• Denial-of-service defense depends on multipronged strategy

    Ransomware and data breaches may be getting all the headlines, but denial-of-service attacks are on the rise. What can you do to mitigate their effect?Continue Reading

  • What are the pros and cons of hiring an ex-hacker?

    Hiring an ex-hacker to join an enterprise security team is a risky move. Expert Mike O. Villegas discusses the potential benefits and drawbacks of this nontraditional hiring move.Continue Reading

  • Information security culture: How enterprises can build and improve it

    Creating and fostering an information security culture isn't easy. Guest contributor Lance Hayden explains how to do it and how to identify signs of improvement.Continue Reading

  • How tabletop exercises can help uncover hidden security risks

    A regular tabletop exercise could help to identify security risks in scenarios relevant to your organization. Expert Bob Wood explains the steps in the process.Continue Reading

  • CISO challenges: Addressing cybersecurity blind spots

    Every enterprise has cybersecurity blind spots that it fails to recognize and address. Sean Martin explains what they are and how they create more CISO challenges.Continue Reading

  • Verizon: Human error still among the top data security threats

    Verizon's 2016 Data Breach Investigations Report found human vulnerabilities and errors continue to be among companies' top data security threats.Continue Reading

  • Cyberinsurance policies: Getting coverage and avoiding limitations

    The cyberinsurance market is maturing rapidly, but there are still gray areas to navigate. Sean Martin explains what enterprises should know about policies.Continue Reading

  • Enterprise mobile strategy: Step up security

    CISOs are tasked with developing an effective enterprise mobile strategy that offers different levels of mobile security, from device management to application-layer controls. Some companies are moving beyond device management and containerization to protect the data layer. An effective enterprise mobile strategy can increase employee productivity, but how can security programs strike a balance between user experience and information security? In this issue of Information Security, we talk to companies about their enterprise mobile strategies to find out what works and what doesn't.

    Even with all the momentum in advanced authentication, some enterprises show no signs of moving beyond usernames and passwords. Why isn't advanced authentication, such as one-time passwords or multifactor authentication (MFA), widely deployed? Despite the challenges of implementing and maintaining strong authentication methods, they provide significant benefits over password-only authentication mechanisms. The consumerization of MFA may lower costs. We look at strong authentication strategies and best practices for these methods on premises and in the cloud.

    Also, we continue our Readers' Top Picks series with a look at enterprise encryption tools. TechTarget polled 1,435 IT and security professionals at medium-to-large enterprises who told us that they have active encryption projects or technology purchases in the next 12 months. Look for a shortlist of products and features from readers who plan to invest in enterprise encryption tools.

    Continue Reading

  • Cyberinsurance: Assessing risks and defining policies

    Cyberinsurance is sparking interest from enterprises, but how are security risks assessed for policies? Sean Martin takes a closer look at the process.Continue Reading

  • Security app helps hospital pass CMS risk assessment, HIPAA audit

    When faced with a CMS risk assessment and HIPAA audit, Beaufort Memorial Hospital turned to Iatric Systems' Security Audit Manager to help it pass.Continue Reading

  • Five reasons to invest in ISO 27001 and other security certifications

    Kyle Anixter, PMO manager of IT services at Curvature, discusses the business benefits of ISO 27001 certification that go beyond just data security.Continue Reading

  • Document control practices in the age of HIPAA

    The time has come to bring information governance stakeholders together to develop a practical plan for document management and data privacy for HIPAA compliance.Continue Reading

  • IoT security testing: Cover all your bases

    Without the proper IoT security testing, your organization could end up in hot water. Get help securing IoT devices -- and the networks and services they connect to.Continue Reading

  • Proper network segments may prevent the next breach

    Companies still fail to implement secure network segmentation and role-based access. Here's how to protect your sensitive data and stay out of the headlines.Continue Reading

  • A network segment strategy protects data by design

    Flat networks, and those lacking proper network segment design, allow attackers to turn a beachhead into a wider compromise, changing a minor problem into a really bad day for security managers. Target and other companies had breaches that were infinitely worse because attackers were able to easily move around the network. Yet logical segmentation, such as the widespread use of VLANs, is giving way to credential-based rules and virtual network segment strategies. In this issue of Information Security, we look at what you should be doing to improve your network security infrastructure.

    CISOs and others agree that enterprise encryption has many merits, but they also admit it comes with a number of challenges that need to be addressed if real success is to be achieved. Key management is a primary concern because attackers often have a pretty good idea of where to look. And, as Apple has discovered, encryption does not make you immune from regulatory scrutiny or interference. Enterprise encryption is a powerful tool, but its implementation presents its own set of perils. The content here will help you navigate the technology and regulatory issues.

    We continue our Readers' Top Picks series with a look at SIEM tools. TechTarget polled 510 IT and security professionals at medium-to-large enterprises who told us that they had active SIEM, log management or advanced analytics projects or technology purchases in the next 12 months. We share the shortlist of products and features from readers who indicated plans to invest in SIEM tools.

    Continue Reading