Security Management Strategies for the CIO
Email Alerts
-
Quiz: DLP deployments: Understanding your options
This five-question quiz will test your knowledge of the key points we’ve covered in the webcast, podcast and tip in this DLP deployment Security School Lesson by Kevin Beaver. Quiz
-
Data breach prevention strategies
This Security School lesson will establish a baseline data breach prevention strategy every enterprise should have in place. You learn about the importance of a risk assessment and defining and prioritizing potential threats based on your organizatio... partOfGuideSeries
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy. Feature
-
Quiz: Network content monitoring must-haves
See if you know the essentials of network content monitoring in this SearchSecurity.com Security School quiz. Quiz
-
Deperimeterization changing today's security practices
Royal Holloway authors explain how basic deperimeterization principles can ensure that security does not suffer when traditional boundaries are eroded. Royal Holloway eBook Seri
-
Quiz: Data loss prevention
Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material. Quiz
-
Quiz: E-discovery and security in the enterprise
Take this five-question quiz to evaluate your knowledge of the e-discovery material presented in this Data Protection Security School lesson. Quiz
-
The Craft of System Security
In this Chapter 16 excerpt from, The Craft of System Security, authors Sean Smith and John Marchesini explain how an adversary can extract data from a device -- even after it has been 'erased.' Book Chapter
-
Quiz: Executing a data governance strategy
A five-question multiple-choice quiz to test your understanding of the content presented by expert Russell L. Jones in this lesson of SearchSecurity.com's Data Protection Security School. Quiz
-
Quiz: Enterprise strategies for protecting data at rest
A five-question multiple-choice quiz to test your understanding of the e-discovery content presented by expert Perry Carpenter in this lesson of SearchSecurity.com's Data Protection Security School. Quiz
- See more Essential Knowledge on Enterprise Data Governance
-
For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles. News | 09 Apr 2013
-
Data privacy issues present new data governance challenges
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage. News | 17 Sep 2012
-
Organizations have poor digital document security, survey reveals
At study by the Ponemon Institute shows 63% of organizations do not fully secure confidential documents. News | 03 Aug 2012
-
Cybercriminals target corporate IP, McAfee survey finds
Organizations are failing to protect corporate trade secrets, despite cybercriminals finding a corporations' proprietary information growing in value. Article | 28 Mar 2011
-
RSA SecurID breach fallout should be limited, experts say
Experts say the risk of an attack that exploits stolen proprietary data on RSA's SecurID products is low, but it can't be completely dismissed until attack details are revealed. Article | 18 Mar 2011
-
Auditors choose encryption over tokenization for data security, survey finds
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data. Article | 15 Mar 2011
-
Data loss prevention best practices start with slow, incremental rollouts
Early adopters of DLP deployments say slow, incremental rollouts help reduce the burden on IT staff and the potential for chaos among business units. Article | 28 Feb 2011
-
Midmarket financial firms grapple with internal, external security threats
Midmarket financial firms, struck hard by global economic concerns, are facing a challenging threat environment while trying to trim operational costs – a process that is putting further strain on IT security professionals. News | 14 Oct 2010
-
Check Point acquires Liquid Machines for enterprise rights management
Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) offering. Article | 10 Jun 2010
-
Creating data destruction policies to protect sensitive company data
Sensitive data may be where you least expect it: including in the drawers of old office furniture you've given away. Kevin J. Mock explains how to create a data destruction policy that can prevent sensitive data from being thrown out with the trash. Column | 29 Apr 2010
- See more News on Enterprise Data Governance
-
Gary McGraw: NSA data collection programs demand discussion, scrutiny
Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny. Opinion
-
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats. Column
-
No firewall? How disabling the firewall can improve network security
Having no perimeter firewall may seem ludicrous, but Joel Snyder explains why disabling the firewall can actually improve enterprise network security. Tip
-
Logging in the cloud: Assessing the options and key considerations
Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises. Tip
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
-
Comparing enterprise data anonymization techniques
Compare data anonymization techniques including encryption, substitution, shuffing, number and data variance and nulling out data. Tip
-
How to ensure data security by spotting enterprise security weaknesses
How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security. Tip
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security. Tip
-
EDRM-DLP combination could soon bolster document security management
The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management. Tip
-
NSA best practices for data security
Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security. Tip
-
How to know if you need file activity monitoring to track file access
Is file activity monitoring, a new product meant to integrate with DLP to provide more granular file access tracking, right for your enterprise? Tip
-
Internal controls checklist for corporate data protection, compliance
Expert Eric Holmquist details four key governance items that should be on every enterprise’s internal controls checklist to ensure corporate data protection. Tip
- See more Tips on Enterprise Data Governance
-
The advantages of digital watermarking in enterprise data protection
Expert Michael Cobb explains the advantages of digital watermarking and analyzes whether improved data security is one of them. Answer
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
Automated file and registry monitoring tools for Windows
A file and registry monitoring tool like Process Monitor can help IT organizations identify suspicious behavior that may be related to a malware infection. Answer
-
How to protect intellectual property from hacker theft
More hackers are targeting corporate IP over SSNs and card data. Expert Nick Lewis explains how to protect intellectual property in the enterprise. Answer
-
Social networking best practices for preventing social network malware
Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise. Ask the Expert
-
Validating ERP system security and ERP best practices
Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices. Ask the Expert
-
DBMS security: Data warehouse advantages
Are there data warehouse advantages in regard to security? Without question. Michael Cobb explains. Ask the Expert
-
Will technologies like Vanish help create archived, unreadable data?
Self-destructing data is a nice thought, says Michael Cobb, but we're some ways off from achieving reliable document control of this kind. Ask the Expert
-
HIPAA and Social Security numbers in a hospital computer network
Learn when Social Security numbers can be used for patient identification without violating HIPAA patient confidentiality requirements. Ask the Expert
- See more Expert Advice on Enterprise Data Governance
-
enhanced driver's license (EDL)
An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license, includes an RFID tag that allows officials to pull up the owner's biographical and biometric data. Definition
-
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of ... Definition
-
data masking
Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functiona... Definition
-
deperimeterization
In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication. Definition
-
snooping
Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual obs... Definition
-
Google hacking (Google scanning or Engine hacking)
Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet... Definition
-
masquerade
In general, a masquerade is a disguise. Definition
-
cut-and-paste attack
A cut-and-paste attack is an assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed. Definition
-
data splitting
Data splitting is an approach to protecting sensitive data from unauthorized access by encrypting the data and storing different portions of a file on different servers. Definition
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture. Video
-
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Video
-
Enterprise network content monitoring best practices
This presentation offers a strategic look at enterprise content monitoring and provides guidance on how key technologies can underpin necessary control sets for your organization. Video
-
Black Hat 2011: Database threats and mitigations
Databases have come under increased attacks in recent months from hacktivist groups and cybercriminals. Learn how to apply the appropriate security technologies to defend your database. Video
-
Realign your data protection strategy efforts
In this video, learn what you need to do to realign your strategic focus to counter new threats by first understanding what’s important to your business. Video
-
Forrester's advice for data governance maturity model success
Forrester Research Senior Analyst Andrew Jaquith gives advice for data governance maturity model success and why enterprises should do more than just follow a standardized set of guidelines to protect data. Video
-
How to be a Chief Information Security Officer (CISO)
If being a Chief Information Security Officer (CISO) is your dream job, this video is for you. Ernie Hayden, consultant and former CISO, gives advice on the essentials, including how to keep things running smoothly enough that you can take time off. Video
-
Data Accountability and Trust Act
Attorney David Navetta discusses the proposed DATA law, including the similarities and differences with existing state data privacy laws. Video
-
Creating an enterprise data protection framework
By creating a data protection plan, security professionals are able to ensure valuable data remains under control and make more effective use of the assets within a company. Video
-
Compliance in the cloud
Rena Mears, global and U.S. privacy and data protection leader at Deloitte, discusses how cloud computing is transforming data classification and security. Video
- See more Multimedia on Enterprise Data Governance
-
Quiz: DLP deployments: Understanding your options
This five-question quiz will test your knowledge of the key points we’ve covered in the webcast, podcast and tip in this DLP deployment Security School Lesson by Kevin Beaver. Quiz
-
The advantages of digital watermarking in enterprise data protection
Expert Michael Cobb explains the advantages of digital watermarking and analyzes whether improved data security is one of them. Answer
-
No firewall? How disabling the firewall can improve network security
Having no perimeter firewall may seem ludicrous, but Joel Snyder explains why disabling the firewall can actually improve enterprise network security. Tip
-
Gary McGraw: NSA data collection programs demand discussion, scrutiny
Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny. Opinion
-
For CISOs, California Right to Know Act would raise privacy emphasis
The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles. News
-
enhanced driver's license (EDL)
An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license, includes an RFID tag that allows officials to pull up the owner's biographical and biometric data. Definition
-
Logging in the cloud: Assessing the options and key considerations
Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises. Tip
-
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats. Column
-
Data privacy issues present new data governance challenges
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage. News
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
- See more All on Enterprise Data Governance
About Enterprise Data Governance
In this guide to enterprise data governance, get advice on how to protect your data, data backup and recovery, how to develop a data backup strategy, data backup storage and protection methods and technologies.