Security Management Strategies for the CIO
Email Alerts
-
What's your biggest information security concern?
In this month's issue of Information Security magazine, we reveal the results of this year's priorities survey. Readers ranked insider threats and information leaks as their top concerns. Get tips from auditors on how to avoid audit failure and get P... E-Zine
-
Top forensics tools for tracking down cybercriminals
Scott Levine stole more than one billion personal records and was convicted of 120 counts of unauthorized access of a protected computer. Check out the most popular forensics tools for tracking down cybercriminals. E-Zine
-
IT content and vendor engagement evaluation survey
When IT professionals, such as you, have an IT project at their organization, there is a need to research multiple pieces of content from a variety of sources including vendors, third-parties and experts. This survey will allow TechTarget to identify... Survey
-
Book chapter: Insider theft of intellectual property
This is an excerpt from the book The CERT Guide to Insider Threats describing entitlement-based attack models and how to implement controls. Feature
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Quiz: Practical strategies to mitigate insider threats
How much have you learned about detecting and mitigating insider threats? Find out in this short quiz. Quiz
-
Quiz: Anatomy of an attack
Take this five-question quiz and test your knowledge of social-engineering and data-mining attacks. Quiz
-
Threats to physical security
This is tip No. 6 in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage" publishe... Book Chapter
-
Risk management: Implementation of baseline controls
This fourth article in the Insider Threat Management Guide examines the implementation of baseline controls. Learning Guide
-
Insider Threat Management Guide
In this Insider Threat Management Guide, contributor Gideon Rasmussen reviews how to fortify your organization's current insider threat controls and keep internal dangers to a minimum. Learning Guide
-
Risk management audit
This article explores the audit function in the insider threat management process. Learning Guide
-
Risk management: Baseline management and control
Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Threat Management Guide. Learning Guide
- See more Essential Knowledge on Security Awareness Training and Internal Threats-Information
-
RSA 2013: FBI offers lessons learned on insider threat detection
At RSA Conference 2013, experts from the FBI said insider threat detection hinges not on technology, but on a multifaceted 'people-centric' approach. News | 05 Mar 2013
-
Expert urges security pros to speak out, educate upper management
Security expert Jayson E. Street explains why security pros must learn to communicate effectively to gain trust from management and empower employees. News | 02 Oct 2012
-
Black Hat 2012: Luminaries worried about social engineering techniques
Despite new technologies and better software security, experts say cybercriminals are instead focusing on targeted social engineering attacks. News | 25 Jul 2012
-
Black Hat 2012: Social engineering training benefits IT teams, end users
James Philput of Information Assurance Professionals will explain how social engineering training can instill security awareness into end users. News | 18 Jul 2012
-
Review your security contingency plan during the Games
U.K. companies are preparing to manage their security during the Olympics. Would your security contingency plan hold up to such a disruptive event? News | 21 Jun 2012
-
Why execs really need corporate security training
Senior executives may be the most likely to disobey all your hard-won corporate security training. Here are five reasons why. News | 31 May 2012
-
Technology raises visibility of partner networks
Lookingglass shines a light on the security posture of an enterprise’s partners, clients and third-party providers. News | 24 May 2012
-
Firms struggle to address social networking security risks, survey finds
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute. News | 03 Oct 2011
-
Former CIA official cites rise in government cybersecurity awareness
Former CIA ops director Cofer Black urges the security community to educate decision makers and validate how cyberattacks endanger national defense. News | 03 Aug 2011
-
Security awareness training begins with risk assessment
Security expert Rob Cheyne, CEO of Safelight Security Advisors, explains how organizations can get started with security training programs. Cheyne said a good first step is a risk assessment. News | 24 Mar 2011
- See more News on Security Awareness Training and Internal Threats-Information
-
Attack security literacy with brute force
Forget the slogans. Reset your security awareness program with actionable information. Column
-
Well-rounded information security education benefits IT professionals
A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals. Column
-
Data supports need for security awareness training despite naysayers
Claims that security awareness training doesn't work are unsubstantiated, explain software security experts Gary McGraw and Sammy Migues. Opinion
-
Black Hat 2012: Security visibility and the hidden message
SearchSecurity.com Black Hat 2012 contributor Jennifer Minella says security visibility was the underlying theme of this year's event. Opinion
-
IT security strategy 2.0: Adjusting for a shifting infosec landscape
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change. Tip
-
Whistleblower policy: Preventing insider information leak incidents
NSA-level incidents are rare, but they do happen. Learn how to prevent a whistleblower scenario and limit the risk of insider information leaks. Tip
-
A HIPAA compliance checklist for corporate mergers and acquisitions
Learn about the important HIPAA compliance best practices that can help maintain compliance before and after a corporate merger or acquisition. Tip
-
How to begin corporate security awareness training for executives
Expert Ernie Hayden provides advice for enterprises that are establishing security awareness training for their security-unaware executives. Tip
-
Five tips for rebuilding information security processes, culture
Change is hard, but expert Claudia Girrbach provides five techniques to help enterprises establish new information security processes and culture. Tip
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
-
Employee risk assessment: Helping security spot high-risk employees
Expert Ernie Hayden offers a brief primer on employee risk assessment using CERT guidelines to help security teams spot high-risk employees. Tip
-
Security policy and international employment laws for hiring overseas
Before opening an office abroad and hiring employees in other countries, learn how to adapt your security policy to international employment laws. Tip
-
Anti-social engineering training: The first line of defense against human error
Security team member Jeffrey Catalfamo details the key elements of a successful anti-social engineering training program. Tip
-
Spear phishing examples: How to stop phishing from compromising users
Spear phishing targets the weakest link in most security programs: users. These spear phishing examples can help your enterprise thwart attacks. Tip
- See more Tips on Security Awareness Training and Internal Threats-Information
-
Reframing discussions about return on security investment
According to expert Joe Granneman, return on security investment is a misnomer. Here's a better way to view security expenditures. Answer
-
IT security risk training for executives: How to get started
Executives don’t have time for formalized security risk training, so the onus is on the security team to become involved with core business processes. Answer
-
Using SANS Securing the Human security awareness tools
Learn how to use tools from the SANS Securing the Human program to boost the effectiveness of an enterprise security awareness program. Answer
-
To nullify targeted attacks, limit out-of-office message security risk
Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given. Answer
-
Block Windows Help files to help prevent social engineering attacks
Expert Nick Lewis explains how to prevent social engineering attacks that utilize Windows Help files by blocking attachments with the .hlp extension. Answer
-
Bing security: Is search engine poisoning a problem for Bing users?
Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security. Answer
-
Safely using shortened URLs requires user education, technology
Expert Nick Lewis delves into the potential threat posed by shortened URLs and what enterprises can do to protect users from malicious short URLs. Answer
-
Mitigations for mobile phishing problems on the iOS platform
With potential phishing problems surfacing for iOS users, expert Nick Lewis provides advice for enterprises facing the mobile phishing menace. Answer
-
Monitoring P2P activity by tracking corporate IP addresses
Mike Chapple discusses whether you should be monitoring P2P activity with site crawling and info gathering websites like YouHaveDownloaded.com. Answer
-
Using social engineering testing to foster anti-social engineering training
Worried your users could easily be pwned? Learn about improving social engineering testing to foster anti-social engineering training. Answer
- See more Expert Advice on Security Awareness Training and Internal Threats-Information
-
exit interview
An exit interview is a meeting between management representatives and someone who is leaving an organization. Businesses and other organizations such as educational institutions use exit interviews to gather useful feedback that can help guide future... Definition
-
security awareness training
Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology (IT). Regular training is particularly necessary in organizations with high turnover rates and tho... Definition
-
pretexting
Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage. A pretext is a false motive. Definition
-
insider threat
An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false cr... Definition
-
National Computer Security Center (NCSC)
The National Computer Security Center (NCSC) is a U.S. government organization within the National Security Agency (NSA) that evaluates computing equipment for high security applications to ensure that facilities processing classified or other sensit... Definition
-
micro-botnet (mini-botnet or baby botnet)
A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company. Definition
-
Honeynet Project
The Honeynet Project is a non-profit volunteer organization dedicated to computer security research and information sharing. Definition
-
single-factor authentication (SFA)
Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user... (Continued) Definition
-
trusted computing
Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications... (Continued) Definition
-
social engineering
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. Definition
- See more Definitions on Security Awareness Training and Internal Threats-Information
-
Researcher details findings on spoofing GPS, malicious insiders
Roger Johnston of Argonne National Laboratory discusses the implications of spoofing GPS and ways to manage angry and potentially malicious insiders. Video
-
Black Hat 2012: Phishing and social engineering penetration testing
Video: Anti-spear phishing training is controversial, but can be effective if it is done right, says Rohyt Belani, CEO and co-founder of PhishMe Inc. Video
-
5 Common Missteps with Trusted Insider Privileges
Insiders with elevated privileges are trusted with the keys to the kingdom; they're also prime targets for abuse from outsiders. In this podcast, you’ll learn five quick fixes to lessen the risk posed by trusted insiders. Podcast
-
Countdown: Top 5 insider threat detection myths
There are many misconceptions about insider threats in the enterprise. This podcast debunks those myths and sets the record straight on what enterprises really need to know about the detection of insider threats. Podcast
-
Bruce Schneier: What is cyberwar?
In this RSA Conference 2011 interview, Michael Mimoso, Editorial Director of the Security Media Group at TechTarget interviews Bruce Schneier, Chief Security Technology Officer of BT Group and tried to answer the question, "What is cyberwar?" Video
-
Face-off: Information security awareness and when not to reveal information
Can the security industry learn from the Transportation Security Administration? It may seem like an odd pairing, but both struggle with the challenges of protecting those in their care while maintaining usability and personal privacy. Video
-
419 baiters: Not all scam emails from Nigeria
Almost everyone has received an email promising riches from African royalty, but not all 419 scam emails come from Africa. Learn how to prevent employees from getting suckered in by these scams. Video
-
Face-off: Is end-user education worth the effort?
In this face-off, security experts Hugh Thompson, Founder of People Security, and Adam Shostack, co-author of "The New School of Information Security," discuss whether user security awareness training is worth the time, effort and resources. Video
-
Enterprise social networking: Schneier-Ranum face-off
Is there a way that enterprises can allow social networking securely, or are sites like Facebook and Twitter simply too risky for enterprise consumption? Security experts Bruce Schneier and Marcus Ranum discuss. Video
-
Software security threats and employee awareness training
What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions. Video
- See more Multimedia on Security Awareness Training and Internal Threats-Information
-
exit interview
An exit interview is a meeting between management representatives and someone who is leaving an organization. Businesses and other organizations such as educational institutions use exit interviews to gather useful feedback that can help guide future... Definition
-
Attack security literacy with brute force
Forget the slogans. Reset your security awareness program with actionable information. Column
-
IT security strategy 2.0: Adjusting for a shifting infosec landscape
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change. Tip
-
Whistleblower policy: Preventing insider information leak incidents
NSA-level incidents are rare, but they do happen. Learn how to prevent a whistleblower scenario and limit the risk of insider information leaks. Tip
-
IT content and vendor engagement evaluation survey
When IT professionals, such as you, have an IT project at their organization, there is a need to research multiple pieces of content from a variety of sources including vendors, third-parties and experts. This survey will allow TechTarget to identify... Survey
-
Reframing discussions about return on security investment
According to expert Joe Granneman, return on security investment is a misnomer. Here's a better way to view security expenditures. Answer
-
IT security risk training for executives: How to get started
Executives don’t have time for formalized security risk training, so the onus is on the security team to become involved with core business processes. Answer
-
Using SANS Securing the Human security awareness tools
Learn how to use tools from the SANS Securing the Human program to boost the effectiveness of an enterprise security awareness program. Answer
-
A HIPAA compliance checklist for corporate mergers and acquisitions
Learn about the important HIPAA compliance best practices that can help maintain compliance before and after a corporate merger or acquisition. Tip
-
To nullify targeted attacks, limit out-of-office message security risk
Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given. Answer
- See more All on Security Awareness Training and Internal Threats-Information
About Security Awareness Training and Internal Threats-Information
Get advice and tips on how end user security and security awareness training can help prevent internal threats. Info is also offered on keystroke loggers, security awareness programs, and how to prevent data leakage.