-
Owning the C-suite
If you've found yourself on the losing end of a few too many battles, and security is suffering because of a lack of support from top executives, a bit of positive social engineering may be just the thing. Information Security maga
-
A Business Guide to Information Security: Threats and Compliance
In this excerpt from Chapter 1 of A Business Guide to Information Security, author Alan Calder identifies six future risks to information security and explains how they will affect individuals and organizations. Book Chapter
-
Multi-dimensional enterprise-wide security: Corporate reputation
Learn how to protect information assets and resources within all areas of the enterprise and in compliance with all regulatory, policy and contractual requirements. 10 Tips in 10 Minutes
-
Multi-dimensional enterprise-wide security: Divide and conquer
Learn how to protect information assets and resources within all areas of the enterprise and in compliance with all regulatory, policy and contractual requirements. 10 Tips in 10 Minutes
-
Managing Human Resources: Termination Procedures
In this excerpt from Chapter 6 of The Little Black Book of Computer Security, author Joel Dubin provides an outline of security measures to take when terminating an employee. Book Chapter
-
Spy vs. Spy
Excerpt from Chapter 6 of Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day. Book Chapter
-
Combining technology and social engineering: Hacking behind bars
In this excerpt from Chapter 11 of "The Art of Deception: Controlling the Human Element of Security," authors Kevin Mitnick and William L. Simon begin a story that shows how social engineering can be used with technology. Reprint
-
Learning about Security Threats: Profiling
A look at what it means to be a hacker. Reprint
-
Quiz: Common Vulnerabilities
Test your knowledge of common security vulnerabilities. Quiz
-
Quiz: Security awareness for end users
Give this quiz to your end users and find out how much they really know about security. Quiz
- See More: Essential Knowledge on Security Awareness Training and Internal Threats-Information
-
Firms struggle to address social networking security risks, survey finds
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute. News | 03 Oct 2011
-
Former CIA official cites rise in government cybersecurity awareness
Former CIA ops director Cofer Black urges the security community to educate decision makers and validate how cyberattacks endanger national defense. News | 03 Aug 2011
-
Security awareness training begins with risk assessment
Security expert Rob Cheyne, CEO of Safelight Security Advisors, explains how organizations can get started with security training programs. Cheyne said a good first step is a risk assessment. News | 24 Mar 2011
-
Former trader gets 3-years for stealing code in Societe Generale case
Security cameras caught Samarth Agrawal stealing source code to a multi-million proprietary trading system used by Societe Generale. Article | 01 Mar 2011
-
Security awareness strategy: Weighing optimism vs. pragmatism
Fostering security awareness is a controversial topic and a difficult challenge, but as Senior Site Editor Eric B. Parizo writes, the methods may not be as important as the passion to succeed. Column | 18 Nov 2010
-
Security information sharing is a shared responsibility
Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent. Column | 30 Aug 2010
-
Opinion: Welcome, Apple users, to your new miserable experience
Opinion: Apple security is perceived to be very good, but as the popularity of Apple technologies increases, so too are the dangers for Apple users and the companies charged with securing Apple products. Column | 26 Jul 2010
-
CISOs take measured steps to reduce social media risks
With sales and marketing teams using social networks to connect with clients and potential customers, CISOs need to meet business needs while addressing risks. Article | 08 Feb 2010
-
Health Net breach failure of security policy, technology
Investigators should question why an external hard drive contained seven years of data, but IT security should have had the appropriate security policies and technologies in place to enforce them. Column | 27 Nov 2009
-
Massive T-Mobile UK security breach involves insiders
A UK agency suspects insiders are behind a massive data breach at T-Mobile UK where customer data was pilfered and sold to competitors. Article | 18 Nov 2009
- See More: News on Security Awareness Training and Internal Threats-Information
-
Security policy and international employment laws for hiring overseas
Before opening an office abroad and hiring employees in other countries, learn how to adapt your security policy to international employment laws. Tip
-
Anti-social engineering training: The first line of defense against human error
Security team member Jeffrey Catalfamo details the key elements of a successful anti-social engineering training program. Tip
-
Spear phishing examples: How to stop phishing from compromising users
Spear phishing targets the weakest link in most security programs: users. These spear phishing examples can help your enterprise thwart attacks. Tip
-
Business partner security: Managing business risk
Allowing outside business partner access to your systems and data always comes with some level of risk. Nick Lewis examines what those risks are and strategies for managing business risk. Bonus Tip
-
Government cybersecurity: User-level security tools mitigate Fed insider risks
Taking on a new zero-trust model, many federal agencies are implementing insider threat controls at the user level. Tip
-
Secure browsing: Free plug-in lessens social networking security risks
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks. Tip
-
Monitoring strategies for insider threat detection
Insider threat detection is a vital part of the security of any enterprise organization. In this tip, part of the SearchSecurity.com Insider Threats Security School lesson, learn about the best insider threat detection strategies. Tip
-
Fake antivirus pop-up scams: Forming a security awareness training plan
Rogue antimalware programs have been around for a while, and, according to a recent Google report, are more prominent and more difficult to detect than ever before. In this expert tip, Michael Cobb explains how to train employees to deal with these f... Tip
-
Employee compliance: Creating a compliance-focused workforce
If your security team is low on time and money, one of the best things you can do is recruit more people: an entire enterprise worth's. In this tip, learn how to engage corporate employees to be secure themselves and to help enforce compliance best p... Tip
-
Defining an incident response process when short staffed
The incident response process can be difficult when short staffed. In this tip, learn how to put together a computer security incident response team by leveraging other departments in your organization. Tip
- See More: Tips on Security Awareness Training and Internal Threats-Information
-
URL shortening security best practices
Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly. Answer
-
Privacy laws in the workplace: Creating employee privacy policies
Are your employees aware of their workplace privacy rights? More specifically, are they aware of what privacy rights they don't retain? Learn how to create effective employee privacy policies in this expert response. Ask the Expert
-
Information security program development: Security vs. compliance
Some enterprises can be compliant for their audits, but let security slip the rest of the time. In this expert response, Ernie Hayden explains how to get your enterprise to focus on security rather than just compliance. Ask the Expert
-
Employee information security awareness training for new IAM systems
When an enterprise gets new IAM systems, training employees on how to interact with the technology is one of the most important aspects of deployment. Learn how to implement employee information security awareness training for new IAM systems and tec... Ask the Expert
-
What defenses can prevent the hijacking of a city's fiber network?
How do you prevent a network administrator from hijacking and preventing access to a city's fiber network? The answer is fairly low-tech, says network security expert Mike Chapple. Ask the Expert
-
Can home PCs provide a way for viruses and spyware to enter a corporate LAN?
When considering allowing remote access to a corporate LAN, security concerns are paramount, especially when corporate security pros have no control over the home PCs. Learn how to protect the corporate LAN from viruses and spyware. Ask the Expert
-
I am concerned that a former employee will utilize corporate information in a malicious way.
Scenario: A former employee may still have classified enterprise information that she or he may use to hack the enterprise's system. What steps should be taken to insure the information's security? Ask the Expert
-
Is it important to hold fraud-training sessions during a fraud-risk analysis?
When conducting a fraud-risk analysis, how important is it to educate employees with fraud-training sessions? Security management expert Mike Rothman explains the best way to proceed. Ask the Expert
-
What kind of data is compromised during a Google hack?
Ed Skoudis defines Google hacking, unveils the type of data that is most commonly exposed during this type of attack and offers ways to ward off Google hackers. Ask the Expert
-
Should social engineering tests be included in penetration testing?
Information security threats expert Ed Skoudis weighs the positive and negative aspects of allowing social engineering tests to be a part of the penetration testing process. Ask the Expert
- See More: Expert Advice on Security Awareness Training and Internal Threats-Information
-
micro-botnet (mini-botnet or baby botnet)
A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company. Word
-
single-factor authentication (SFA)
Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user... (Continued) Word
-
trusted computing
Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications... (Continued) Word
-
pretexting
Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage. A pretext is a false motive. Word
-
Total Information Awareness (TIA)
Total Information Awareness (TIA) is the name of a massive U.S. data mining project focused on scanning travel, financial and other data from public and private sources with the goal of detecting and preventing transnational threats to national secur... Word
-
insider threat
An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false cr... Word
-
Honeynet Project
Word
-
shoulder surfing
Word
-
dumpster diving
Word
-
social engineering
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. Word
- See More: Definitions on Security Awareness Training and Internal Threats-Information
-
5 Common Missteps with Trusted Insider Privileges
Insiders with elevated privileges are trusted with the keys to the kingdom; they're also prime targets for abuse from outsiders. In this podcast, you’ll learn five quick fixes to lessen the risk posed by trusted insiders. Podcast
-
Countdown: Top 5 insider threat detection myths
There are many misconceptions about insider threats in the enterprise. This podcast debunks those myths and sets the record straight on what enterprises really need to know about the detection of insider threats. Podcast
-
Bruce Schneier: What is cyberwar?
In this RSA Conference 2011 interview, Michael Mimoso, Editorial Director of the Security Media Group at TechTarget interviews Bruce Schneier, Chief Security Technology Officer of BT Group and tried to answer the question, "What is cyberwar?" Video
-
Face-off: Information security awareness and when not to reveal information
Can the security industry learn from the Transportation Security Administration? It may seem like an odd pairing, but both struggle with the challenges of protecting those in their care while maintaining usability and personal privacy. Video
-
419 baiters: Not all scam emails from Nigeria
Almost everyone has received an email promising riches from African royalty, but not all 419 scam emails come from Africa. Learn how to prevent employees from getting suckered in by these scams. Video
-
Face-off: Is end-user education worth the effort?
In this face-off, security experts Hugh Thompson, Founder of People Security, and Adam Shostack, co-author of "The New School of Information Security," discuss whether user security awareness training is worth the time, effort and resources. Video
-
Schneier-Ranum face-off, part 2: Social networking
Is there a way that enterprises can allow social networking securely, or are sites like Facebook and Twitter simply too risky for enterprise consumption? Security experts Bruce Schneier and Marcus Ranum discuss. Video
-
Software security threats and employee awareness training
What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions. Video
-
How to choose the right SIM
There are dozens of security information management (SIM) tools on the market and they each have their own strengths and weaknesses. Choosing the wrong solution, however, is not just an issue of wasting your investment, but also potentially failing t... Podcast
-
Security policy and international employment laws for hiring overseas
Before opening an office abroad and hiring employees in other countries, learn how to adapt your security policy to international employment laws. Tip
-
Anti-social engineering training: The first line of defense against human error
Security team member Jeffrey Catalfamo details the key elements of a successful anti-social engineering training program. Tip
-
Firms struggle to address social networking security risks, survey finds
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute. News
-
5 Common Missteps with Trusted Insider Privileges
Insiders with elevated privileges are trusted with the keys to the kingdom; they're also prime targets for abuse from outsiders. In this podcast, you’ll learn five quick fixes to lessen the risk posed by trusted insiders. Podcast
-
Spear phishing examples: How to stop phishing from compromising users
Spear phishing targets the weakest link in most security programs: users. These spear phishing examples can help your enterprise thwart attacks. Tip
-
URL shortening security best practices
Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly. Answer
-
Former CIA official cites rise in government cybersecurity awareness
Former CIA ops director Cofer Black urges the security community to educate decision makers and validate how cyberattacks endanger national defense. News
-
Business partner security: Managing business risk
Allowing outside business partner access to your systems and data always comes with some level of risk. Nick Lewis examines what those risks are and strategies for managing business risk. Bonus Tip
-
Countdown: Top 5 insider threat detection myths
There are many misconceptions about insider threats in the enterprise. This podcast debunks those myths and sets the record straight on what enterprises really need to know about the detection of insider threats. Podcast
-
Government cybersecurity: User-level security tools mitigate Fed insider risks
Taking on a new zero-trust model, many federal agencies are implementing insider threat controls at the user level. Tip
- See More: All on Security Awareness Training and Internal Threats-Information
About Security Awareness Training and Internal Threats-Information
Get advice and tips on how end user security and security awareness training can help prevent internal threats. Info is also offered on keystroke loggers, security awareness programs, and how to prevent data leakage.