
| David Mortman, CSO-in-residence for Echelon One, answers your security management questions. |
| URL: |
|
| 14. |
What's the best strategy to catch up on HIPAA compliance quickly? |
| Learn how to build a good compliance program for HIPAA in order to protect patient information and avoid fines and penalties. |
| URL: |
|
| 15. |
Best practices for merging with a company that is not PCI compliant |
| Learn how to make sure you and your partner are compliant with PCI DSS while you prepare for the merger process. |
| URL: |
|
| 16. |
Ethical hacking techniques for standard penetration testing |
| Learn how to form a policy for standard penetration tests including getting written permission. Learn ethical hacking techniques. |
| URL: |
|
| 17. |
How to set up a remote access security policy |
| Interested in setting up a remote access security policy for users? Learn to use IPsec vs. SSL VPN and appropriate systems, applications and authentication methods. |
| URL: |
|
| 18. |
How to create a policy to avoid disgruntled employee data leaks |
| When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs. |
| URL: |
|
| 19. |
Is a lack of employee privacy a HIPAA violation? |
| Insufficient employee privacy for those who handle Medicare and Medicaid claims can result in a HIPAA violation. Learn how to keep this data safe and keep your organization compliant. |
| URL: |
|
| 20. |
Finding a security management job after an economic downturn |
| When the economy's tight, what's the best way to find work as a security manager with the CISSP certification? In this expert response, learn how to market your skills to find a security job you're well suited for. |
| URL: |
|
| 21. |
Should enterprises ban USBs because the DoD banned them? |
| When creating a portable device security policy, should an organization take into account the policies of the federal government? In this security management expert response, learn what can be helpful to keeping USB devices secure. |
| URL: |
|
| 22. |
Boosting morale of the information security staff after a data breach |
| After a security breach, the morale of the security team can dwindle. Learn how to boost the morale of the information security staff, including strategies for improved security policy. |
| URL: |
|
| 23. |
After a data breach, are there legal implications of sharing details? |
| After a data breach, it may be helpful to share the highs and lows of the experience with other companies to help prevent similiar breaches, but what are the legal implications of this? Learn how to share details without breaking the law or your enterprise's information security policy. |
| URL: |
|
| 24. |
Changing information security plans in an economic downturn |
| In an economic downturn, it may be necessary to reevaluate security budgets. Should security managers change information security plans from Web application security assessments to an enhanced data protection project for 2009? |
| URL: |
|
| 25. |
Getting the CEH certification to join an ethical hacking network |
| With so many security certifications, is it worthwhile to get a Certified Ethical Hacker certificate? Learn whether an ethical hacking certification can help you get ethical hacking jobs. |
| URL: |
|
| 26. |
Internal audits for Sarbanes Oxley and internal IT support |
| Under SOX, is internal IT support allowed to access security systems? Read this response from security management expert David Mortman. |
| URL: |
|
| 27. |
How do I get CPE credits? |
| Congratulations, you've earned your CISSP certificate. Now, what are some ways to get CPE credits to keep it up? Find out in this security management expert response. |
| URL: |
|
| 28. |
How to preserve an IT security budget from data breach fines |
| After a data breach, it's important to re-build security quickly and well, but when breach fines are exacted from a security team, it can cripple improvement efforts. Learn how to preserve an IT security budget to meet IT security goals. |
| URL: |
|
| 29. |
What are the ethical issues when consulting for two competing companies? |
| Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for handling consulting ethically. |
| URL: |
|
| 30. |
How to quantify business risk exposure to malware |
| How safe is your enterprise from data-stealing malware? How can you know where your security program falls short? Find out how to gauge enterprise risk exposure to malware in this expert response. |
| URL: |
|
| 31. |
How to choose a general security risk assessment |
| Looking to do a general security risk assessment, but aren't sure how to choose one? In this security management expert response, David Mortman explains how to assess risk and get the funding you need to mitigate it. |
| URL: |
|
| 32. |
IT auditing applications and tools for ISO 27002 certification |
| Gaining ISO 27002 certification can be a daunting process, so what auditing tools can help? David Mortman weighs in on how to choose the best auditing tool for your organization. |
| URL: |
|
| 33. |
What Obama's Blackberry means for mobile device security |
| Barack Obama started an uproar in the security community by being the first president to carry a Blackberry. How secure are these mobile devices? Should any enterprise CEO or vice president have one? |
| URL: |
|
| 34. |
Best practices for choosing an information security team new hire |
| Hiring someone for your information security team? In this expert response, information security management expert David Mortman explains what relevant information security experience is. |
| URL: |
|
| 35. |
How to avoid HIPAA Social Security number compliance violations |
| It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer. |
| URL: |
|
| 36. |
Learn security program management strategies to improve IT security |
| As a new security manager, it's important to prove to the enterprise executives that you can improve information security quickly. Read these security management strategies that can help. |
| URL: |
|
| 37. |
Best practices for log data retention |
| Figuring out how long to retain log data and how much log data should be kept in the event of incident response can be tricky to navigate. In this information security management expert response, David Mortman gives best practices for log data retention. |
| URL: |
|
| 38. |
How to create configuration management plans to install DLP |
| Installing DLP products on a network can require a lot of configuration management planning that includes cooperation between many business groups. In this security management expert response, learn how to do a network architecture review to install DLP. |
| URL: |
|
| 39. |
The requirements needed to make an external penetration test legal |
| Rule number one of pen testing: Make sure you have permission in hand before you begin. But there's much more than this needed to perform a successful penetration test on a wireless network. |
| URL: |
|
| 40. |
The requirements for being a PCI DSS-compliant service provider |
| When your clients ask, "Are you a PCI-compliant service provider?", how will you answer? In this expert response, learn what requirements you need to meet in order to keep customer data safe. |
| URL: |
|
| 41. |
How to write technology outsourcing contracts |
| Have you decided to outsource services but are afraid the company you outsource to may have a data breach? In this expert response, learn how to write technology outsourcing contracts that designate liability if there's a customer data breach. |
| URL: |
|
| 42. |
Writing a patient identifier policy to prevent common HIPAA violations |
| A computer screen displaying a patient's Social Security Number is one of many common HIPAA violations. Don't let your company become a HIPAA offender; learn how to write a patient identifier policy that prevents HIPAA violations. |
| URL: |
|
| 43. |
HHS HIPAA guidance on encryption requirements and data destruction |
| Complying with HIPAA is only becoming more challenging. Fortunately, the Department of Health and Human Services has recently released some preliminary guidelines on how to deal with HIPAA's encryption requirements and data destruction. |
| URL: |
|
| 44. |
Are there guidelines to create a HIPAA-compliant data center? |
| Are there specific guidelines for creating a HIPAA compliant data center? In this expert response, security management expert David Mortman suggests resources to boost compliance. |
| URL: |
|
| 45. |
Risk management strategy for an information technology solution provider |
| Looking to create an enterprise risk management strategy for an information technology solution provider? Security management expert David Mortman weighs in. |
| URL: |
|
| 46. |
Data breach notification legislation: What info must be released? |
| In the wake of a credit card data breach, what customer data breach information must be released per data breach notification legislation? David Mortman addresses the question in this expert response. |
| URL: |
|
| 47. |
Why doesn't the CISSP cover information assurance and DIACAP? |
| The CISSP is the standard when it comes to information security certifications, but why is it required for government security jobs when it doesn't cover information assurance and DIACAP? Security management expert David Mortman responds. |
| URL: |
|
| 48. |
How to prepare for a FERPA audit |
| Does your educational institution have to comply with FERPA? David Mortman, security management expert, explains what FERPA requires for school records and what to do when your FERPA audit is right around the corner. |
| URL: |
|
