-
Business continuity planning standards and guidelines
An excerpt from Chapter 1: Contingency and Continuity Planning of "Business Continuity and Disaster Recovery for InfoSec Managers," by John W. Rittinghouse and James F. Ransome. Book Chapter
-
Steal this Computer Book 4.0: Prevent Google hacking
Learn how to prevent Google hacking in this excerpt from Chapter 8: Stalking the Computer of "Steal this Computer Book 4.0," by Wallace Wang. Book Chapter
-
Automating Network Compliance and Security
In this excerpt from Chapter 2 of "The Shortcut Guide to Automating Network Management and Compliance," author Don Jones discusses how networks become non-compliant, and examines how automation can positively impact security and compliance business p... Book Chapter
-
Man-in-the-middle attacks
This excerpt from Chapter 2 of "Securing Storage: A Practical Guide to SAN and NAS Security" examines how man-in-the-middle attacks affect Fibre Channel security and examines how to determine if your organization is at risk. Book Chapter
-
The Control Architecture
Security Architectural Mo
-
Storage security quiz answers
Security Quiz Answer
-
Quiz: Storage security
Regulations like SOX and the recently approved Personal Data Privacy and Security Act are bringing the importance of data protection to light. Loss of data – be it inadvertent or surreptitious -- can result in fines, loss of revenue and loss of custo... Security Quiz
-
Elements of a data protection strategy
In this excerpt from Data Protection and Lifecycle Management, Tom Petrocelli addresses the importance of securing data for regulatory compliance and outlines the five components of a data protection strategy. Book Excerpt
-
Combining technology and social engineering: Hacking behind bars
In this excerpt from Chapter 11 of "The Art of Deception: Controlling the Human Element of Security," authors Kevin Mitnick and William L. Simon begin a story that shows how social engineering can be used with technology. Reprint
-
Infosec Know IT All Trivia: Storage security
Give your mind a mini-workout with these trivia questions on storage security. Quiz
- See More: Essential Knowledge on Enterprise Data Governance
-
Cybercriminals target corporate IP, McAfee survey finds
Organizations are failing to protect corporate trade secrets, despite cybercriminals finding a corporations' proprietary information growing in value. Article | 28 Mar 2011
-
RSA SecurID breach fallout should be limited, experts say
Experts say the risk of an attack that exploits stolen proprietary data on RSA's SecurID products is low, but it can't be completely dismissed until attack details are revealed. Article | 18 Mar 2011
-
Auditors choose encryption over tokenization for data security, survey finds
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data. Article | 15 Mar 2011
-
Data loss prevention best practices start with slow, incremental rollouts
Early adopters of DLP deployments say slow, incremental rollouts help reduce the burden on IT staff and the potential for chaos among business units. Article | 28 Feb 2011
-
Midmarket financial firms grapple with internal, external security threats
Midmarket financial firms, struck hard by global economic concerns, are facing a challenging threat environment while trying to trim operational costs – a process that is putting further strain on IT security professionals. News | 14 Oct 2010
-
Check Point acquires Liquid Machines for enterprise rights management
Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) offering. Article | 10 Jun 2010
-
Creating data destruction policies to protect sensitive company data
Sensitive data may be where you least expect it: including in the drawers of old office furniture you've given away. Kevin J. Mock explains how to create a data destruction policy that can prevent sensitive data from being thrown out with the trash. Column | 29 Apr 2010
-
Analyst DLP study finds maturity, ranks top DLP vendors
A Burton Group study identified the leaders in the data leakage prevention market and found some enterprises deploying the technology to educate end users about security policies. Article | 16 Oct 2009
-
Voltage, RSA spar over tokenization, data protection
Voltage cites performance issues and the creation of a repository of cardholder data an attractive target for attackers. RSA calls Voltage's claims unfounded. Article | 02 Oct 2009
-
Twitter gets condemned by CISOs at Forrester forum
Security professionals are worried the social network could increase the threat of data leakage and cause security problems at their companies. News | 30 Sep 2009
- See More: News on Enterprise Data Governance
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security. Tip
-
NSA best practices for data security
Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security. Tip
-
How to know if you need file activity monitoring to track file access
Is file activity monitoring, a new product meant to integrate with DLP to provide more granular file access tracking, right for your enterprise? Tip
-
Internal controls checklist for corporate data protection, compliance
Expert Eric Holmquist details four key governance items that should be on every enterprise’s internal controls checklist to ensure corporate data protection. Tip
-
Data sanitization policy: How to ensure thorough data scrubbing
Could you be inadvertently leaking sensitive data via poorly sanitized devices? Learn techniques for thorough data scrubbing in this tip. Tip
-
Unmasking data masking techniques in the enterprise
Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros should endorse its use in order to keep production d... Tip
-
How to use a PDF redaction tool with a redacted document policy
It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microsoft "Track Changes" data -- can potentially lead to se... Tip
-
How to choose online data backup services for data protection
SaaS-based data backup cuts costs and management overhead, but you're not outsourcing your security responsibilities. Tip
-
How to protect distributed information flows
In a book excerpt from "The Shortcut Guide to Prioritizing Security Spending," author Dan Sullivan explains how to get a handle on enterprise data that may be moving around the globe. Tip
-
Interpreting 'risk' in the Massachusetts data protection law
After many changes, it appears that the recent Massachusetts data protection law is here to stay. Contributor David Navetta reviews the important, ambiguous places in the legislation that your legal and compliance teams must zero in on in order to av... Tip
- See More: Tips on Enterprise Data Governance
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
Automated file and registry monitoring tools for Windows
A file and registry monitoring tool like Process Monitor can help IT organizations identify suspicious behavior that may be related to a malware infection. Answer
-
How to protect intellectual property from hacker theft
More hackers are targeting corporate IP over SSNs and card data. Expert Nick Lewis explains how to protect intellectual property in the enterprise. Answer
-
Social networking best practices for preventing social network malware
Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise. Ask the Expert
-
Validating ERP system security and ERP best practices
Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices. Ask the Expert
-
DBMS security: Data warehouse advantages
Are there data warehouse advantages in regard to security? Without question. Michael Cobb explains. Ask the Expert
-
Will technologies like Vanish help create archived, unreadable data?
Self-destructing data is a nice thought, says Michael Cobb, but we're some ways off from achieving reliable document control of this kind. Ask the Expert
-
HIPAA and Social Security numbers in a hospital computer network
Learn when Social Security numbers can be used for patient identification without violating HIPAA patient confidentiality requirements. Ask the Expert
-
How to destroy data on a hard drive to comply with HIPAA regulations
Looking to destroy HIPAA data on a hard drive? Learn the best way to destroy a hard drive to comply with HIPAA regulations in this expert response from David Mortman. Ask the Expert
- See More: Expert Advice on Enterprise Data Governance
-
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of a... Word
-
data masking
Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functiona... Word
-
Google hacking (Google scanning or Engine hacking)
Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet... Word
-
snooping
Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual obse... Word
-
deperimeterization
In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication. Word
-
data splitting
Word
-
cut-and-paste attack
Word
-
masquerade
Word
-
Black Hat 2011: Database threats and mitigations
Databases have come under increased attacks in recent months from hacktivist groups and cybercriminals. Learn how to apply the appropriate security technologies to defend your database. Video
-
Forrester's advice for data governance maturity model success
Forrester Research Senior Analyst Andrew Jaquith gives advice for data governance maturity model success and why enterprises should do more than just follow a standardized set of guidelines to protect data. Video
-
How to be a Chief Information Security Officer (CISO)
If being a Chief Information Security Officer (CISO) is your dream job, this video is for you. Ernie Hayden, consultant and former CISO, gives advice on the essentials, including how to keep things running smoothly enough that you can take time off. Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Creating an enterprise data protection framework
By creating a data protection plan, security professionals are able to ensure valuable data remains under control and make more effective use of the assets within a company. Video
-
Compliance in the cloud
Rena Mears, global and U.S. privacy and data protection leader at Deloitte, discusses how cloud computing is transforming data classification and security. Video
-
Avi Rubin on e-voting, online privacy
The Johns Hopkins University professor discusses online privacy perception and reality, plus the state of electronic voting security. Video
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy. Feature
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security. Tip
-
Quiz: Network content monitoring must-haves
See if you know the essentials of network content monitoring in this SearchSecurity.com Security School quiz. Quiz
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
Automated file and registry monitoring tools for Windows
A file and registry monitoring tool like Process Monitor can help IT organizations identify suspicious behavior that may be related to a malware infection. Answer
-
NSA best practices for data security
Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security. Tip
-
How to know if you need file activity monitoring to track file access
Is file activity monitoring, a new product meant to integrate with DLP to provide more granular file access tracking, right for your enterprise? Tip
-
How to protect intellectual property from hacker theft
More hackers are targeting corporate IP over SSNs and card data. Expert Nick Lewis explains how to protect intellectual property in the enterprise. Answer
-
Black Hat 2011: Database threats and mitigations
Databases have come under increased attacks in recent months from hacktivist groups and cybercriminals. Learn how to apply the appropriate security technologies to defend your database. Video
- See More: All on Enterprise Data Governance
About Enterprise Data Governance
In this guide to enterprise data governance, get advice on how to protect your data, data backup and recovery, how to develop a data backup strategy, data backup storage and protection methods and technologies.