Security Management Strategies for the CIO-
CASP certification: A mile wide and an inch deep
The new CompTIA Advanced Security Practitioner certification won't replace the CISSP, but it may offer critical value to one specific group.
-
Mega-DDoS attacks: A high-bandwidth high-wire act
Enterprises face increasing risks from mega-DDoS attacks. Expert Brad Casey provides advice on high-bandwidth DDoS attack prevention.
-
Evaluating network security virtualization products
Don't risk making mistakes when you evaluate network security virtualization products. Our six key points will keep you on track.
-
Whistleblower policy: Preventing a 'Snowden' incident
NSA-level incidents are rare, but they do happen. Learn how to prevent a whistleblower scenario and limit the risk of insider information leaks.
-
2FA: How it works and why you need it
It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises. Learn how to get started in this 2FA primer.
-
Best practices for securing Apache Web servers
With Apache Web servers becoming ever more popular with attackers, organizations should follow Apache security best practices to avoid compromise.
-
Rethink defense-in-depth security model for BYOD
Today's endpoint security model is failing. What's next? Learn why endpoint defense-in-depth controls must assume the endpoint is compromised.
-
Making sense of information security threat reports
Many vendors and analysts publish information security threat reports. See Joseph Granneman's strategy to find and use the information that matters.
-
Find network security Zen by turning off the firewall
Having no perimeter firewall may seem ludicrous, but Joel Snyder explains why disabling the firewall can actually improve enterprise network security.
-
Understanding logic bomb attacks
In light of the attacks on South Korean organizations, expert Nick Lewis defines logic bomb attacks and offers other examples and countermeasures.
-
PCI compliance and third-party payment processors
Expert Mike Chapple details the PCI SSC's third-party processor rules and how to outsource card processing and stay PCI DSS compliant.
-
MDM 2.0: Aligning products with mobile policy
As MDM features become more robust, enterprises must not only look for mature products, but also evolve mobile security policies accordingly.
-
Getting started with Web-based 2FA
The Web's top brands are implementing two-factor authentication for consumer Web authentication. Learn 2FA benefits, burdens and how to get started.
-
South Carolina breach: A lesson in security alignment
Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it.
-
Leveraging IT asset management to reduce infosec risk
IT asset management expert Barb Rembiesa explains how ITAM best practices like IT asset standardization and rationalization reduce IT security risk.
-
Vendor-specific information security certifications
Updated for 2013, experts Ed Tittel and Mary Lemons guide you through the crowded field of vendor-specific information security certifications.
-
SearchSecurity.com IT security certifications guide
Afraid of making a wrong turn in your career? Our newly updated 2013 guide to information security certifications maps out all your options.
-
Intro to vendor-neutral security certifications
Ed Tittel and Mary Lemons offer the definitive primer for vendor-neutral security certifications in 2013.
-
Network flow analysis for network security visibility
To overcome network security issues from advanced attackers and BYOD, security professionals are turning to network flow analysis to gain improved network security visibility.
-
Exploit toolkits explained: How they aid cyberattacks
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.