Security Management Strategies for the CIO-
Infosec strategies must change: Here's how to start
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change.
-
Trusted platform module: Using an undervalued tool
The nearly ubiquitous TPM device is an often-overlooked tool in an infosec pro's arsenal. Expert Michael Cobb details the benefits of TPM security.
-
Drastic action: Knowing when to take a system down
At times, security incident response procedures require drastic measures. Expert Nick Lewis explains when and how to perform a system shutdown.
-
How to reduce open source code security risk
Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.
-
CASP certification: A mile wide and an inch deep
The new CompTIA Advanced Security Practitioner certification won't replace the CISSP, but it may offer critical value to one specific group.
-
Mega-DDoS attacks: A high-bandwidth high-wire act
Enterprises face increasing risks from mega-DDoS attacks. Expert Brad Casey provides advice on high-bandwidth DDoS attack prevention.
-
Evaluating network security virtualization products
Don't risk making mistakes when you evaluate network security virtualization products. Our six key points will keep you on track.
-
Whistleblower policy: Preventing a 'Snowden' incident
NSA-level incidents are rare, but they do happen. Learn how to prevent a whistleblower scenario and limit the risk of insider information leaks.
-
2FA: How it works and why you need it
It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises. Learn how to get started in this 2FA primer.
-
Best practices for securing Apache Web servers
With Apache Web servers becoming ever more popular with attackers, organizations should follow Apache security best practices to avoid compromise.
-
Rethink defense-in-depth security model for BYOD
Today's endpoint security model is failing. What's next? Learn why endpoint defense-in-depth controls must assume the endpoint is compromised.
-
Making sense of information security threat reports
Many vendors and analysts publish information security threat reports. See Joseph Granneman's strategy to find and use the information that matters.
-
Find network security Zen by turning off the firewall
Having no perimeter firewall may seem ludicrous, but Joel Snyder explains why disabling the firewall can actually improve enterprise network security.
-
Understanding logic bomb attacks
In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures.
-
PCI compliance and third-party payment processors
Expert Mike Chapple details the PCI SSC's third-party processor rules and how to outsource card processing and stay PCI DSS compliant.
-
MDM 2.0: Aligning products with mobile policy
As MDM features become more robust, enterprises must not only look for mature products, but also evolve mobile security policies accordingly.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.