Security Management Strategies for the CIO
Email Alerts
-
Next-generation firewalls play by new rules
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with fine-tuned application awareness and better controls, many IT managers are still stuck with the original f... E-Zine
-
Cybersecurity: Global risk management moves beyond regulations
Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead. Feature
-
BSIMM4 measures and advances secure application development
The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives. Feature
-
Data breach protection requires new barriers
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection? Feature
-
Choosing security products: DLP technology
Data loss prevention technology remains critical in preventing data leakage. In this guide, learn what to consider when evaluating DLP products. guide
-
Watching the watchers
In this Security School lesson, expert Andreas explores how to monitor the activities of your most trusted insiders with a combination of policy, process and technology to keep unauthorized access and data loss to a minimum. guide
-
Mass 201 CMR 17: Basics for security practitioners
Massachusetts data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements of this law, and find out what needs to be done to become compliant with the law. Learning Guide
-
Quiz: Data loss prevention
Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material. Quiz
-
More from SearchSecurity.com -- May 2007
Online content from the May 2007 edition of Information Security magazine, examining best practices for the protection of sensitive information. Monthly Magazine Highligh
-
Database defenses for a new era of threats
All too often, precious corporate databases containing customer records and other sensitive data are forgotten or ignored. This lesson offers an overview of the basic tools needed to secure a company's databases against today's emerging and most dang... partOfGuideSeries
-
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by ... Book Chapter
- See more Essential Knowledge on Identity Theft and Data Security Breaches
-
Feds catch hackers behind worldwide data breaches
Feds indict, unmask hackers behind largest known data breach conspiracy targeting worldwide financial institutes, payment processors and retailers. News | 26 Jul 2013
-
Turkish researcher claims responsibility for Apple dev site hack
Turkish researcher Ibrahim Balic says he found multiple vulnerabilities at Apple's developer website, but did not intend to bring the site down. News | 22 Jul 2013
-
California data breach report: 2.5M residents at risk of identity theft
In 2012, data breaches in California put 2.5 million residents at risk of identity theft. News | 08 Jul 2013
-
Verizon DBIR 2013: Damage caused by simple attacks, slow detection
Verizon's 2013 breach report shows most breaches are caused by a select few attack types, and the majority of breaches aren't detected for months. News | 22 Apr 2013
-
Verizon data breach report 2013: Data shows need for risk awareness
Verizon's annual breach report indicates outsiders still cause most breaches, and despite no one-size-fits-all defense, better risk awareness can help. News | 22 Apr 2013
-
Stolen credentials, basic security lapses at core of 2012 breaches
Social engineering attacks and stolen passwords are giving attackers unfettered access to corporate systems for extended periods of time. News | 26 Dec 2012
-
Study finds firms lagging in health care privacy, data security protections
Inadequate security controls, a heavy use of cloud-based services, and employee negligence are resulting in multiple breaches at the same firms. News | 06 Dec 2012
-
Phishing attack, stolen credentials sparked South Carolina breach
A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months. News | 21 Nov 2012
-
Identity fraud rings in the U.S. target wireless companies, banks
A new study by ID Analytics found that more than 10,000 identity fraud rings exist in the U.S., many in the rural Southeast. News | 15 Nov 2012
-
NASA to deploy whole-disk encryption following breach
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted. News | 15 Nov 2012
- See more News on Identity Theft and Data Security Breaches
-
Opinion: Software [in]security -- software flaws in application architecture
Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws. Opinion
-
Cybersecurity and global risk assessment enter the boardroom
Analysts expect security concerns to drive global risk management, but executives may need convincing. Column
-
Opinion: DBIR, other computer security statistics paint tricky picture
Verizon's annual breach report highlights a spate of new security research reports. However, overall conclusions from these are hard to come by. News
-
IT security strategy 2.0: Adjusting for a shifting infosec landscape
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change. Tip
-
To improve breach detection, revisit intrusion detection techniques
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis. Tip
-
Aligning business and IT security: Learning from South Carolina breach
Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it. Tip
-
DLP management tools and reporting: Key considerations
When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key. Tip
-
With DLP, encryption and integration strengthen security policies
Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions. Tip
-
Using DLP tools for data leakage alerting and preventive actions
When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking. Tip
-
DLP monitoring: Defining policies to monitor data
DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take. Tip
-
Effective DLP products need data discovery and data fingerprinting
Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter. Tip
-
Assumption of breach: How a new mindset can help protect critical data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains. Tip
-
Protect intellectual property with data breach prep, cost analysis
Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.' Tip
- See more Tips on Identity Theft and Data Security Breaches
-
What risk does the Apple UDID security leak pose to iOS users?
Expert Michael Cobb details Apple's Unique Device Identifiers, plus why iOS users should be concerned about the Anonymous UDID security leak. Answer
-
Verizon DBIR 2012: On Web app security, basics still lacking
Expert Michael Cobb analyzes takeaways from the Verizon DBIR 2012 report regarding Web app security and the need for more basic security measures. Answer
-
PCI DSS lessons learned from Global Payments data breach
Expert Nick Lewis discusses the Global Payments data breach, focusing on lessons to be learned for PCI DSS-compliant enterprises. Answer
-
Personally identifiable information guidelines for U.S. passport numbers
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman. Ask the Expert
-
What are best practices for secure password distribution after a data breach?
After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM exp... Ask the Expert
-
Is insider activity or outsider activity a bigger enterprise threat?
According to Verizon's 2008 Data Breach Investigations Report, outsider activity is much more likely to be the cause of a data breach than insider activity. Does that mean security managers are spending too much time worrying about insiders? Security... Ask the Expert
-
Are Internet cafe users' email credentials at risk?
Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands. Ask the Expert
-
Is it possible to delete search data from a search engine's servers?
Search engine history can be very sensitive, and can be used against the searcher if it falls into the wrong hands. Security threats expert Ed Skoudis addresses the possibility of deleting search history from a search engine's servers. Ask the Expert
-
What techniques are being used to hack smart cards?
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Ask the Expert
-
What are the roles of a liaison officer?
Security incident response is one of the main duties of a liaison officer. Security management expert Mike Rothman explains. Ask the Expert
- See more Expert Advice on Identity Theft and Data Security Breaches
-
offensive security
Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks. Definition
-
targeted attack
A targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack is conducted to gain access to a computer or network and is followed by a further exploit designed to cause harm ... Definition
-
industrial espionage
Industrial espionage is the covert and sometimes illegal practice of investigating competitors, usually to gain a business advantage. Definition
-
pretexting
Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage. A pretext is a false motive. Definition
-
parameter tampering
Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization... (Continued) Definition
-
privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications. Definition
-
bot worm
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers. A bot worm may be created with the ultimate intention of creating a botnet that ... Definition
-
data breach
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable ... Definition
-
identity theft
According to the Identity Theft Resource Center, identity theft is a crime in which an imposter obtains key pieces of personal information, such as a Social Security number, to impersonate someone else....(Continued) Definition
-
extrusion prevention
Extrusion prevention is the practice of stopping data leakage by filtering outbound network traffic. Extrusion prevention protects sensitive digital assets from unauthorized transfer by stopping the movement of packets across the network. Extrusio... Definition
- See more Definitions on Identity Theft and Data Security Breaches
-
Practical advice for managing DLP technology effectively
In this podcast, Kevin Beaver provides advice for managing DLP technology in your environment to ensure a successful data loss prevention program. Podcast
-
Data loss prevention tools: Understanding your options
Video: Kevin Beaver uses real-life experiences with data loss prevention tools to help you with your technology choices, rollout and management. Video
-
Why advanced malware detection is key to cut through 'network noise'
Video: Wolfgang Kandek, CTO at Qualys, discusses the need for advanced malware detection as true enterprise threats are being lost in "network noise." Video
-
Debating international cyberespionage, poor secure coding practices
Corey Schou explains why cyberespionage and corporate intelligence are linked; also, why attackers aren't to blame for insecure coding practices. Video
-
Holistic security for database-centric applications
In this exclusive video presentation, Nemertes Research Senior Vice President and Founding Partner Andreas Antonopoulos provides an executive overview of the security issues of securing database-centric applications and the key tactics essential to s... Video
-
Video: PCI liability, HIPAA enforcement rule, breach notification laws
Attorney David Navetta discusses why PCI liability matters to card brands, the effect of the HIPAA enforcement rule and breach notification laws. Video
-
Cloud failures, privacy issues and data breach woes
Eric Holmquist of Holmquist Advisory joins the editorial team to talk about the Verizon DBIR, the recent Apple privacy debacle and the Amazon cloud failure. Podcast
-
Podcast: Data breaches highlight systemic failures
The editorial team discusses the RSA SecurID breach, Epsilon’s massive email breach and the Briar Group’s credit card data loss settlement. Serious blunders led to each breach. Podcast
-
Video: Inside the Verizon Data Breach Investigations Report 2011
Verizon's Wade Baker previews the 2011 Verizon Breach Investigations Report and shares surprising insight from the 2010 report on tactics that do and don't help prevent breaches. Video
-
Fact or fiction: Inside extrusion detection and prevention technology
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ne... Podcast
- See more Multimedia on Identity Theft and Data Security Breaches
-
Opinion: Software [in]security -- software flaws in application architecture
Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws. Opinion
-
Cybersecurity: Global risk management moves beyond regulations
Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead. Feature
-
Cybersecurity and global risk assessment enter the boardroom
Analysts expect security concerns to drive global risk management, but executives may need convincing. Column
-
Next-generation firewalls play by new rules
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with fine-tuned application awareness and better controls, many IT managers are still stuck with the original f... E-Zine
-
IT security strategy 2.0: Adjusting for a shifting infosec landscape
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change. Tip
-
To improve breach detection, revisit intrusion detection techniques
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis. Tip
-
Feds catch hackers behind worldwide data breaches
Feds indict, unmask hackers behind largest known data breach conspiracy targeting worldwide financial institutes, payment processors and retailers. News
-
Turkish researcher claims responsibility for Apple dev site hack
Turkish researcher Ibrahim Balic says he found multiple vulnerabilities at Apple's developer website, but did not intend to bring the site down. News
-
Practical advice for managing DLP technology effectively
In this podcast, Kevin Beaver provides advice for managing DLP technology in your environment to ensure a successful data loss prevention program. Podcast
-
Data loss prevention tools: Understanding your options
Video: Kevin Beaver uses real-life experiences with data loss prevention tools to help you with your technology choices, rollout and management. Video
- See more All on Identity Theft and Data Security Breaches
About Identity Theft and Data Security Breaches
Get advice on data security, identity theft and information security breaches. Learn about corporate data breach laws and legislation, state disclosure laws including Calif. SB-1386, notification requirements and legal ramifications of data breaches, and how to prevent hackers from stealing credit card data and social security numbers.