Security Management Strategies for the CIOEmail Alerts
-
Parade College adpots UTM for network security
Parade College has replaced a Blue Reef security solution with Watchguard UTM devices. Feature
-
Quiz: Automated compliance in the enterprise
Use this five-question quiz to test your knowledge of automated compliance in the enterprise. Quiz
-
Windows tools for investigating an attack
Use this list of Windows tools when investigating an attack against a Web server. Security School
-
Final exam: Web attack prevention and defense
Discover how much you've learned about Web server security with this final exam on Web attack prevention and defense. Security School
-
Web attack prevention and defense final exam answers
Check our final exam answers following our Web attack defense and prevention Security School lesson. Security School
-
Essential fortification checklist
Use this checklist on the job to fortify your Web server. Security School
-
SOX Scorecard 2
This 20-question scorecard, aligned with the sections of the COBIT standard, is designed to help an organization gauge its ability to meet COBIT control objectives that are important in complying with Sarbanes-Oxley Section 404. Each question has fou... Security Scorecard
-
SearchSecurity.com's Checklist Library
A round up of our security checklists. Security Checklists
-
Honesty and high-integrity character
Book Excerpt
-
Basic familiarity with information security technology
Book Excerpt
- See more Essential Knowledge on Security Resources
-
New Adobe Reader X fortifies PDF viewer against attacks
Adobe Reader X uses Microsoft's sandboxing technology to block potentially dangerous processes from executing beyond the confines of the software. Article | 23 Nov 2010
-
Microsoft repairs flaws in Forefront UAG, critical Office flaw
Microsoft repaired four vulnerabilities in its Forefront Unified Access Gateway and a critical flaw in Microsoft Office. Article | 09 Nov 2010
-
Microsoft to address 49 flaws in record patching cycle
The software giant said it would release 16 bulletins next week addressing flaws in Internet Explorer, Microsoft Office, and the .NET Framework. Article | 07 Oct 2010
-
Adobe fix plugs dangerous attack holes in Reader, Acrobat
Adobe fixed 23 holes, including a critical zero-day vulnerability in Flash Player, which affects Flash components in Reader and Acrobat. Article | 06 Oct 2010
-
PCI Standards to be updated on new three-year cycle
The PCI Security Standards Council will update the PCI Data Security Standard on a new three-year cycle after the latest update is applied in October. Article | 22 Jun 2010
-
EMC buys Archer Technologies for compliance management
The acquisition couples EMC's RSA security division with Archer's compliance management platform and builds on RSA's financial industry presence. Article | 04 Jan 2010
-
NAC vendors stake future on manageability
With security experts predicting a shake-out in the NAC market, vendors are focusing on management tools as the best recipe for survival. Article | 24 Jan 2008
-
Data leakage problem tough to solve
Companies are searching for ways to prevent sensitive information from slipping out of their networks, but various technologies to address the problem have their drawbacks. Article | 17 Jan 2008
-
Encryption may help regulatory compliance
A Walt Disney security executive says encrypted file systems hold the answers for enterprises looking to comply with government regulations without sacrificing system performance. Article | 17 Jan 2008
-
Analyst warns to keep tech talk out of security policies
It's easy to get carried away when developing or revamping a corporate security policy, but one expert at Information Security Decisions says it's actually much better to keep things short and simple. Article | 17 Jan 2008
- See more News on Security Resources
-
10 emerging malware trends for 2007
From phishing threats to zero-day flaws, hackers have certainly developed many sophisticated ways to exploit vulnerabilities for their gain. And, as SearchSecurity.com's information security expert Ed Skoudis explains, new methods are constantly bein... Tip
-
Securing Apache: Keeping patches current1
Learn how to manage security updates to Apache Web server. Tip
-
Invasion force
Understand how botnets find compromised machines and launch worm, malware and phishing in a simultaneous attack scheme. Get tools and tactics to keep your enterprise safe. Tip
-
Blocking spyware via the ActiveX kill bit
Learn a proactive way to block spyware from infesting workstations. Tip
-
Routing protocol security
Here are some of the most common attacks directed at routing infrastructures and the steps you can take to mitigate risk. Tip
-
Products of the Year: Antivirus/antiworm
2004 antivirus and antiworm products of the year. Tip
-
Rife phishing, mutated worms and funds in '05
In this week's tip, Mike Chapple reviews top Web security concerns of 2004 and shares his view of expected issues for next year. Tip
-
Weekly Security Planner: January
Prescriptive security strategies for the first four weeks of the year. Tip
-
Weekly Security Planner: February
Prescriptive security strategies for weeks 5-8. Tip
-
Weekly Security Planner: April
Prescriptive security strategies for weeks 14-17. Tip
- See more Tips on Security Resources
-
A written information security policy (WISP) example for compliance
Looking for a Written Information Security Policy (WISP) example for compliance with the Massachusetts data protection law? In this expert response, Ernie Hayden gives readers just that. Ask the Expert
-
FERPA regulation guidelines to email student personal data unencrypted
In order to protect student personal data, FERPA was enacted in 1974. But does protecting that data allow for FERPA educational records to be sent unencrypted via email? Find out in this expert response. Ask the Expert
-
Guide to infosec certifications
Ask the Expert
-
Can the extra network card be configured to access software on the internal network for server back-
Ask the Expert
-
What can we do to block unauthorized, outside access to our e-mail server?
Ask the Expert
-
Should my server have one or two NICs?
Ask the Expert
-
Should I go for a CISSP or a BS7799?
Ask the Expert
-
What should I focus on in IT school to land a job doing network security when I graduate?
Ask the Expert
-
Which route should I take in the information security field?
Ask the Expert
-
Free downloads for auditing network
Ask the Expert
- See more Expert Advice on Security Resources
-
distributed denial-of-service attack (DDoS)
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Definition
-
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Definition
-
multifactor authentication (MFA)
Multifactor authentication (MFA) is a security system in which more than one form of authentication is implemented to verify the legitimacy of a transaction... (Continued) Definition
-
attack vector
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Definition
-
Zeus Trojan (Zbot)
Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. A Trojan Horse is programming that appears to be legitimate but actually hides an attack. Definition
-
differential power analysis (DPA)
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains. Definition
-
typeprint analysis
Typeprint analysis is a technology in which the rhythmic patterns of a person's keyboard behavior, known as keystroke dynamics, are analyzed over a period of time and then stored... (Continue) Definition
-
role-based access control (RBAC)
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise... Definition
-
botnet (zombie army)
A zombie army (also known as a botnet) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward spam or viruses to other computers on the Internet... (Continued) Definition
-
spear phishing
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from ... Definition
- See more Definitions on Security Resources
-
Adobe: Increasing transparency and the secure product lifecycle
Brad Arkin discusses why Adobe created his role, how it engages the security research community and how Adobe has learned that talking about security isn't a bad thing. Video
-
201 CMR 17 compliance: What you need to know
The new Massachusetts data protection law, 201 CMR 17, is known as one of the most stringent laws of its kind. In this interview, David Navetta of the Information Law Group discusses how enterprises should approach compliance with this law. Video
-
OWASP Security Spending Benchmarks Project
An OWASP project investigates company spending on software development. A survey found a majority of firms getting an independent third-party security review of software code. Video
-
distributed denial-of-service attack (DDoS)
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Definition
-
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Definition
-
multifactor authentication (MFA)
Multifactor authentication (MFA) is a security system in which more than one form of authentication is implemented to verify the legitimacy of a transaction... (Continued) Definition
-
attack vector
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Definition
-
Zeus Trojan (Zbot)
Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. A Trojan Horse is programming that appears to be legitimate but actually hides an attack. Definition
-
differential power analysis (DPA)
A differential power analysis (DPA) attack is an exploit based on analysing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains. Definition
-
typeprint analysis
Typeprint analysis is a technology in which the rhythmic patterns of a person's keyboard behavior, known as keystroke dynamics, are analyzed over a period of time and then stored... (Continue) Definition
-
role-based access control (RBAC)
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise... Definition
-
botnet (zombie army)
A zombie army (also known as a botnet) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward spam or viruses to other computers on the Internet... (Continued) Definition
-
spear phishing
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from ... Definition
- See more All on Security Resources