 |
|
|
|
|
| 1. |
Shon Harris, Security Management |
| Shon, author of "CISSP All-in-One Exam Guide," was a former security management expert for SearchSecurity.com. Shon Harris is no longer answering questions on the site. |
| URL: |
|
| 2. |
What is the most difficult thing about being a security specialist? |
| Our expert discusses some of the challenges involved with being a security professional. |
| URL: |
|
| 3. |
How to ethically monitor an employee's e-mail |
| Learn why companies who plan to monitor their employees' e-mails should have a acceptable use policy. |
| URL: |
|
| 4. |
Conducting an Information Asset Analysis |
| Learn where to find resources that will help guide you through an Information Asset Analysis. |
| URL: |
|
| 5. |
Documenting how to handle confidential criteria |
| Shon Harris, security management expert, suggests ways to draft an internal procedure on how to handle confidential data. She discusses data classification polices, steps to develop and roll out a data classification program, and what your guidelines should cover. |
| URL: |
|
| 6. |
Fundamental Information Risk Management |
| In this Ask the Expert Q&A, our security management expert discusses what FIRM is, how and why it was developed. Also learn what other risk management methodologies are available today. |
| URL: |
|
| 7. |
Distinguishing a remote access policy from a portable computing protection policy |
| In this security management Ask the Expert Q&A, Shon Harris discusses how these two policies differ and what issues each address. |
| URL: |
|
| 8. |
Developing an incident response plan |
| In this Ask the Expert Q&A, Shon Harris provides resources you can use to devise an effective incident response plan. |
| URL: |
|
| 9. |
Handling vulnerability assessment activities |
| Our security management expert discusses the importance of having a security team that handles vulnerability assessments within in your organization and outlines functions and tasks each division should be responsible for. |
| URL: |
|
| 10. |
How to convince executives to use stronger passwords |
| In this Ask the Expert Q&A, Shon Harris discusses tools and tactics you can use to convince exectuives that there is a need for stronger passwords within an organization. |
| URL: |
|
| 11. |
How to distribute and monitor rights and permissions |
| Learn how permissions and rights should be distributed and monitored in an organization in this security management Ask the Expert Q&A. |
| URL: |
|
| 12. |
Intermediate-level security certifications |
| In this security management Ask the Expert Q&A, certification specialist Shon Harris provides an overview of intermediate-level security certifications. |
| URL: |
|
| 13. |
Outsourcing: Understanding the business risks |
| In this Ask the Expert Q&A Shon Harris, our security management expert reviews business risks associated with outsourcing security jobs to developing countries and learn how security managers can reduce these risks. |
| URL: |
|
| 14. |
Security certification recommendations |
| In this Ask the Expert Q&A our security management expert recommends certifications that can help professionals transition to the information security field. |
| URL: |
|
| 15. |
How to manage a total security package |
| Learn how to manage a total security package within an organization; who is responsible for overseeing the process and what it takes to effectively fulfill one of these roles. |
| URL: |
|
| 16. |
Employee termination procedures |
|
| URL: |
|
| 17. |
Fraud risk assessment methodologies |
| In this Ask the Expert Q&A, our security management expert provides our member with a series of fraud risk assessment factors to address before a policy is created. |
| URL: |
|
| 18. |
How to properly protect and retain data |
| Improperly securing, and storing, data can lead to a plethora of problems, including productivity degradation and non-compliance. Learn how to properly protect, and retain your corporate data in this security management Ask the Expert Q&A. |
| URL: |
|
| 19. |
How to protect personal data |
| Regulations like HIPAA, GLBA and California SB 1386 have made protecting personal data much more of a priority for the security industry. Learn tools and tactics to protect your personal data in this security management Ask the Expert Q&A. |
| URL: |
|
| 20. |
How to create an enterprise-wide portal policy |
| Implementing a portal policy can protect an organization from legal woes. Learn the standards and guidelines to create an effective enterprise-wide portal policy. |
| URL: |
|
| 21. |
How to create guidelines for using removable storage devices |
| Removable storage devices often sneak past the security radar; Expert Shon Harris explains how to incorporate portable storage into your organization's security policy. |
| URL: |
|
| 22. |
How can I attain CISSP credentials? |
| Shon Harris sheds light on Associate CISSP programs and the requirements needed to become CISSP-certified. |
| URL: |
|
| 23. |
What are the top five high risk areas in a network operations environment? |
| Although continuity plans, encryptions, and change controls are important security concerns within an organization, they are only some of the components that make up a successful security-integrated business program. Expert Shon Harris explains. |
| URL: |
|
| 24. |
Should an organization centralize its information security division? |
| Is your organization capable of having true information security governance? In our expert Q&A, Shon Harris reveals the ideal components of a centralized security team. |
| URL: |
|
| 25. |
Should a single security officer control both physical security and information security operations? |
| Learn if your organization is due for a CSO or CISO. In this security management Q&A, Shon Harris demonstrates when a security officer should lead the physical and information security teams. |
| URL: |
|
| 26. |
How can IT professionals bring security concerns to senior management? |
| In this expert Q&A, Shon Harris shows security professionals how to speak the language of senior management. |
| URL: |
|
| 27. |
How to get management interested in an information security program |
| When it comes to firing up an information security program, are your execs sitting on their hands? In this expert Q&A, security management pro Shon Harris reveals how to speak the language of senior management. |
| URL: |
|
| 28. |
How can a call center achieve compliance with ISO 27001? |
| Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris explains the framework and how it can identify and address an organization's security risks. |
| URL: |
|
| 29. |
How is ISO 17799 different from SAS 70? |
| In today's security world, it's hard to keep track of each and every management standard and auditing procedure. In this SearchSecurity.com Q&A, security management expert Shon Harris reveals the differences between ISO 17799 and SAS 70. |
| URL: |
|
| 30. |
How should security and networking groups manage the firewall? |
| When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should these responsibilities be split? In this expert Q&A, security management pro Shon Harris reveals how each group should contribute to the firewall management process. |
| URL: |
|
| 31. |
Mike Rothman |
| Mike Rothman, President and Principal Analyst of Security Incite, was a former security management expert for SearchSecurity.com. Mike Rothman is no longer answering questions on the site. |
| URL: |
|
| 32. |
How can a CSO take ownership of a security program? |
| CSOs may be in charge of their security programs, but they don't work alone. In this SearchSecurity.com Q&A, security management expert Mike Rothman describes how protecting data and systems is a collaborative effort. |
| URL: |
|
| 33. |
Can one catalog map to multiple compliance standards? |
| Can one sole resource be used to map security controls to a mass of different compliance regulations? In this SearchSecurity.com Q&A, Mike Rothman discusses the possibilities. |
| URL: |
|
| 34. |
Can companies benefit by providing root access? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman reveals that root access, although dangerous, can be helpful when regulated. |
| URL: |
|
| 35. |
What's the difference between CompTIA and CISSP certifications? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the difference between security certifications, and how much influence, if any, these credentials hold in the field. |
| URL: |
|
| 36. |
Is the Sarbanes-Oxley Act being enforced? |
| What actions are being taken to enforce the Sarbanes-Oxley Act? In this SearchSecurity.com Q&A, Mike Rothman discusses the regulations and precautions needed to ensure company compliance. |
| URL: |
|
| 37. |
What are the best security practices to consider when developing a corporate blog? |
| Creating a corporate blog can sensitize your corporation to attacks or information theft. In this SearchSecurity.com Q&A, security expert Mike Rothman unveils the best practices to consider when developing a blog for your enterprise. |
| URL: |
|
| 38. |
What policies will prevent employees from leaking sensitive data? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman outlines the necessary policies and procedures that corporations should enforce to protect customer information, prevent data leakage and comply with employee privacy rights. |
| URL: |
|
| 39. |
Can watching online videos present enterprise security risks? |
| In this SearchSecurity.com Q&A, security expert Mike Rothman unveils what security risks, if any, are presented by Internet video and radio. |
| URL: |
|
| 40. |
How can a CSO determine if a company has a data security problem? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman examines certain areas that a CSO should focus on, such as internal policy documents and penetration test results, to determine if a corporation has a data security breach problem. |
| URL: |
|
| 41. |
What are the pros and cons of using an email encryption gateway? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage. |
| URL: |
|
| 42. |
What is the best organizational model for an IT security staff? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman unveils the essential policies, procedures and job functions that contribute to the successful functionality of an IT security staff. |
| URL: |
|
| 43. |
Strategies for landing a security management position |
| In this SearchSecurity.com Q&A, identity management and access control expert Mike Rothman unveils the best practices for landing a role in the security management field. |
| URL: |
|
| 44. |
What is the difference between a SAS 70 Level 1 and Level 2 audit? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman highlights the differences between an SAS 70 Level 1 audit and a Level 2 audit. |
| URL: |
|
| 45. |
Should all members of a security staff be involved in the risk assessment process? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses risk assessment for an enterprise, and explains how all members of the senior security staff should be involved in the process. |
| URL: |
|
| 46. |
Best practices for implementing a retention policy |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses best practices for implementing a successful retention policy within an enterprise. |
| URL: |
|
| 47. |
Defining your security certification objective |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses which security certifications, such as CISSP and CISA, comply with specific objectives. |
| URL: |
|
| 48. |
How to prevent audit-logging system from storing passwords? |
| In this SearchSecurity.com Q&A, security pro Mike Rothman discusses several ways to prevent your audit systems from storing passwords or other personal information. |
| URL: |
|
| 49. |
How to migrate from SAS 70 to ISO 27001 |
| In this SearchSecurity.com Q&A, security management pro Mike Rothman discusses the differences between SAS70 and ISO 27001 certifications, and offers advice on how to migrate from one to the other. |
| URL: |
|
| 50. |
Should ISO 17799 play a role in risk assessment? |
| In this SearchSecurity.com Q&A, security pro Mike Rothman offers advice on the best risk assessment procedures, and discusses whether or not ISO 17799 should be involved in the process. |
| URL: |
|
| 51. |
Are senior level executives a target for social engineering attacks? |
| In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses why senior level executives are a target for social engineering attacks, and unveils how to increase security awareness among them. |
| URL: |
|
| 52. |
Should PCI DSS auditors be subjective? |
| In this expert Q&A, security pro Mike Rothman discusses whether or not a PCI DSS audit should be subjective. |
| URL: |
|
| 53. |
What are the proper procedures for handling a potential insider threat? |
| In this SearchSecuity.com Q&A, Mike Rothman discusses how corporations can avoid insider threats by forming an incident response plan and monitoring employee behavior. |
| URL: |
|
| 54. |
Can a vendor be convinced to add security to its application development process? |
| In this expert response, security management pro Mike Rothman unveils several ways in which organizations can influence vendors to make security a bigger priority in the application development life cycle. |
| URL: |
|
| 55. |
Is encrypting cookies a PCI DSS requirement? |
| Security management expert Mike Rothman discusses whether or not storing sensitive information in the form of a cookie is considered a violation of PCI DSS. |
| URL: |
|
| 56. |
What types of software can help a company perform a security risk assessment? |
| Security management expert Mike Rothman unveils what kind of software is on the market to help assist a company in the risk assessment process. |
| URL: |
|
| 57. |
Protecting consumer data with a fraud and risk assessment policy |
| In this Q&A, Mike Rothman discusses the risk assessment policies that merchants should practice when handling consumer bank cards. |
| URL: |
|
| 58. |
How can I get my CISSP certification? |
| In this SearchSecurity.com expert answer, Mike Rothman unveils how to get on the right track to achieving a CISSP certification. |
| URL: |
|
| 59. |
What are the security risks of a corporate divestiture? |
| Security management expert Mike Rothman discusses the data protection issues involved with a corporate divestiture . |
| URL: |
|
| 60. |
Industry experience vs. security certification credentials |
| In this Q&A, security expert Mike Rothman explains why solid industry experience can be more valuable then security certification credentials, such as CISSP. |
| URL: |
|
| 61. |
Who is responsible for handling security program development in an IT infrastructure? |
| Security management expert Mike Rothman discusses the roles and responsibilities of those involved in IT security program development. |
| URL: |
|
| 62. |
How can a corporation assess the costs of whole-disk encryption? |
| Security management pro Mike Rothman explains how an enterprise can estimate the costs of implementing whole-disk encryption. |
| URL: |
|
| 63. |
Is it a violation of HIPAA to collect consumer Social Security numbers? |
| In this expert response, Mike Rothman discusses if collecting consumer SSNs is a HIPAA violation, and unveils how to handle employees that disregard corporate policies. |
| URL: |
|
| 64. |
Will an off-site employee exit procedure violate HIPAA regulations? |
| In this expert response, Mike Rothman discusses if it is a HIPAA violation to discuss clients or handle business matters in a public environment. |
| URL: |
|
| 65. |
What is the best way to comply with PCI DSS requirements 9 and 10? |
| Security management expert Mike Rothman unveils how corporations can get compliant with PCI DSS guidelines, specifically requirements 9 and 10. |
| URL: |
|
| 66. |
Getting your career in infrastructure security started |
| Security management expert Mike Rothman offers advice on how to move up or get involved in the infrastructure security job market. |
| URL: |
|
| 67. |
Are there any references that discuss the cost of PCI DSS compliance? |
| Security expert Mike Rothman discusses the expenses related to complying with PCI DSS. |
| URL: |
|
| 68. |
What Web security initiatives can be taken on a college campus? |
| Security management expert Mike Rothman breaks down the topic of Web security, highlighting certain important areas. |
| URL: |
|
| 69. |
Is it against HIPAA regulations to display client names? |
| Security management expert Mike Rothman discusses the terms of HIPAA, specifically if it is a violation of the act to publicly display client names. |
| URL: |
|
| 70. |
Getting started on a career in penetration testing |
| In this expert response, Mike Rothman offers insight on how to start a career in penetration testing. |
| URL: |
|
| 71. |
Are there security management products that can track compliance objectives? |
| Mike Rothman discusses the products available for tracking your corporation's compliance objectives. |
| URL: |
|
| 72. |
What is the best way to administer exams to students via computer? |
| Security pro Mike Rothman discuses the risks associated with implementing computer examinations and offers tips on the best ways to securely offer these types of tests. |
| URL: |
|
| 73. |
How do ISO 17799 and SAS 70 differ? |
| ISO 17799 and SAS 70 are two different policies that help organizations achieve compliance best practices. In this Q&A, Mike Rothman defines the policies and unveils the their differences. |
| URL: |
|
| 74. |
Has FFIEC made any VoIP-specific mandates? |
| Mike Rothman discusses the FFIEC risk management program and explains what FFIEC considerations should be made when using VoIP. |
| URL: |
|
| 75. |
Two-tier distributed systems vs. three-tier distributed systems |
| Mike Rothman discusses the pros and cons of using two-tier distribution systems vs. thee-tier distributed systems. |
| URL: |
|
| 76. |
How to prevent software piracy |
| Security management pro Mike Rothman discusses several ways organizations can prevent software piracy and protect their intellectual property. |
| URL: |
|
| 77. |
Is it against HIPAA regulations to permanently store sensitive information? |
| Security management expert Mike Rothman examines if it is against HIPAA guidelines to store consumer information permanently. |
| URL: |
|
| 78. |
Will a Security+ certification be useful for aspiring security analysts? |
| When breaking into the world of corporate security, a Security+ certification is one of many credentials that may be helpful. Mike Rothman explains. |
| URL: |
|
| 79. |
How can birth certificate fraud and passport fraud be prevented? |
| Best practices for preventing birth certificate and passport fraud from expert Mike Rothman. |
| URL: |
|
| 80. |
Why are there still various independent credit card security standards? |
| PCI DSS has become the well-known information security standard for credit cards, but vendors can still have different approaches to card data security. |
| URL: |
|
| 81. |
What are the roles of a liaison officer? |
| Security incident response is one of the main duties of a liaison officer. Security management expert Mike Rothman explains. |
| URL: |
|
| 82. |
How are the PCI DSS deadline extensions affecting corporations' desire to become compliant? |
| Becoming PCI DSS compliant is hard work for financial institutions, but will deadline extensions help? |
| URL: |
|
| 83. |
What are the security job prospects for someone without a certification? |
| Is it possible to get a job in the security world without a certification? What sort of training is necessary? Expert Mike Rothman explains what matters and what doesn't. |
| URL: |
|
| 84. |
What can be done to block adult images in search engine results? |
| What steps can be taken to ensure that children cannot access pornographic images through Google on their school's internet connection? Mike Rothman explains the options and the inherent difficulties. |
| URL: |
|
| 85. |
Finding lost notebooks with 'LoJack for laptops' |
| LoJack software can be helpful in retrieving stolen laptops, but there may be a better way. Security management expert Mike Rothman explains the pros and cons. |
| URL: |
|
| 86. |
How would you define the responsibilities of a data custodian in a bank? |
| Data security is incredibly important for financial institutions, and it's the data custodian's job to make sure that data is safe. Security management expert Mike Rothman explains more. |
| URL: |
|
| 87. |
Does SOX provision email archiving? |
| Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. |
| URL: |
|
| 88. |
What are the possible benefits of microchip implants and RFID tags for employees? |
| Though it may seem like a good idea to mark employees in high risk areas with implants or RFID tags, there are some serious security concerns to take into account. |
| URL: |
|
| 89. |
Is it necessary to grant a full administrative privileges to a security administrator? |
| Outsourcing security management can save time and money -- with the right security administrator. Learn how to manage security privileges to keep systems safe. |
| URL: |
|
| 90. |
How can organizations secure implanted microchips and RFID tags? |
| RFID tages and implanted microchips provide excellent tracking technolgies, but what security risks do they involve? Security management expert Mike Rothman weighs in. |
| URL: |
|
| 91. |
Getting business units to contribute to an information security policy |
| Getting all business units on board when putting together an information security policy is very important. Get tips on creating solidarity from security management expert Mike Rothman. |
| URL: |
|
| 92. |
How would you meet PCI requirement 2.3 when it comes to terminal service or RDP sessions? |
| What's the best way to comply with PCI DSS without having to create a secure IPsec tunnel with every connection to critical systems? Security management expert Mike Rothman gives his advice. |
| URL: |
|
| 93. |
What criteria should I look for in a service provider to help my government agency comply with FISMA? |
| In order to fully protect the agency's information, there must first be a security officer. Security managment expert Mike Rothman gives his advice on the FISMA compliance process. |
| URL: |
|
| 94. |
What's the best way to get started mapping business processes to security frameworks? |
| Consolidating effort by mapping security controls to business frameworks is a great way to save time. But how implementable is it? |
| URL: |
|
| 95. |
Is it worthwhile for an organization to invest in HIPAA compliance? |
| Though it seems like HIPAA is not being very well monitored or enforced, compliance (and the security controls implied by compliance) are still necessary. Security management expert Mike Rothman weighs in. |
| URL: |
|
| 96. |
What are the best business practices for Unix audit settings? |
| Can Unix syslogs meet all the demands of regulatory requirements like SOX, HIPAA, GLBA and PCI DSS? Security management expert Mike Rothman gives advice. |
| URL: |
|
| 97. |
Is it against HIPAA regulations to print SSNs on an insurance card? |
| HIPPA regulations madate that patient data be kept secure, but how does that apply to Social Security numbers? Security management expert Mike Rothman gives advice. |
| URL: |
|
| 98. |
My computer's serial number was reported stolen. Will I face legal repercussions? |
| Finding out that a laptop purchased from a computer retailer has a stolen serial number is not an every day occurence, but what is the likelihood of facing criminal charges in such a case? |
| URL: |
|
| 99. |
I am concerned that a former employee will utilize corporate information in a malicious way. |
| Scenario: A former employee may still have classified enterprise information that she or he may use to hack the enterprise's system. What steps should be taken to insure the information's security? |
| URL: |
|
| 100. |
Any recommendations for recruiting information security pros? |
| Finding qualified information security pros is a tough job because security certifications don't necessarily mean competence. So what makes the difference between a security pro and a security amateur? Security management expert Mike Rothman weighs in. |
| URL: |
|
| 101. |
How does information security prevent fraud in the enterprise? |
| When an enterprise is worried about fraud, where does the information security team step in? Security management expert Mike Rothman explains the role information security plays in enterprise fraud-prevention activities. |
| URL: |
|
| 102. |
Would you recommend SANS Institute security training? |
| Depending on what specific goals an infosec pro is trying to accomplish, SANS training may or may not be the swiftest route. Security management expert Mike Rothman gives his advice on when it's a good idea to go for the training. |
| URL: |
|
| 103. |
Is the Orange Book still relevant for assessing security controls? |
| Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluation that replaced it. |
| URL: |
|
| 104. |
What certificate offers the best ROI for an IT project manager? |
| When going for an IT security certification, it's important to know that there will be a worthwhile ROI. So which certificates are most lucrative? Security management expert Mike Rothman weighs in. |
| URL: |
|
| 105. |
Differences between an SAS 70 data center and a Tier III data center |
| Learn what the difference is between an SAS 70 data center and a Tier III data center and the strengths and weaknesses of each in this response from security management expert Mike Rothman. |
| URL: |
|
| 106. |
How can a Certified Ethical Hacker become a line penetration tester? |
| When making the career move from Certified Ethical Hacker to a line penetration tester, what is the first step? Security management expert Mike Rothman gives his advice. |
| URL: |
|
| 107. |
Is it important to hold fraud-training sessions during a fraud-risk analysis? |
| When conducting a fraud-risk analysis, how important is it to educate employees with fraud-training sessions? Security management expert Mike Rothman explains the best way to proceed. |
| URL: |
|
| 108. |
What can be done to keep students from becoming cybercriminals? |
| When cybercriminals offer tuition payments to college students in exchange for their services, what can anyone do to intervene? Security management expert Mike Rothman suggests some strategies. |
| URL: |
|
| 109. |
How can we convince our VP that a network-based DLP makes sense? |
| Pitching data leak prevention security technology to a vice president can be tricky, but security management expert Mike Rothman gives tips on how to get funding without creating unrealistic expectations. |
| URL: |
|
| 110. |
What value do research firms provide to their subscribing enterprises? |
| What benefit do research firms provide to their subscribers, and how can subscribers get the most benefit from the research firm's analysis? Security management expert Mike Rothman weighs in. |
| URL: |
|
| 111. |
Are independent researchers out for fame? |
| According to a recent X-Force report, it seems some independent researchers may be more interested in fame than exposing security risks. But how accurate is this assessment? Security management expert Mike Rothman gives his take on the issue. |
| URL: |
|
| 112. |
Who has rights to patient information under HIPAA? |
| Under HIPAA's guidelines, it can be hard to tell who should have access to what information. So who makes the call? Security management expert Mike Rothman explains. |
| URL: |
|
| 113. |
Is there a published standard or guideline for system hardening? |
| When hardening a system, what specific standards or guidelines should information security pros adhere to? Security management expert Mike Rothman explains. |
| URL: |
|
| 114. |
What vendors would you recommend for software write-blockers? |
| In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for. |
| URL: |
|
| 115. |
What does the future of the endpoint encryption market look like? |
| Full-disk encryption may be a must-have, but where is the endpoint encryption market headed? Security management expert Mike Rothman looks at recent mergers to predict what the future may hold. |
| URL: |
|
| 116. |
During a breach, how much information should be given out? |
| A security manager's nightmare: There's been a data breach, and it's time to pick up the pieces. But to recover as quickly as possible, who needs to know what about the data breach, and when? Security management expert Mike Rothman gives advice. |
| URL: |
|
| 117. |
What are the top five concepts or lessons on security management? |
| Many security managers wish their company executives understood more about the importance of information security. Security management expert Mike Rothman lists the top five things every executive should be informed of. |
| URL: |
|
| 118. |
Best practices for managing DNS, knowing it's anything but trustworthy |
| Since the DNS cache-poisoning flaw was exposed, DNS security has come under scrutiny. Security management expert Mike Rothman explains where DNS security should live within the risk matrix. |
| URL: |
|
| 119. |
Is insider activity or outsider activity a bigger enterprise threat? |
| According to Verizon's 2008 Data Breach Investigations Report, outsider activity is much more likely to be the cause of a data breach than insider activity. Does that mean security managers are spending too much time worrying about insiders? Security management expert Mike Rothman weighs in. |
| URL: |
|
| 120. |
What are some tips on protecting my security budget in a poor economy? |
| When times are tight, the executive managers begin to cut funding across the company. What are some important steps to take to make sure the budget for information security is still enough to keep data secure? In this security management expert response, learn how to get the funding you need. |
| URL: |
|
| 121. |
Comparing cheap security products and appliances to costly appliances |
| Security appliances range widely in cost and capability, so what's the best way to decide the right appliance for your enterprise? In this security management expert response, learn how to work with vendors to get the security tools you need. |
| URL: |
|
| 122. |
How can gap analysis be applied to the security SDLC? |
| When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis into software development, and how it can help stop data leaks at your enterprise. |
| URL: |
|
| 123. |
Using a QSA to write up a PCI DSS report on compliance (ROC) |
| Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine your enterprise's level of compliance, whether to utilize a QSA and where to submit the necessary forms. |
| URL: |
|
| 124. |
What is the GISP certification and how does it compare to the CISSP certification? |
| In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about scenarios when the GISP might be appropriate and how industry-relevant it may be. |
| URL: |
|
