Security Management Strategies for the CIO- Data Loss Prevention
- Data Analysis and Classification
- Data Security and Cloud Computing
- Identity Theft and Data Security Breaches
- Enterprise Data Governance
- Disk Encryption and File Encryption
- Database Security Management
Email Alerts
-
A framework for big data security
Organizations are entranced with big data but need to acknowledge the security risks and plan accordingly.Magazine
-
Adopt Zero Trust to help secure the extended enterprise
Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
-
Quiz: Network content monitoring must-haves
See if you know the essentials of network content monitoring in this SearchSecurity.com Security School quiz.Quiz
-
EDRM-DLP combination could soon bolster document security management
The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management.Tip
-
How EDRM can bolster enterprise content management security
Learn about implementing enterprise EDRM and how this technology combo supports enterprise content management security.Video
-
PDF download: Information Security magazine December 2011
This issue of Information Security features a firsthand account of the Windows Vista security review. Also learn about enterprise digital rights management best practices.Magazine
-
Detecting covert channels to prevent enterprise data exfiltration
A covert channel is just one more way data can leave the network. Learn how to detect and block covert channels from threats expert Nick Lewis.Answer
-
Security School: Realigning data protection priorities
Brown University CISO David Sherry explains how your organization should protect identity data, which is now what attackers covet most.Feature
-
Quiz: Realign your data protection efforts
How much have you learned about prioritizing your data protection efforts around social engineering attacks? Test your knowledge in this short quiz.Quiz
-
Expert Podcast: Five Ways to Combat Social Engineering Attacks Against Your Organization
Nearly every attack against an organization has its roots in social engineering. Attackers do significant reconnaisance against targets and mine data in order to craft campaigns to steal identity data and access. In this podcast, you’ll learn five ways to make the first step in your security realignment and how to teach employees the dangers of putting too much information on social networks, how to spot scams online and in person and what you should do should you suspect you're being socially engineered.Podcast
- VIEW MORE ON : Data Loss Prevention
-
Information security intelligence demands network traffic visibility
Use the network and host data at your disposal to create business-focused information security intelligence policies and strategies.Tip
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Tip
-
Quiz: Security log analysis for actionable security information
Test your knowledge of security log analysis in this five-question quiz.Quiz
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.Feature
-
Symantec acquires LiveOffice for online data archiving
Symantec said the $115 million-dollar deal boosts its e-discovery business and offer security and antispam capabilities for on-premise and hosted email.News | 16 Jan 2012
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.Tip
-
NSA best practices for data security
Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security.Tip
-
Data reduction software accelerates computer forensic investigations
Data reduction software is an essential part of any computer forensics process. Expert Richard W. Walker looks at data reduction software tools and processes and the role they play.News | 05 Jul 2011
-
Information Security magazine - February 2011 issue
Download the entire February 2011 issue of Information Security magazine.Feature
-
Former @stake researcher Aitel insists on data classification
Know your data before turning to the cloud, says Dave Aitel, CTO of Immunity Inc. Aitel criticized traditional security technologies at FIRST Conference 2010.Article | 16 Jun 2010
- VIEW MORE ON : Data Analysis and Classification
-
Cloud endpoint security: Considerations for cloud security services
Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security.Answer
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.Answer
-
DHS cloud computing: Homeland Security’s model private cloud strategy
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings.News | 05 Oct 2011
-
Breach fears push federal cloud computing initiative to private cloud
Trapped between budget constraints and security fears, government agencies are increasingly opting for private clouds.News | 20 Sep 2011
-
XACML tutorial: Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.Tip
-
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Homomorphic encryptions allow complex mathematical operations to be performed on encrypted data without compromising the encryption.Definition
-
Cloud failures, privacy issues and data breach woes
Eric Holmquist of Holmquist Advisory joins the editorial team to talk about the Verizon DBIR, the recent Apple privacy debacle and the Amazon cloud failure.Podcast
-
Information Security magazine online April 2011
This issue of Information Security looks at what enterprises need to do before moving to the cloud.Magazine
-
Is Your Network Ready for Cloud Computing?
This video explains how to prepare your network for a cloud migration and highlights the areas you need to cover with the cloud provider.Video
-
Database monitoring best practices: Using DAM tools
To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.Tip
- VIEW MORE ON : Data Security and Cloud Computing
-
GlobalPayments breach update explains scope of lapse
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customersNews | 02 May 2012
-
Verizon DBIR: Organizations are forgetting computer security basics
Verizon data breach report illustrates need to get back to basics.Magazine
-
Anonymous hacking group member pleads ‘not guilty’ in police website attack
An Ohio man reportedly associated with Anonymous pleaded not guilty on Monday to charges of hacking two Utah police websites.News | 18 Apr 2012
-
Probing Anonymous hacktivists a serious challenge for researchers
Security researchers try to get a better understanding of their adversary, but probing Anonymous is proving to be a difficult challenge.News | 18 Apr 2012
-
NSTIC identity plan: Can identity brokers stop Internet identity theft?
The new NSTIC identity proposal would have identity brokers handling enterprise merchant customer authentication. But can it work?Tip
-
Expert: Data breach response plans, investigations should include local cops
State, county and local law enforcement should play a role in data security breach investigations, says Nick Selby, an IT security consultant and police officer.News | 03 Apr 2012
-
Likely Visa, MasterCard security breach linked to third-party processor
The credit card giants tell banks that a third-party payment processor may have been breached, causing the loss of tens of thousands of card numbers.News | 30 Mar 2012
-
2012 Verizon DBIR: Hacktivists make impact on data breach statistics
The Verizon DBIR says hacktivists conduct opportunistic attacks targeting mainly large businesses using tactics akin to a smash-and-grab burglary, stealing any data they can access.News | 22 Mar 2012
-
Verizon 2012 DBIR recommends log analysis and password management
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.News | 22 Mar 2012
-
Verizon DBIR 2012: Automated large-scale attacks taking down SMBs
The Verizon DBIR says cybercrime groups automate attacks against SMBs with lax controls on remote access services and point-of-sale systems.News | 22 Mar 2012
- VIEW MORE ON : Identity Theft and Data Security Breaches
-
How to ensure data security by spotting enterprise security weaknesses
How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security.Tip
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.Feature
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.Tip
-
Quiz: Network content monitoring must-haves
See if you know the essentials of network content monitoring in this SearchSecurity.com Security School quiz.Quiz
-
Robert Westervelt, News Director
Robert Westervelt is News Director for the TechTarget Security Media Group.News Director
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.Answer
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised.Answer
-
PDF download: Information Security magazine December 2011
This issue of Information Security features a firsthand account of the Windows Vista security review. Also learn about enterprise digital rights management best practices.Magazine
-
Enterprise digital rights management best practices
EDRM brings users into security more than any other tool. Are you ready?Magazine
-
Automated file and registry monitoring tools for Windows
A file and registry monitoring tool like Process Monitor can help IT organizations identify suspicious behavior that may be related to a malware infection.Answer
- VIEW MORE ON : Enterprise Data Governance
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration.News | 02 May 2012
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems.Answer
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect.Answer
-
P2P encryption: Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.Tip
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.Answer
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications.News | 25 Oct 2011
-
Symmetric key encryption algorithms and hash function cryptography united
Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques.Answer
-
Analysis: PCI Tokenization Guidelines offer clarity, but questions remain
Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear.Tip
-
PCI Council issues point-to-point encryption validation requirements
A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules.News | 16 Sep 2011
-
How MAC and HMAC use hash function encryption for authentication
Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb.Answer
- VIEW MORE ON : Disk Encryption and File Encryption
-
Security School: Network content monitoring must-haves
In this new lesson, expert Mike Chapple explores how to best prioritize and strategize for data protection investments to protect key content.Guide
-
Adopt Zero Trust to help secure the extended enterprise
Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
-
Symantec acquires LiveOffice for online data archiving
Symantec said the $115 million-dollar deal boosts its e-discovery business and offer security and antispam capabilities for on-premise and hosted email.News | 16 Jan 2012
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.Tip
-
EDRM-DLP combination could soon bolster document security management
The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management.Tip
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised.Answer
-
How EDRM can bolster enterprise content management security
Learn about implementing enterprise EDRM and how this technology combo supports enterprise content management security.Video
-
Black Hat 2011: Database threats and mitigations
Databases have come under increased attacks in recent months from hacktivist groups and cybercriminals. Learn how to apply the appropriate security technologies to defend your database.Video
-
The Dodd-Frank Act could mean a data management mess for some
Financial institutions need to get ready for the data management ramifications of the Dodd-Frank Act, according to experts.News | 04 May 2011
-
Recent data breaches redefine failure, demand new approaches
Column: What do recent data breaches at RSA, WordPress and Sony have in common? Companies must not only find weaknesses, but also actively hunt down intruders.Column | 28 Apr 2011
- VIEW MORE ON : Database Security Management