Security Management Strategies for the CIO
Email Alerts
-
Choosing security products: Enterprise antimalware software, appliances
guide
-
Best Messaging Security Products 2011
Readers vote on the best antispam, antiphishing, email antivirus and antimalware filtering, software and appliance products, as well as hosted "in-the-cloud" email security services. Guide
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Email security test: Basics and threats
Test your knowledge of email security essentials with this fifteen-question quiz from Joel Snyder. Quiz
-
Microsoft Exchange Server Security: Spam protection and recovery
This lesson will explain how to protect your Exchange 2003 environment today from spam, malware and Web-based attacks, and what to anticipate from the new features coming in Exchange Server 2007. Messaging Security School
-
Messaging Security School
SearchSecurity.com's Messaging Security School has brought together some of the most knowledgeable experts in the messaging security field to offer you personal instruction on how to secure the information handled by your organization's knowledge wor... Security School
-
Information Security Quizzes
Test your knowledge of everything security, from network security to regulatory compliance, with our collection of quizzes. Security Quiz
-
OpenPGP and email: Email from beyond your Web of trust
Examine how OpenPGP works and how to confirm that the person you are communicating with over email is not legitimate, in this Chapter 8 excerpt from "PGP & GPG: Email for the Practical Paranoid," by Michael W. Lucas. Book Chapter
-
PING: William Pelgrin
A mock phishing exercise against 10,000 state employees conducted by the director of New York's Office of Cyber Security and Critical Infrastructure Coordination provided a measure of user awareness. Information Security maga
-
E-mail Security School Final Exam Answers
Security Quiz Answer
- See more Essential Knowledge on Email Security Guidelines, Encryption and Appliances
-
Petraeus scandal holds lessons in email security policy, e-discovery
Mixing business and personal email accounts has serious drawbacks, as well as consequences on IT teams managing data integrity. News | 26 Nov 2012
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server. News | 30 Jul 2012
-
RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year. News | 28 Feb 2012
-
New Epsilon CISO to expand security team, assess security practices
Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps. News | 25 Jan 2012
-
Voltage upgrades SecureMail with email security policy enhancements
Voltage announced SecureMail v4 to make email security management easier for the user, including support for Microsoft Exchange and BlackBerry devices. Article | 15 Feb 2011
-
NSA cryptography expert says focus on people, not technology
A prominent encryption expert at the annual cryptographer's panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors. Article | 15 Feb 2011
-
Microsoft Outlook 2007 update caused email authentication issues
Microsoft has pulled a non-security update to Outlook 2007 after customers complained of connection and performance issues when the automatic update was applied to company machines. Article | 21 Dec 2010
-
St. Bernard Software acquires Red Condor
Web security provider St. Bernard Software said Wednesday that it acquired managed email security supplier Red Condor. News | 04 Aug 2010
-
Industry groups partner with email security service provider
FS-ISAC and BITS aim to combat phishing by making eCert's email certification service available to their memberships. Article | 10 Jun 2010
-
Piper Jaffray fined for email retention violations
FINRA fines investment firm $700,000 for email retention failures over six-year period. Article | 24 May 2010
- See more News on Email Security Guidelines, Encryption and Appliances
-
Using DMARC to improve DKIM and SPF email antispam effectiveness
DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how. Tip
-
Too many encryption methods make secure communications difficult
Financial-services firms looking to use encryption for secure communications with business partners can run into many complications because of all the encryption systems and standards. In this tip, Randall Gamby explains the various components that m... Tip
-
Strategies for email archiving and meeting compliance regulations
According to a recent study, 29% of surveyed IT professionals archive their email for compliance reasons. Michael Cobb reviews compliance regulations that demand email archiving and how such products can ease some of the pain that comes with the proc... Tip
-
Enigmail: Wrapping email in a digital security blanket
In this tip, contributor Scott Sidel examines Enigmail, a Mozilla Thunderbird add-on that makes email security esay for security pros. Tip
-
Email authentication showdown: IP-based vs. signature-based
Email has long been a favorite method for malicious hackers looking to launch attacks, and one of the first steps in defending against vicious email threats lies in developing a strong email authentication strategy. In this tip, contributor Noah Schi... Tip
-
Outbound content filtering requires products and processes
Expensive and damaging corporate data breaches often happen because sensitive information silently leaks out the door with unknowing employees or malicious hackers. But as Mike Rothman explains, those cracks can be patched with an outbound content fi... Tip
-
Unified communications infrastructure threats and defense strategies
Unified communications systems promise exciting productivity gains for workers and cost savings for businesses, but many often underestimate the security threats facing them. John Burke outlines the threats facing unified communications and how to de... Tip
-
ClamAV clamps down on e-mail security
In this monthly Downloads column, contributing editor Scott Sidel examines Clam AntiVirus, an open source antivirus toolkit for Unix, specializing in email scanning on mail gateways. Tip
-
Using steganography for securing data, not concealing it
Steganography is a useful technique for securely storing sensitive data, but the difficulty in detecting its usage can create an opportunity for digital miscreants. Michael Cobb explains how to ensure the practice isn't used maliciously. Tip
-
Microsoft Outlook security workaround for administrators and developers
Serdar Yegulalp explains Outlook Redemption and how the program maneuvers around Microsoft Outlook's security limitations. Tip
- See more Tips on Email Security Guidelines, Encryption and Appliances
-
Can DomainKeys Identified Mail still be used for email authentication?
Expert Nick Lewis determines whether the DomainKeys Identified Mail protocol can still be safely relied upon for email authentication. Answer
-
Exchange Server administration policy: Managing privileged user access
Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy. Answer
-
Hop-by-hop encryption: A safe enterprise email encryption option?
Learn how hop-by-hop encryption gives enterprises the opportunity to send encrypted emails to large amounts of employees without a digital signature for each email from expert Michael Cobb. Answer
-
Learn how to utilize a free spam-filtering service for your SMB
Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise. Answer
-
Diffie-Hellman vs. RSA: Comparing key exchange algorithms
See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown from expert Michael Cobb. Answer
-
Google 'Gchat' security and Internet application security best practices
Users in the enterprise may unknowingly be exposed to 'Gchat' security risks. Expert Michael Cobb discusses Internet application security best practices that can help protect enterprise users. Ask the Expert
-
How to keep messages secure with an email digital certificate
Using an email digital certificate can help protect important information from being read by anyone except the intended recipient. Ask the Expert
-
Preventing unauthorized email issues from hindering an organization
In this expert response, find out how to prevent your organization from sending out unauthorized emails. Ask the Expert
-
Is messaging in symmetric encryption better than PGP email security?
Is symmetric encryption or PGP the more reliably secure way to send email? Learn more in this expert response from Randall Gamby. Ask the Expert
-
Digital signature implementation: How to verify email addresses
When implementing digital signatures in Outlook, learn what pitfalls to avoid and how to verify the email addresses and digital signatures of the senders. Ask the Expert
- See more Expert Advice on Email Security Guidelines, Encryption and Appliances
-
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies and, as a likely consequence, may eventually become the de facto encryption standard for commercial transac... Definition
-
Twofish
Twofish is an encryption algorithm based on an earlier algorithm, Blowfish, and was a finalist for a NIST Advanced Encryption Standard (AES) algorithm to replace the DES algorithm. Definition
-
Defense Message System (DMS)
The Defense Message System (DMS) is a secure X.400-based e-mail system developed by the United States government in conjunction with industry partners to ensure safety for critical operations. Definition
-
data encryption/decryption IC
A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data... Definition
-
asymmetric cryptography (public-key cryptography)
Asymmetric cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a network user requests a public and private key pair. A user who wants to send an encrypted message can... Definition
-
passphrase
A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a mes... Definition
-
ciphertext
Ciphertext is encrypted text. Definition
-
cipher block chaining (CBC)
Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Definition
-
challenge-response system
A challenge-response system is a program that replies to an e-mail message from an unknown sender by subjecting the sender to a test (called a CAPTCHA) designed to differentiate humans from automated senders. Definition
-
cut-and-paste attack
A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed. Definition
- See more Definitions on Email Security Guidelines, Encryption and Appliances
-
Enterprise encryption strategy: The path to simple data encryption
This primer on enterprise encryption strategy covers use cases for various devices and data types, and offers strategies for simple data encryption. Video
-
Podcast: Exchange security -- A quick primer
Today's complex Exchange environments are costly and difficult to protect and secure from threats like spam, spyware, malware and viruses. This 12-minute expert podcast features a summary of the key issues pertaining to the security of Microsoft Exch... Podcast
-
Podcast: Fact or fiction -- The future of email attacks
What will the future hold regarding email attacks? In this expert podcast, Tom Bowers will confirm or debunk a number of common beliefs about what's coming next. Podcast
-
Choosing security products: Enterprise antimalware software, appliances
guide
-
Can DomainKeys Identified Mail still be used for email authentication?
Expert Nick Lewis determines whether the DomainKeys Identified Mail protocol can still be safely relied upon for email authentication. Answer
-
Petraeus scandal holds lessons in email security policy, e-discovery
Mixing business and personal email accounts has serious drawbacks, as well as consequences on IT teams managing data integrity. News
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server. News
-
Using DMARC to improve DKIM and SPF email antispam effectiveness
DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how. Tip
-
RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year. News
-
New Epsilon CISO to expand security team, assess security practices
Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps. News
-
Exchange Server administration policy: Managing privileged user access
Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy. Answer
-
Best Messaging Security Products 2011
Readers vote on the best antispam, antiphishing, email antivirus and antimalware filtering, software and appliance products, as well as hosted "in-the-cloud" email security services. Guide
-
Hop-by-hop encryption: A safe enterprise email encryption option?
Learn how hop-by-hop encryption gives enterprises the opportunity to send encrypted emails to large amounts of employees without a digital signature for each email from expert Michael Cobb. Answer
- See more All on Email Security Guidelines, Encryption and Appliances
About Email Security Guidelines, Encryption and Appliances
Build an email security strategy and policy and get tips on security guidelines. Learn about email encryption (SMIME and PGP), appliances, authentication, software, filtering and antispam and antivirus.