Data security strategies and governance
In this guide to enterprise data security strategies and governance, get advice on how to protect your enterprise information with the right data classification and protection techniques and policies.
Top Stories
-
Answer
19 Apr 2023
How to defend against TCP port 445 and other SMB exploits
Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place. Continue Reading
-
Feature
09 Nov 2021
API security strategies must evolve to include API protection
An API security strategy must include the ability to protect APIs post-deployment, but questions abound about ownership, which tools to use and how to get started. Continue Reading
-
Definition
22 Nov 2021
snooping
Snooping, in a security context, is unauthorized access to another person's or company's data. Continue Reading
-
Feature
09 Nov 2021
API security strategies must evolve to include API protection
An API security strategy must include the ability to protect APIs post-deployment, but questions abound about ownership, which tools to use and how to get started. Continue Reading
-
Feature
05 Nov 2021
The 10 most common ERP security issues and ways to fix them
Today's ERP systems are exposed like never before. Learn about the most common ERP security issues companies are facing and how IT and security teams can address them. Continue Reading
-
Tip
27 Oct 2021
5 IT security policy best practices
As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
-
Quiz
27 Oct 2021
Test your aptitude for secure data storage
Find out if your data storage security know-how is up to standards with a quiz. Test your knowledge of common errors, helpful terms and resources, and ensure your data is secure. Continue Reading
-
News
08 Oct 2021
Senators want FTC to enforce a federal data security standard
U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them. Continue Reading
-
Guest Post
04 Oct 2021
5 principles for AppSec program maturity
Applications remain a top cause of external data breaches. Follow these five principles to achieve application security program maturity. Continue Reading
-
News
08 Sep 2021
IBM's first Power10 server tailored for hybrid clouds
IBM has moved closer to achieving a frictionless hybrid cloud model with its first Power10 server. The new system comes loaded with a variety of security technologies. Continue Reading
-
News
31 Aug 2021
SEC sanctions financial firms for cybersecurity failures
Three financial services firms were charged with failing to implement proper cybersecurity policies after cyber attacks led to the exposure of customer data. Continue Reading
-
News
16 Aug 2021
FBI watchlist exposed by misconfigured Elasticsearch cluster
A terrorist watchlist was found in an exposed database, and security researcher Bob Diachenko says there is no way of knowing just how long it was open to the public. Continue Reading
-
Answer
06 Aug 2021
Is bitcoin safe? How to secure your bitcoin wallet
As bitcoin use increases, so too have the number of cyber attacks on cryptocurrency exchanges and wallets. Learn how to keep bitcoin use secure. Continue Reading
-
Answer
15 Jul 2021
How to prevent software piracy
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
-
Tip
04 Jun 2021
5 steps to secure the hybrid workforce as offices reopen
Companies must now face the security challenges of overseeing a hybrid workforce as employees return to the office. Continue Reading
-
Feature
03 Jun 2021
How to handle social engineering penetration testing results
In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
-
Feature
03 Jun 2021
How to ethically conduct pen testing for social engineering
Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading
-
Podcast
01 Jun 2021
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition. Continue Reading
-
Definition
27 May 2021
National Security Agency (NSA)
The National Security Agency (NSA) is a federal government intelligence agency that is part of the United States Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
-
Quiz
25 May 2021
Cryptography quiz questions and answers: Test your smarts
Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions. Continue Reading
-
News
18 May 2021
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021. Continue Reading
-
News
12 May 2021
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
-
Tip
07 May 2021
How to successfully automate GRC systems in 7 steps
There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, deploy and monitor GRC activities and tools. Continue Reading
-
Guest Post
28 Apr 2021
Cybersecurity key to protect brands in the digital landscape
The digital transformation disrupted the relationship between brand value and risk. Vishal Salvi explains how the right cybersecurity strategy protects both brands and customers. Continue Reading
-
Guest Post
16 Apr 2021
Companies must train their SOC teams well to prevent breaches
SOC teams can have all the latest and greatest cybersecurity tools, but unless they have the proper training, it won't be enough to mitigate an attack. Continue Reading
-
Guest Post
15 Apr 2021
5 cybersecurity testing areas CISOs need to address
With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
-
Definition
13 Apr 2021
physical security
Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to an enterprise, agency or institution. Continue Reading
-
Guest Post
07 Apr 2021
Utilizing existing tech to achieve zero-trust security
A zero-trust security model can immediately be used to address current gaps and provide a secure foundation for managing risk going forward, from both internal and external threats. Continue Reading
-
Quiz
30 Mar 2021
Data loss prevention quiz: Test your training on DLP features
Data loss prevention tools can help infosec manage insider threat, shadow IT and compliance initiatives. Test your know-how with this DLP quiz. Continue Reading
-
Guest Post
11 Mar 2021
How security teams can prepare for advanced persistent threats
Daniel Clayton explains how any organization can devise its cybersecurity strategy to account for advanced persistent threats, which have started changing the threat landscape. Continue Reading
-
News
25 Feb 2021
Vastaamo breach, bankruptcy indicate troubling trend
The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics. Continue Reading
-
Tip
25 Feb 2021
3 post-SolarWinds supply chain security best practices
Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading
-
Feature
11 Feb 2021
4 tips for aligning security with business objectives
Today's most effective CISOs develop cybersecurity strategies that fit their organizations' risk appetites and support business growth. Learn how they do it. Continue Reading
-
Tip
10 Feb 2021
How to address and prevent security alert fatigue
An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences. Continue Reading
-
Guest Post
25 Jan 2021
4 ways to minimize the risk of IT supply chain attacks
Mark Whitehead breaks down the importance of taking a zero-trust cybersecurity approach when it comes to protecting networks and data accessible by third-party partners. Continue Reading
-
Tip
30 Dec 2020
Data sanitization techniques: Standards, practices, legislation
An effective data sanitization process lessens the chance that your organization's valuable data could be stolen or compromised, and enhances compliance. Continue Reading
-
Feature
29 Dec 2020
Editor's picks: Top cybersecurity articles of 2020
As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
-
Feature
22 Dec 2020
Enterprise cybersecurity threats spiked in 2020, more to come in 2021
After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021. Continue Reading
-
Feature
09 Dec 2020
WatchGuard highlights critical MSP security services for 2021
MSPs in 2021 will face higher volumes of spear phishing attacks, hazardous gaps in remote work setups and a crucial need for widespread MFA adoption, WatchGuard Technologies says. Continue Reading
-
Tip
20 Nov 2020
Cyber insurance explained, from selection to post-purchase
Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading
-
Opinion
02 Nov 2020
Cybersecurity for remote workers: Lessons from the front
Tackle the security challenges COVID-19 wrought by using this playbook from an experienced disaster-zone responder. Continue Reading
-
Guest Post
28 Oct 2020
Addressing the expanding threat attack surface from COVID-19
CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely. Continue Reading
-
Guest Post
01 Oct 2020
3 common election security vulnerabilities pros should know
Election security remains top of mind for many right now, with Nabil Hannan discussing vulnerabilities like remote breaches, new attack surfaces and poor current controls. Continue Reading
-
Tip
30 Sep 2020
What are the top secure data transmission methods?
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip. Continue Reading
-
Tip
22 Sep 2020
Format-preserving encryption use cases, benefits, alternative
With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more. Continue Reading
-
Feature
03 Aug 2020
Security pros explain how to prevent cyber attacks
Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks. Continue Reading
-
Tip
29 Jul 2020
As network security analysis proves invaluable, NDR market shifts
IT infrastructure threat detection and response have emerged as critical elements of enterprise cybersecurity as network security analysis proves invaluable to protecting data. Continue Reading
-
Feature
21 Jul 2020
Complexity exacerbates cloud cybersecurity threats
As cloud becomes intrinsic to IT, shifting roles have led to some risks being overlooked. But companies are getting smarter about alleviating cloud cybersecurity threats. Continue Reading
-
Answer
19 Jun 2020
How to prevent network eavesdropping attacks
One of the biggest challenges of network eavesdropping attacks is they are difficult to detect. Read about prevention measures to help keep your network safe from snoopers and sniffers. Continue Reading
-
Answer
15 Jun 2020
How to protect workloads using a zero-trust security model
Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization. Continue Reading
-
News
10 Jun 2020
Maze ransomware builds 'cartel' with other threat groups
Operators behind the Maze ransomware posted data leaks from competing ransomware gangs to their victim shaming website, suggesting they have joined forces. Continue Reading
-
Feature
29 May 2020
GDPR, CCPA, cloud drive security management tool makeovers
As data protection and privacy laws like GDPR and CCPA take hold, data managers refine governance practices, while vendors enhance traditional big data security tools. Continue Reading
-
Tip
19 May 2020
Top 2 post-COVID-19 CISO priorities changing in 2020
CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal. Continue Reading
-
Infographic
01 May 2020
The state of cybersecurity risk: Detection and mitigation
Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading
-
Video
30 Apr 2020
Telework security requires meticulous caution, communication
Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work. Continue Reading
-
Tip
13 Apr 2020
Building security, privacy and trust in IoT deployments
The T in IoT doesn't stand for trust, but it's a critical component of any IoT deployment. Follow the AEIOU vowel framework for an actionable blueprint of building trust in IoT. Continue Reading
-
Feature
31 Mar 2020
Will nonprofit's evolution of zero trust secure consumer data?
An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection? Continue Reading
-
Tip
11 Mar 2020
Updating the data discovery process in the age of CCPA
Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading
-
Tip
05 Mar 2020
Use this CCPA compliance checklist to get up to speed
California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist. Continue Reading
-
Tip
27 Feb 2020
5 IT security measures to safeguard distributed environments
In today's complex IT landscape, it's easy to make mistakes that leave applications and data vulnerable. Follow these five tips to create a comprehensive security plan. Continue Reading
-
Tip
19 Feb 2020
Who wins the security vs. privacy debate in the age of AI?
When trying to maintain balance between security and privacy in an AI-enabled world, who decides which side should tip and when? So continues the security vs. privacy debate. Continue Reading
-
Feature
10 Feb 2020
Beat common types of cyberfraud with security awareness
Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud. Continue Reading
-
Opinion
03 Feb 2020
2 components of detection and threat intelligence platforms
Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading
-
Feature
03 Feb 2020
Threat intelligence offers promise, but limitations remain
Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading
-
Opinion
03 Feb 2020
Fresh thinking on cybersecurity threats for 2020
It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses. Continue Reading
- E-Zine 03 Feb 2020
-
Definition
30 Jan 2020
behavior-based security
Behavior-based security software scans for deviations from the norm and decides whether an anomaly poses a threat or can simply be ignored. Continue Reading
-
Feature
29 Jan 2020
How to implement a holistic approach to user data privacy
IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy. Continue Reading
-
Feature
28 Jan 2020
Cryptography basics: Symmetric key encryption algorithms
Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here. Continue Reading
-
Tip
27 Jan 2020
Protect against evolving data security threats
As data security threats evolve, knowing how to protect your data is more important than ever. Learn about the latest security threats and how to ward them off. Continue Reading
-
Tip
08 Jan 2020
Top 10 cybersecurity predictions: 2020 edition
When it comes to cybersecurity predictions, in many ways, 2020 is a continuation of the present. Emerging trends include nation-state activity, IoT infrastructure attacks and more. Continue Reading
-
News
30 Dec 2019
BigID: New privacy regulations have ended 'the data party'
New privacy laws are changing data management practices in the enterprise. BigID co-founder Nimrod Vax discusses the importance of being 'data native' in the era of the CCPA. Continue Reading
-
Feature
27 Dec 2019
Editor's picks: Most pressing cybersecurity stories in 2019
As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months. Continue Reading
-
News
19 Dec 2019
Clumio eyes security, BaaS expansion with VC funding
Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss their company's roadmap and how Clumio addresses ransomware threats in a way that's different from other backup providers. Continue Reading
-
Feature
17 Dec 2019
Data breach risk factors, response model, reporting and more
Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
-
Feature
16 Dec 2019
The ins and outs of cyber insurance coverage
Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
-
Tip
10 Dec 2019
Use a data privacy framework to keep your information secure
Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats. Continue Reading
-
Answer
05 Dec 2019
What are best practices for a modern threat management strategy?
Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both. Continue Reading
-
Answer
05 Dec 2019
IT security threat management tools, services to combat new risks
Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading
-
Answer
26 Nov 2019
What is the role of CISO in network security?
The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees. Continue Reading
-
News
13 Nov 2019
Microsoft to apply CCPA protections to all US customers
Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states. Continue Reading
-
News
12 Nov 2019
How and why data breach lawsuits are settled
For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements. Continue Reading
-
Tip
11 Nov 2019
Zero-trust framework creates challenges for app dev
Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers. Continue Reading
-
Feature
04 Nov 2019
Assessing the value of personal data for class action lawsuits
Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation. Continue Reading
-
Opinion
01 Nov 2019
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
-
Feature
01 Nov 2019
Report shows CISOs, IT unprepared for privacy regulations
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading
-
Tip
28 Oct 2019
5 cloud storage privacy questions to ask potential providers
Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service. Continue Reading
-
Feature
23 Oct 2019
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
-
News
22 Oct 2019
Equifax shares 'risk averse' cloud security model post-breach
Equifax explains how it has transformed its data security strategy using multiple clouds and a more focused approach through Google Cloud Platform's hierarchal security. Continue Reading
-
Answer
22 Oct 2019
The difference between AES and DES encryption
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between AES and DES. Continue Reading
-
Answer
17 Oct 2019
Is a cybersecurity insurance policy a worthy investment?
Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a wise investment to prevent risk. Continue Reading
-
Answer
16 Oct 2019
How should I choose a cybersecurity insurance provider?
To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and how to get the answers you need. Continue Reading
-
Answer
15 Oct 2019
What types of cybersecurity insurance coverage are available?
Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization. Continue Reading
-
Feature
10 Sep 2019
Designing IoT security: Experts warn against cutting corners
Security, though costly, is essential for IoT devices; a single breach can destroy a company's reputation. IoT security by design can avoid devastating incidents. Continue Reading
-
Tip
20 Aug 2019
Network traffic analysis tools secure a new, crucial role
Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security. Continue Reading
-
News
30 Jul 2019
AT&T introduces managed threat detection and response service
Using Alien Labs threat intelligence, AT&T Cybersecurity's Managed Threat Detection and Response service intends to identify and contain cybersecurity threats sooner to reduce data breaches. Continue Reading
-
Feature
30 Jul 2019
Digital transformation redefines cybersecurity skills, careers
The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think. Continue Reading
-
Tip
23 Jul 2019
Which is better: anomaly-based IDS or signature-based IDS?
Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions. Continue Reading
-
Feature
10 Jul 2019
How does an island hopping attack work?
Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them. Continue Reading
-
Answer
08 Jul 2019
Attackers turn the tables on incident response strategies
Attackers expect incident response strategies and have a plan for when they encounter them. Find out how to take IR to the next level against attacker incident response counterstrategies. Continue Reading
-
News
28 Jun 2019
Cybersecurity pros at AWS re:Inforce urged to embrace data storytelling
Robust data coupled with the power of metaphors can help cybersecurity teams tell stories that get the rest of the business on board with new security initiatives and prepare for security crises. Continue Reading
-
Feature
30 May 2019
Dark data raises challenges, opportunities for cybersecurity
Dark data is the data enterprises didn't know they had. Splunk CTO Tim Tully explains where this data is hiding, why it's important and how to use and secure it. Continue Reading