Security Management Strategies for the CIO-
A probem management process flow minimizes incident
Most organizations have an incident response team, but how many have a problem management team? Michael Cobb explains how problem management can prevent incidents.
-
NMAP NSE tutorial: ID network assets, vulnerabilities
In this screencast, expert Mike McLaughlin offers an NMAP NSE tutorial for enterprise network asset and vulnerability identification.
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials.
-
Antivirus software: Virus detection techniques
Antivirus software uses several different virus detection techniques, as described in this tip by expert Lenny Zeltser.
-
Is now the time to upgrade from Windows XP to 7?
A disproportionate percentage of PCs infected with rootkits are running Windows XP. Does the upgrade from Windows XP to 7 need to happen now?
-
Securing Android devices with a mobile security policy
Secure employee-liable Android devices with workable security policies that discover, enroll, protect and monitor all Android endpoints.
-
Patch management: Fast rollouts vs. thorough testing
Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing.
-
Standardized security practices to defend your network
PCI DSS, HIPAA, ISO and other enterprise compliance guidelines offer a foundation to build repeatable information security processes and procedures. Marcos Christodonte II explains how.
-
How to avoid VoIP security risks
If left unprotected, VoIP security risks pose a threat to corporate data. Learn how to secure VoIP systems with Forrester’s six-step process.
-
How to implement a Mac antimalware program
Learn how to create a Mac security program at your enterprise, before the amount of Apple platform malware reaches critical mass.
-
Quick hits for risk prioritization
There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization.
-
How to prevent phishing attacks: User awareness and tra
In this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put a dent in phishers’ attempts at spear phishing.
-
Analysis: PCI Tokenization Guidelines
Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear.
-
Using file activity monitoring to track file access
Is file activity monitoring, a new product meant to integrate with DLP to provide more granular file access tracking, right for your enterprise?
-
Role-based access control for security management
Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging.
-
Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.
-
How to stop phishing from compromising users
Spear phishing targets the weakest link in most security programs: users. These spear phishing examples can help your enterprise thwart attacks.
-
SOX checklist: 5 ways to refine a SOX program
SOX compliance is still too burdensome for many enterprises. Expert Charles Denyer offers five ways to streamline a lagging SOX compliance program.
-
VoIP security best practices: Securing communication
VoIP communications can be a great money-saver, but without solid VoIP security best practices, it can introduce new risks.
-
Using OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.