Security Management Strategies for the CIO
Email Alerts
-
Next-generation firewalls play by new rules
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with fine-tuned application awareness and better controls, many IT managers are still stuck with the original f... E-Zine
-
Security vulnerability management tutorial
SearchSecurity.com presents a comprehensive guide to vulnerability management. Our experts cover all the angles with authoritative technical advice on: application security testing methods; leveraging vulnerability assessment results; analysis and co... E-Book
-
Security School: Data breach prevention strategies
In this lesson, expert Nick Lewis establishes a baseline data breach prevention strategy every enterprise should have in place. Guide
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Quiz: Developing a defense-in-depth strategy for antimalware defense
Take this five-question quiz to evaluate your knowledge of the material presented by expert Lenny Zeltser in this Intrusion Defense School lesson. Quiz
-
Quiz: Reinventing defense in depth
This quiz is part of SearchSecurity.com’s Intrusion Defense Security School lesson, Reinventing defense in depth. Reinforce your knowledge of the key concepts of this lesson by taking the five-question quiz below. Quiz
-
CISSP Essentials training: Domain 10, Operations Security
Discover everything you need to know to ace the CISSP® exam with our first series of SearchSecurity.com Security School webcasts focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge... Security School
-
Spotlight article: Domain 10, Operations Security
Get a detailed introduction to CISSP exam Domain 10, Operations Security. Security School
-
Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities
Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation ... SearchSecurity Technical
-
Fuzzing: Brute Force Vulnerability Discovery
In this Chapter 21 excerpt from "Fuzzing: Brute Force Vulnerability Discovery," authors Michael Sutton, Adam Greene, and Pedram Amini examine SPIKE, one of the most popular and widely used fuzzing frameworks. Book Chapter
-
RSA Conference 2007: Product announcements
RSA Conference 2007: Product announcements Conference Coverage
-
IAM Security School Final Exam quick quiz
SearchSecurity Retention
- See more Essential Knowledge on Vulnerability Risk Assessment
-
Bit9 report blasts Java security vulnerabilities as 'severe'
A study by Bit9 explains just how bad the Java problem really is: The most popular version has 96 severe vulnerabilities. News | 19 Jul 2013
-
Emerging threats include kinetic attack, offensive forensics: RSA 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks. News | 04 Mar 2013
-
Enterprises can obtain value from red teaming exercises, expert says
Red teaming assesses the security of an organization and can be a more effective way to assess the organization's security posture. News | 14 Nov 2012
-
Report highlighting SCADA insecurities alarmist, says ICS expert
Study from vulnerability management firm Positive Technologies Security contends that 39% of systems in the U.S. and Europe are vulnerable to attack. News | 12 Nov 2012
-
Symantec study highlights complexity of risks posed by zero-day exploits
Zero-day exploits are typically used in targeted attacks, but public disclosure of unpatched flaws significantly increases the use of the exploits. News | 17 Oct 2012
-
Application vulnerability disclosures rise, Microsoft finds
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft. News | 11 Oct 2012
-
Rapid7 acquires Mobilisafe to assess mobile device risks
Mobile risk management vendor Mobilisafe assesses employee smartphones and tablets for platform vulnerabilities. News | 10 Oct 2012
-
Age-old vulnerabilities, attack techniques consistently trip enterprises
Windows security has improved, but longstanding Unix and network vulnerabilities remain an easy target for determined attackers. News | 02 Oct 2012
-
Pen testers should broaden scope, focus more on people, expert says
Pen testers often focus on system errors and application flaws, but employees are often an enterprise's greatest weakness, explains Chris Nickerson. News | 01 Oct 2012
-
AT&T applies new tactics to advanced persistent threat protection
After a year researching and implementing new advanced persistent threat protection tactics, the telco giant has put several new defenses in place. News | 12 Sep 2012
- See more News on Vulnerability Risk Assessment
-
Cybersecurity and global risk assessment enter the boardroom
Analysts expect security concerns to drive global risk management, but executives may need convincing. Column
-
Using the network to prevent an Oracle TNS Listener poison attack
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications. Tip
-
Securely implement and configure SSL to ward off SSL vulnerabilities
Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely. Tip
-
How to ensure data security by spotting enterprise security weaknesses
How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security. Tip
-
Exploring Google Chromebook security for the enterprise
The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
-
Duqu malware advice: Should enterprises worry about the Duqu Trojan?
Enterprise threats expert Nick Lewis offers analysis of the recent Duqu malware outbreak and the Duqu Trojan response enterprises should take. Tip
-
Windows MBSA scan demo: Conducting a Windows security review
In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review. Tip
-
Zero-day vulnerabilities and the patch management process: To test or not to test?
Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing. Tip
-
Remediating IT vulnerabilities: Quick hits for risk prioritization
There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization. Tip
-
Forrester: Developing an enterprise risk assessment template
Despite skeptics, an enterprise risk assessment template is worth investing in. Forrester’s Chris McClean explains why and how to get started. Tip
-
Balancing compliance with information security threat assessment
Compliance is often the driver for security spending rather than real risks. Learn how to incorporate current threats into a compliance program. Tip
- See more Tips on Vulnerability Risk Assessment
-
Identifying and locking down known Java security vulnerabilities
Expert Michael Cobb discusses why known Java security vulnerabilities are on so many endpoints and how to contain them -- without updating Java. Answer
-
SANS Top 20 Critical Security Controls vs. Defence Signals Directorate
Expert Michael Cobb compares the value of the SANS Top 20 Critical Security Controls with Australia's Defence Signals Directorate advice. Answer
-
How to limit penetration test risks by defining testing scope
Expert Nick Lewis explains how to reduce penetration testing risks by limiting the scope of the test. Answer
-
Prepare your enterprise network for the DSN Changer botnet takedown
Expert Nick Lewis details the DNS Changer botnet takedown and its impact on enterprise security. Learn how to search for DNS Changer on client machines. Answer
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
How Microsoft security assessment tools can benefit your enterprise
Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment. Answer
-
Is a full vulnerability disclosure strategy a responsible approach?
When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the question in this response. Ask the Expert
-
Are RealPlayer, Adobe Shockwave vulnerability risks too great for the enterprise?
Adobe Shockwave and RealNetworks RealPlayer are fun and convenient for enterprise users, but are their vulnerabilities worth the risk of having them? Ask the Expert
-
Identity management SSO security: Hardening single sign-on systems
Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby. Ask the Expert
-
MD5 security: Time to migrate to SHA-1 hash algorithm?
Many organizations have been replacing the MD5 hash algorithm with the SHA-1 hash function, but can the MD5 hash algorithm still be used securely? Ask the Expert
- See more Expert Advice on Vulnerability Risk Assessment
-
micro-botnet (mini-botnet or baby botnet)
A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company. Definition
-
gray hat (or grey hat)
Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Definition
-
Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims
Video: Adobe software security chief Brad Arkin details the software giant's policy on vulnerability disclosure and Group-IB's Reader sandbox claims. Video
-
Use the Mandiant Redline memory analysis tool for threat assessments
Video: Keith Barker of CBT Nuggets shows how to use the Mandiant Redline memory analysis tool to conduct threat assessments, defeat rootkits. Video
-
McGraw: Mobile app security issues demand trustworthy computing
Video: Cigital's Gary McGraw discusses the top mobile app security issues, and why it's time to apply trustworthy computing concepts to mobile devices. Video
-
How to use Microsoft's MAP toolkit security assessment application
Video: Keith Barker of CBT Nuggets details how to use Microsoft's MAP Toolkit security assessment application to find and report on vulnerable endpoints. Screencast
-
Vulnerability researcher on layered security plan mistakes
A layered security plan is good, but Argonne National Laboratory vulnerability researcher Roger Johnston warns against too many layers. Video
-
Black Hat 2012: Rodrigo Branco on new malware research database
Video: Qualys vulnerability researcher Rodrigo Branco discusses his new malware analysis system that will serve as a malware research database. Video
-
Exploit Intelligence Project: Rethinking information security threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
-
Jose Granado on the benefits of penetration testing, ‘human hacking’
Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well. Video
-
IT patch management best practices: Overcoming the challenges
This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes. Video
-
Narcissistic vulnerability pimp: Baker on researchers and bug bounties
In a blog post, Verizon Director of Risk Wade Baker proposed a new title for security researchers looking to get attention who release bug information before a patch is released: Narcisstic vulnerability pimps. Video
- See more Multimedia on Vulnerability Risk Assessment
-
Cybersecurity and global risk assessment enter the boardroom
Analysts expect security concerns to drive global risk management, but executives may need convincing. Column
-
Next-generation firewalls play by new rules
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with fine-tuned application awareness and better controls, many IT managers are still stuck with the original f... E-Zine
-
Identifying and locking down known Java security vulnerabilities
Expert Michael Cobb discusses why known Java security vulnerabilities are on so many endpoints and how to contain them -- without updating Java. Answer
-
SANS Top 20 Critical Security Controls vs. Defence Signals Directorate
Expert Michael Cobb compares the value of the SANS Top 20 Critical Security Controls with Australia's Defence Signals Directorate advice. Answer
-
Bit9 report blasts Java security vulnerabilities as 'severe'
A study by Bit9 explains just how bad the Java problem really is: The most popular version has 96 severe vulnerabilities. News
-
How to limit penetration test risks by defining testing scope
Expert Nick Lewis explains how to reduce penetration testing risks by limiting the scope of the test. Answer
-
Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims
Video: Adobe software security chief Brad Arkin details the software giant's policy on vulnerability disclosure and Group-IB's Reader sandbox claims. Video
-
Use the Mandiant Redline memory analysis tool for threat assessments
Video: Keith Barker of CBT Nuggets shows how to use the Mandiant Redline memory analysis tool to conduct threat assessments, defeat rootkits. Video
-
McGraw: Mobile app security issues demand trustworthy computing
Video: Cigital's Gary McGraw discusses the top mobile app security issues, and why it's time to apply trustworthy computing concepts to mobile devices. Video
-
Emerging threats include kinetic attack, offensive forensics: RSA 2013
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks. News
- See more All on Vulnerability Risk Assessment
About Vulnerability Risk Assessment
In this vulnerability and risk assessment resource, get tips and tricks on how to conduct a network vulnerability assessment, vulnerability reporting, scanning, assessment tools and reports.