Home
Topics
Information Security Management

Beyond privacy policies: Practical privacy for websi...

Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps.
How will the cloud affect future network security sk...

Will the ongoing adoption of cloud technology affect the skills that network security engineers need in the future? Matt Pascucci discusses.
McAfee in agreement to acquire next-gen firewall mak...

McAfee has announced an agreement to acquire next-gen firewall maker Stonesoft for $389 million.
How to choose the best antimalware products: Questio...

Mike Rothman offers 10 critical questions to ask antimalware vendors when seeking out the best antimalware products for enterprise use.

Information Security Management

Security Industry Market Trends, Predictions and Forecasts
Enterprise Risk Management: Metrics and Assessments
Enterprise Compliance Tools
Business Management: Security Support and Executive Communications
Enterprise Compliance Management Strategy
Disaster Recovery and Business Continuity Planning
Information Security Policies, Procedures and Guidelines
Information Security Laws, Investigations and Ethics
Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions
Information Security Incident Response-Information
Security Awareness Training and Internal Threats
News and analysis from IT security conferences

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Opinion: DBIR, other computer security statistics paint tricky picture

Verizon's annual breach report highlights a spate of new security research reports. However, overall conclusions from these are hard to come by.News
Opinion: The APT1 aftermath and information sharing

Marcus Ranum says the Mandiant APT1 report must serve as a model for better information sharing within the information security industry.Opinion
Security spending on a tight information security budget
RSA 2013: More from Coviello on big data analytics in the security industry

RSA's Art Coviello explains why the shortcomings of current mainstream security products are part of what's driving enterprise interest in big data.News | 28 Feb 2013
RSA 2013: Charney optimistic about the future of information security

In his RSA Conference 2013 keynote, Microsoft's Scott Charney struck an optimistic note when talking about the future of information security.News | 27 Feb 2013
Coviello pitches 'transformational' information security strategy

In a talk critical of cyberattack finger-pointing, Art Coviello stressed the need for infosec strategy to emphasize big data, interconnectivity.News | 26 Feb 2013
2013 Security Priority Survey, security risks when buying IT hardware from China

Information Security Magazine reveals the results of its 2013 Security Priority Survey and examines the security risks associated with purchasing IT hardware from China. Elsewhere in the issue, infosec pros share their strategies for BYOD security.Editor's Letter
Profile: Gil Shwed, Check Point co-founder, CEO
Profile: Symantec CEO John Thompson
IT security spending 2004: Firms diversify as security budgets tighten
VIEW MORE ON : Security Industry Market Trends, Predictions and Forecasts

Compliance and risk modeling

You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting compliance as a necessary evil, but aggressively teaming with their internal compliance and audit teams to structure security programs both for heightened security and clear compliance deliverables. The cover story tackles not only this shift in emphasis, but also the latest updates in key compliance frameworks, offering guidance on how to position new requirements as an opportunity rather than more paperwork.E-Zine
Editor’s desk: A chat with Peter G. Neumann

Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures.Feature
Weighing compliance mandates vs. security vulnerability management

Should security vulnerabilities be prioritized based on compliance needs? Mike Chapple discusses this approach to vulnerability management.Answer
Symantec 2013 Threat Report highlights rise in SMB attacks

Big Yellow's annual report indicates a threefold rise in targeted attacks against SMBs as attackers search beyond big firms for susceptible targets.News | 18 Apr 2013
Panel: Cyber-intelligence alone can't stop enterprise security threats

Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.News | 27 Mar 2013
Use the Mandiant Redline memory analysis tool for threat assessments

Video: Keith Barker of CBT Nuggets shows how to use the Mandiant Redline memory analysis tool to conduct threat assessments, defeat rootkits.Video
Martin Roesch: Increase in cybersecurity breaches demands new tactics

Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities.Video
Kaminsky: Fostering improved security culture demands societal change

At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.Column | 25 Feb 2013
Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video
Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video
VIEW MORE ON : Enterprise Risk Management: Metrics and Assessments

Reframing compliance with a threat model

Too many compliance programs miss the mark. Tony UcedaVelez explains how leveraging a threat model can re-energize your strategy.Feature
Reframing compliance with a threat model
Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video
Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video
Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.Video
PCI QSA

Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting servicesDefinition
Talking with lawyers: How to manage information security legal issues

Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.Answer
Balancing compliance with information security threat assessment

Compliance is often the driver for security spending rather than real risks. Learn how to incorporate current threats into a compliance program.Tip
Compliance and Cloud Security

This comprehensive guide to compliance and cloud security covers all the angles in order to help clarify security and compliance issues associated with cloud computing.EBook
The effects of PCI DSS, compliance requirements on the security industry

Paul Judge of Barracuda Networks and Joshua Corman of the 451 Group discuss whether compliance hinders the creation of innovative security technologies.Article | 04 Mar 2011
VIEW MORE ON : Enterprise Compliance Tools

Assumption of breach: How a new mindset can help protect critical data

By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.Tip
International data protection: 'Evil maid' attacks, HDD cloning risks

Video: Cryptoseal CEO Ryan Lackey details the threats associated with international data protection, from cloned hard drives to evil maid attacks.Video
ISM February 2003 Proctor
ISM January 2003 Heiser
Why a security conscience is key among CISO responsibilities

Every firm needs a security conscience, according to expert Ernie Hayden, who says it is critical among key CISO responsibilities.Answer
Security jargon: Using IT language analogies to explain information security
Best practices for security report writing
Why the role of a CISO can reduce the average cost of a data breach

Filling the CISO position with the right person can reduce the costs a company will experience from a data breach. Expert Ernest Hayden explains why.Tip
Ernie Hayden on the keys for success in the role of CISO

Ernie Hayden discusses the role of CISO and draws on examples from his own career as he lists the most important attributes for a successful CISO.Video
Aligning enterprise identity and access management with CIO priorities

Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM.Tip
VIEW MORE ON : Business Management: Security Support and Executive Communications

Reframing compliance with a threat model

Too many compliance programs miss the mark. Tony UcedaVelez explains how leveraging a threat model can re-energize your strategy.Feature
Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video
Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video
Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.Video
security information and event management (SIEM)

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security. Definition
PCI assessment

A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS).Definition
PCI QSA

Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting servicesDefinition
Talking with lawyers: How to manage information security legal issues

Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.Answer
Cloud security among PCI Council 2012 special interest groups

The PCI Security Standards Council delineated a scope of special interest groups known as SIGS in order to help prioritize next years areas of focus.News | 16 Nov 2011
Best policy and risk management products 2011

Readers choose the best policy and risk management products 2011.Magazine
VIEW MORE ON : Enterprise Compliance Management Strategy

Prepare for Shamoon malware with data backup and recovery plan

Expert Nick Lewis discusses how to detect Shamoon malware and emphasizes the importance of detailed data backup and recovery plans.Answer
Security and IT business intelligence
Sandy put business continuity planning in spotlight

Some firms struggled while others smoothly executed disaster procedures. Experts said cloud computing aided data center resiliency.News | 05 Nov 2012
Cybersecurity Act of 2009: Power grab, or necessary step?
Time is now for pandemic flu planning
Disaster recovery and contingency planning security considerations
Perspectives: Pandemic planning for remote access
Avoiding a breach by a third-party data recovery services provider

Expert Nick Lewis discusses the security requirements enterprises should establish when selecting a third-party data recovery services provider.Answer
Download: Log management best practices: Six tips for success

In this expert e-guide from SearchSecurity.com you'll discover Six tips for success in Log managementMagazine
DoS attack responses demand better business continuity plans

Expert Nick Lewis says an effective DoS attack responses demand better business continuity plans, including pre-negotiating with providers.Tip
VIEW MORE ON : Disaster Recovery and Business Continuity Planning

four eyes principle

The four eyes principle is a requirement that two individuals review and approve some action before it can be taken. In a business context, the two individuals are often the CEO and the CFO. However, the principle can be applied to decisions at all levels and in a wide variety of environments. The four eyes principle is sometimes called the two-man rule or the two-person rule.Definition
confidentiality, integrity, and availability (CIA)

Confidentiality, integrity, and availability (CIA) is a model designed to guide policies for information security within an organization. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of ready access to the information by authorized people. The model is sometimes known as the CIA triad.Definition
PayPal CISO: Laws must foster better cybersecurity information sharing

PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security.Video
How to address password change frequency, reuse for third-party apps

Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies.Answer
Updating firewall policies with the frequency of firewall testing

Should firewall testing frequency be decided and documented when updating firewall policies? Expert Brad Casey discusses how often to test firewalls.Answer
Panel: Cyber-intelligence alone can't stop enterprise security threats

Panelists at the SANS Cyber Threat Intelligence Summit lament the challenges of using cyber-intelligence to thwart enterprise security threats.News | 27 Mar 2013
Martin Roesch: Increase in cybersecurity breaches demands new tactics

Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities.Video
Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.Video
Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.Video
Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.Video
VIEW MORE ON : Information Security Policies, Procedures and Guidelines

For CISOs, California Right to Know Act would raise privacy emphasis

The proposed California Right to Know Act may compel CISOs to develop additional privacy policies or create new privacy officer roles.News | 09 Apr 2013
Bruce Schneier: China cyberwar rhetoric risks dangerous implications

Video: Bruce Schneier explains why ongoing China cyberwar rhetoric evokes the wrong responses and may damage personal privacy, and ultimately freedom.Video
'Internet underground' fight demands better cybersecurity intelligence

Former U.S. national security advisor Greg Rattray believes better cybersecurity intelligence is needed to combat a growing "Internet underground."News | 22 Mar 2013
DoD security panel calls for new cyber-defense, offense

A Pentagon advisory panel suggests both beefed-up U.S. cyber-defenses and a proactive plan for offense.News | 14 Mar 2013
PayPal's CISO on cybercrime prevention, Internet security issues

Video: PayPal CISO Michael Barrett discusses hot-button issues surrounding cybercrime prevention, Internet security and nation-state attacks.Video
Obama's cybersecurity executive order issued for critical infrastructure

President Obama issued an executive order aimed at fostering public-private information sharing among critical infrastructure sectors.News | 13 Feb 2013
Critical infrastructure security: Electric industry shows the path

Expert Brian Zimmet believes the electric industry is the one to watch for a look at the future of critical infrastructure security regulations.News | 30 Jan 2013
Stored Communications Act ruling muddles business online data privacy

A state supreme court decision addressing webmail hacking under the Stored Communications Act affects email privacy and the ability to sue hackers.Tip
ISM January 2003 Briney
ISM January 2003 Briney 2
VIEW MORE ON : Information Security Laws, Investigations and Ethics

Incorporating compliance teams in the request for proposals process

Procurement personnel should know when to include the compliance team in the request for proposals process.Answer
McGraw: Use VBSIMM software security model when buying software

Video: Gary McGraw explains how JPMorgan Chase and others use the VBSIMM security model to vet software purchased from third-party vendors.Video
Who's who in IT risk management vendors 2003
Huawei security issues are result of 'rumors,' says Huawei executive

Huawei security issues threating national security are 'rumors' lacking supporting evidence, a Huawei France executive tells LeMagIT.News | 21 Mar 2013
Cisco: Integration key to enterprise security strategy

Cisco's Chris Young says the vendor's enterprise security strategy, including the next-generation data center and SDN, hinges on Cisco's integration efforts.Video
Kaminsky: Fostering improved security culture demands societal change

At B-Sides San Francisco, Dan Kaminsky discussed how society inhibits its own security culture, and the need to look beyond status-quo technology.Column | 25 Feb 2013
Exploring the security risks of network management outsourcing

Is network management outsourcing the future of network security or too great a risk? Matthew Pascucci discusses the risks and rewards.Answer
The Huawei security risk: Factors to consider before buying Chinese IT

Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Feature
The Huawei security risk: Factors to consider before buying Chinese IT
ISM May 2003 Wise
VIEW MORE ON : Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions

Don't keep quiet after a data security breach
How to develop a data breach response strategy
Key steps for security incident response planning
Turn your computer incident response team into counter-threat operations
security event (security incident)

A security event is a change in the everyday operations of a network or IT service, indicating that an security policy may have been violated or a security safeguard may have failed.Definition
Formulate a more effective information security incident response plan

In this Hot Type podcast, author Neal McCarthy discusses how enterprises should create and maintain an information security incident response plan.Hot Type
Understanding the insider threat

In this video, Dawn Cappelli, a member of the Technical Staff in CERT at Carnegie Mellon University's Software Institute, outlines three different types of intentional insider threats.Video
Robert Westervelt, News Director

Robert Westervelt is News Director for the TechTarget Security Media Group.News Director
SEC guidance clarifies cybersecurity disclosure requirements

Companies need to factor security risks and incidents in their financial disclosures, agency says.Magazine
Symantec tunes up DeepSight service, unveils authentication capabilities

Move is part of an industry trend that turns threat intelligence data into actionable information.News | 18 Oct 2011
VIEW MORE ON : Information Security Incident Response-Information

To nullify targeted attacks, limit out-of-office message security risk

Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given.Answer
Block Windows Help files to help prevent social engineering attacks

Expert Nick Lewis explains how to prevent social engineering attacks that utilize Windows Help files by blocking attachments with the .hlp extension.Answer
Bing security: Is search engine poisoning a problem for Bing users?

Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security.Answer
RSA 2013: FBI offers lessons learned on insider threat detection

At RSA Conference 2013, experts from the FBI said insider threat detection hinges not on technology, but on a multifaceted 'people-centric' approach.News | 05 Mar 2013
Well-rounded information security education benefits IT professionals

A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.Column
Well-rounded information security education benefits IT professionals
Safely using shortened URLs requires user education, technology

Expert Nick Lewis delves into the potential threat posed by shortened URLs and what enterprises can do to protect users from malicious short URLs.Answer
Mitigations for mobile phishing problems on the iOS platform

With potential phishing problems surfacing for iOS users, expert Nick Lewis provides advice for enterprises facing the mobile phishing menace.Answer
ISM February 2003 Proctor
ISM January 2003 Prince
VIEW MORE ON : Security Awareness Training and Internal Threats

Vendors showcase MAM products that ease BYOD challenges at RSA 2013

RSA exhibitors offered a range of mobile application management solutions, intended to ease the challenges of monitoring BYOD environments.News | 27 Feb 2013
RSA 2013: Charney optimistic about the future of information security

In his RSA Conference 2013 keynote, Microsoft's Scott Charney struck an optimistic note when talking about the future of information security.News | 27 Feb 2013
Big data 2.0: CISOs push need to identify attack campaigns

CISOs at RSA Conference 2013 say identifying attack campaigns means taking security big data to the next level. The hard part? Finding data analysts.News | 27 Feb 2013
Coviello pitches 'transformational' information security strategy

In a talk critical of cyberattack finger-pointing, Art Coviello stressed the need for infosec strategy to emphasize big data, interconnectivity.News | 26 Feb 2013
Security B-Sides presenter questions value of penetration testing

At Security B-Sides San Francisco, Brett Hardin asked why organizations hire penetration testers and assessed the value of penetration testing.News | 26 Feb 2013
RSA Conference 2013: Analysis, video and news from RSA

Updated throughout RSA Conference 2013, visit here often for the latest analysis, video and news from RSAC in San Francisco.guide
offensive security

Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.Definition
Special coverage: Black Hat 2012

This is the place for all the news, analysis, commentary and video interviews direct from the annual hacker event in Las Vegas.News | 26 Jul 2012
Black Hat 2012: Special Conference Coverage

Researchers and hackers gather in Las Vegas, and new exploit methods are sure to be revealed. Don't miss our wall-to-wall coverage.Guide
Oracle security patches, InfoSec World 2012 controversy offer important lessons

Editor Eric B. Parizo says controversies involving Oracle security patches and InfoSec World 2012 prove the importance of differing opinions.Opinion
VIEW MORE ON : News and analysis from IT security conferences

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Information Security Management

Email Alerts

About This Topic

More from Related TechTarget Sites