Security Management Strategies for the CIO
Email Alerts
-
Finding affordable encryption options for laptop data security
This month’s cover story is on useful and affordable encryption options for preventing data loss in your organization’s riskiest endpoints. Other articles in this issue cover cloud security, Symantec’s recent acquisitions, compliance management, and ... E-Zine
-
Data encryption best practices
Ever since Bank of America disclosed in 2005 that it lost a backup tape with customers’ personal data, nearly 80 other companies have reported similar embarrassing mishaps. These data breaches and new regulatory mandates are fueling the exploding int... E-Book
-
Choosing security products: DLP technology
Data loss prevention technology remains critical in preventing data leakage. In this guide, learn what to consider when evaluating DLP products. guide
-
Quiz: Demystifying data encryption
A five-question multiple-choice quiz to test your understanding of the data encryption content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Data Protection Security School. Quiz
-
Locking down database applications
In this lesson, learn how to secure database apps by building roles and privileges and monitoring access to prevent insider abuse, plus satisfy regulators by properly segregating duties and limiting application access to sensitive database data. partOfGuideSeries
-
Data encryption demystified
Five years ago, security professionals needed a deep understanding of cryptography to make encryption work. Today, thanks to advancements in "practical" cryptography, data encryption is more user-friendly, and easier to implement and manage across mu... partOfGuideSeries
-
Quiz: Storage security
Regulations like SOX and the recently approved Personal Data Privacy and Security Act are bringing the importance of data protection to light. Loss of data – be it inadvertent or surreptitious -- can result in fines, loss of revenue and loss of... Security Quiz
-
PING with Karen Worstell
The Microsoft CISO discusses how she keeps Redmond and its products secure. Information Security maga
-
Life at the edge part 3: Resistance to failure
Learn how architecture, protocol and application-level protections work together to safeguard a Web infrastructure. Security School
-
How to address SAN architecture security weaknesses
SAN technology has burst out of the data center, exposing the world to SAN architecture security weaknesses. Feature
-
Certain Cisco IOS, IOS XE devices susceptible to brute-force attacks
Cisco has issued a security advisory after Hashcat researchers disclosed a password flaw in IOS and IOS XE devices that enable brute-force attacks. News | 20 Mar 2013
-
Dell acquires Credant Technologies for device encryption
Dell said the addition of Credant bolsters its data protection strategy by adding encryption capabilities for laptops and mobile devices. News | 19 Dec 2012
-
NASA to deploy whole-disk encryption following breach
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted. News | 15 Nov 2012
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server. News | 30 Jul 2012
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration. News | 02 May 2012
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications. News | 25 Oct 2011
-
PCI Council issues point-to-point encryption validation requirements
A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules. News | 16 Sep 2011
-
Auditors choose encryption over tokenization for data security, survey finds
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data. Article | 15 Mar 2011
-
PCI encryption requirements driving widespread adoption, survey finds
Encryption has become generally accepted in the industry, said Larry Ponemon, founder of the Ponemon Institute LLC. Article | 16 Nov 2010
-
PCI encryption: PCI Council calls point-to-point encryption immature
The PCI Council's latest guidance document for point-to-point encryption calls the market for the technology too immature and warns merchants that vendor lock-in could be a problem. Article | 13 Oct 2010
- See more News on Disk Encryption and File Encryption
-
Gary McGraw: NSA data collection programs demand discussion, scrutiny
Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny. Opinion
-
TPM security overview: Defining the benefits of TPM devices
The nearly ubiquitous TPM device is an often-overlooked tool in an infosec pro's arsenal. Expert Michael Cobb details the benefits of TPM security. Tip
-
DLP management tools and reporting: Key considerations
When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key. Tip
-
With DLP, encryption and integration strengthen security policies
Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions. Tip
-
Using DLP tools for data leakage alerting and preventive actions
When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking. Tip
-
DLP monitoring: Defining policies to monitor data
DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take. Tip
-
Effective DLP products need data discovery and data fingerprinting
Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter. Tip
-
NIST picks Keccak: How enterprises can prepare for the SHA-3 algorithm
Expert Michael Cobb digs into Keccak, the winner of NIST's SHA-3 algorithm competition, to guide infosec teams on how to prepare for its arrival. Tip
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
-
P2P encryption: Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons. Tip
-
Analysis: PCI Tokenization Guidelines offer clarity, but questions remain
Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear. Tip
- See more Tips on Disk Encryption and File Encryption
-
RC4 attack details: Can the RC4 encryption algorithm protect SSL/TLS?
Expert Michael Cobb provides background on the RC4 encryption algorithm and determines whether a recent RC4 attack signals trouble for SSL/TLS users. Answer
-
Enterprise app store encryption: Lessons to learn from Apple
After the Apple App Store's security mishap, expert Michael Cobb details the minimum enterprise app store encryption requirements. Answer
-
How to protect data from ransomware malware
It can be difficult to recover data that is encrypted by ransomware malware -- unless you have expert Nick Lewis' recommendations in place. Answer
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint. Answer
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems. Answer
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Symmetric key encryption algorithms and hash function cryptography united
Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques. Answer
-
How MAC and HMAC use hash function encryption for authentication
Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
- See more Expert Advice on Disk Encryption and File Encryption
-
cold boot attack
A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system. Definition
-
evil maid attack
An evil maid attack is a security exploit that targets a computing device that has been shut down and left unattended. An evil maid attack is characterized by the attacker's ability to physically access the target multiple times without the owner's ... Definition
-
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Homomorphic encryptions allow complex mathematical operations to be performed on encrypted data without c... Definition
-
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies and, as a likely consequence, may eventually become the de facto encryption standard for commercial transac... Definition
-
Twofish
Twofish is an encryption algorithm based on an earlier algorithm, Blowfish, and was a finalist for a NIST Advanced Encryption Standard (AES) algorithm to replace the DES algorithm. Definition
-
network encryption (network layer or network level encryption)
Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer - above the data link level, but below the application level. Definition
-
Escrowed Encryption Standard (EES)
The Escrowed Encryption Standard (EES) is a standard for encrypted communications that was approved by the U.S. Department of Commerce in 1994 and is better known by the name of an implementation called the Clipper chip. Definition
-
Encrypting File System (EFS)
The Encrypting File System (EFS) is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. Definition
-
data key
In cryptography, a data key is a key (a variable value that is applied to a string or block of text to encrypt or decrypt it) that is used to encrypt or decrypt data only and is not used to encrypt or decrypt other keys, as some encryption formulas c... Definition
-
Rijndael
Rijndael (pronounced rain-dahl) is the algorithm that has been selected by the U.S. National Institute of Standards and Technology (NIST) as the candidate for the Advanced Encryption Standard (AES). Definition
- See more Definitions on Disk Encryption and File Encryption
-
PCI encryption, virtualization standards: Interpreting PCI guidelines
Get expert advice on understanding the PCI encryption requirements and virtualization guidance in this video. Video
-
Enterprise encryption strategy: The path to simple data encryption
This primer on enterprise encryption strategy covers use cases for various devices and data types, and offers strategies for simple data encryption. Video
-
Realign your data protection strategy efforts
In this video, learn what you need to do to realign your strategic focus to counter new threats by first understanding what’s important to your business. Video
-
Bruce Schneier on cryptography and government information security
Author and leading security expertBruce Schneier digs into the topics of the current state of cryptography and whether or not companies should care about the U.S. government's release of portions of the CNCI. Video
-
Curveball: Endpoint encryption strategies
When a laptop turns up stolen, it's reassuring to know that the contents of the device were encrypted, transforming a potentially disastrous data breach into a simple case of missing hardware. In this podcast we look at the issues surrounding the use... Podcast
-
Cryptography for the rest of us
In this video, learn cryptography techniques for your enterprise that comply with regulatory and legal requirements, as well as what you need to understand before buying or building cryptography solutions. Video
-
Fact or fiction: Pros and cons of database encryption
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ne... Podcast
-
Video: Data encryption techniques and methods for protecting data
In this screencast, which is a part of our SearchSecurity.com Data Protection Security School lesson, you will about the different data encryption techniques and methods for protecting data as well as how to implement data encryption at your enterpri... Video
-
RC4 attack details: Can the RC4 encryption algorithm protect SSL/TLS?
Expert Michael Cobb provides background on the RC4 encryption algorithm and determines whether a recent RC4 attack signals trouble for SSL/TLS users. Answer
-
TPM security overview: Defining the benefits of TPM devices
The nearly ubiquitous TPM device is an often-overlooked tool in an infosec pro's arsenal. Expert Michael Cobb details the benefits of TPM security. Tip
-
Enterprise app store encryption: Lessons to learn from Apple
After the Apple App Store's security mishap, expert Michael Cobb details the minimum enterprise app store encryption requirements. Answer
-
cold boot attack
A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system. Definition
-
How to protect data from ransomware malware
It can be difficult to recover data that is encrypted by ransomware malware -- unless you have expert Nick Lewis' recommendations in place. Answer
-
evil maid attack
An evil maid attack is a security exploit that targets a computing device that has been shut down and left unattended. An evil maid attack is characterized by the attacker's ability to physically access the target multiple times without the owner's ... Definition
-
Gary McGraw: NSA data collection programs demand discussion, scrutiny
Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny. Opinion
-
DLP management tools and reporting: Key considerations
When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key. Tip
-
With DLP, encryption and integration strengthen security policies
Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions. Tip
-
Using DLP tools for data leakage alerting and preventive actions
When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking. Tip
- See more All on Disk Encryption and File Encryption
About Disk Encryption and File Encryption
Encrypting data at rest, whether at the file level or the disk level, can be a valuable tactic in the fight against hackers. Get advice on how to secure your organization's data with full, hard and whole disk encryption, and how to encrypt files with file encryption tools and software.