For more information about the site, see the Site Index

• Does widget malware on social networking sites threaten enterprises?
• What 'picture password' technologies are available for mobile devices?
• Will the CERT security incident-response project benefit infosec pros?
• Is the Orange Book still relevant for assessing security controls?
• How can an enterprise-wide network prevent denial-of-service attacks?
• Who has rights to patient information under HIPAA?
• What are the best business practices for Unix audit settings?
• Is it illegal to ask a fellow employee for his or her password?
• Can "good" botnets fight bad botnets?
• The risks of disabling User Account Control (UAC) on Windows Vista
• Pre-requisites for implementing enterprise single sign-on (SSO)
• How can we convince our VP that a network-based DLP makes sense?
• Is introducing Wi-Fi to airplanes is a good idea security-wise?
• How can a Certified Ethical Hacker become a line penetration tester?
• Protecting exposed servers from Google hacks (and Google 'dorks')
• Allowing select access to IP addresses using Windows Server 2003
• Is it worthwhile for an organization to invest in HIPAA compliance?
• Users can no longer reach any Microsoft login site. Any ideas?
• Best practices for IDS creation and signature database maintenance
• The unexpected costs of server virtualization?
• Best practices for processing financial data through remote servers
• What are the security risks of opening all the ports on an internal router?
• How to hide system information from network scanning software
• What are the top five concepts or lessons on security management?
• Has proof-of-concept mobile device malware led to real attacks?
• Is a Master Boot Record (MBR) rootkit completely invisible to the OS?
• Is attack code valuable for vulnerabilities or just a publicity stunt?
• Which automated quality assurance tools can be used to test software?
• How can organizations secure implanted microchips and RFID tags?
• Are there efforts to develop a common logging and audit standard?
• Are there antivirus suites that pick up more than just run-of-the-mill viruses?
• Any recommendations for recruiting information security pros?
• Can a hacker actually post malicious scripts to any server using a drop-down list?
• What are the pros and cons of zero-knowledge penetration tests?
• To what exactly would a request for biometric data from an insurance provider pertain?
• During a breach, how much information should be given out?
• What's the best way to get started mapping business processes to security frameworks?
• I am concerned that a former employee will utilize corporate information in a malicious way.
• What tools can a hacker use to crack a laptop password?
• Is it possible to ban chat programs on an enterprise LAN?
• Is it necessary to grant a full administrative privileges to a security administrator?
• Are open recursive DNS servers inherently insecure?
• How to test the security of personal details submitted to a website
• Should whole disk encryption tools be used with data backup software?
• Are Internet cafe users' email credentials at risk?
• Is security improved when the number of Internet gateways is reduced?
• What guidelines do you recommend regarding best practices for user provisioning?
• Is it important to hold fraud-training sessions during a fraud-risk analysis?
• My computer's serial number was reported stolen. Will I face legal repercussions?
• Should organizations implement an incident severity ratings system?
• Will VoIP attacks result in more than just spam?
• Will Cisco's plan to open access to the IOS improve network security?
• What criteria should I look for in a service provider to help my government agency comply with FISMA
• Should organizations lag behind on IPv6 adoption?
• How to prevent users from sharing root passwords
• Is encryption only as good as an organization's password management and access control policies?
• Should enterprises implement a mandatory iPhone VPN?
• Should iPhone email be sent without SSL encryption?
• What are the possible benefits of microchip implants and RFID tags for employees?
• Are social networking sites an easy target for malicious hackers?
• Which is a more secure data access technology: SPAN or TAP?
• Should a domain controller be placed within the DMZ?
• Which operating system can best secure an FTP site?
• Will firewalls have to adapt to applications that use port 80?
• How secure is a mobile phone platform with an open source framework?
• Is desktop virtualization a realistic enterprise option?
• Should social engineering tests be included in penetration testing?
• What kind of data is compromised during a Google hack?
• Best practices for using restriction policy whitelists
• What are the dangers of cross-site request forgery attacks (CSRF)?
• Defining mobile device security concerns
• Does FTPS encrypt data packets at the hardware or software level?
• What ports should be opened and closed when IPsec filters are used?
• Should disks be encrypted at the hardware level?
• Is Triple DES a more secure encryption scheme than DUKPT?
• If one server in a DMZ network gets attacked from outside, will the other servers be corrupted?
• What is the purpose of RFID identification?
• What are the risks associated with RIM's line of PDAs?
• How to secure an FTP connection
• Is it against HIPAA regulations to permanently store sensitive information?
• Should an ISP keep corrupted machines off of a network?
• What are the pros and cons of shaping P2P packets?
• DMVPN configuration: Should a firewall be between router and Internet?
• Is centralized logging worth all the effort?
• Two-tier distributed systems vs. three-tier distributed systems
• How to prevent software piracy
• Is it possible to delete search data from a search engine's servers?
• Does SOX provision email archiving?
• What techniques are being used to hack smart cards?
• How would you meet PCI requirement 2.3 when it comes to terminal service or RDP sessions?
• Should enterprises use open source productivity suites?
• Is it against HIPAA regulations to print SSNs on an insurance card?
• How secure is online banking today?
• How to protect DNS servers
• Are encrypted Microsoft Word files safer in transit than PDF files?
• How should the ipseccmd.exe tool be used in Windows Vista?
• What is the best possible IDS deployment for an Enterprise Resource Planning (ERP) system?
• How would you define the responsibilities of a data custodian in a bank?
• Should an intrusion detection system (IDS) be written using Java?
• Can a firewall alone effectively block port-scanning activity?



• More