Security Management Strategies for the CIO-
How to avoid VoIP security risks
If left unprotected, VoIP security risks pose a threat to corporate data. Learn how to secure VoIP systems with Forrester’s six-step process.
-
How to implement a Mac antimalware program
Learn how to create a Mac security program at your enterprise, before the amount of Apple platform malware reaches critical mass.
-
Quick hits for risk prioritization
There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization.
-
How to prevent phishing attacks: User awareness and tra
In this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put a dent in phishers’ attempts at spear phishing.
-
Analysis: PCI Tokenization Guidelines
Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear.
-
Using file activity monitoring to track file access
Is file activity monitoring, a new product meant to integrate with DLP to provide more granular file access tracking, right for your enterprise?
-
Role-based access control for security management
Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging.
-
Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.
-
How to stop phishing from compromising users
Spear phishing targets the weakest link in most security programs: users. These spear phishing examples can help your enterprise thwart attacks.
-
SOX checklist: 5 ways to refine a SOX program
SOX compliance is still too burdensome for many enterprises. Expert Charles Denyer offers five ways to streamline a lagging SOX compliance program.
-
VoIP security best practices: Securing communication
VoIP communications can be a great money-saver, but without solid VoIP security best practices, it can introduce new risks.
-
Using OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps.
-
Developing an enterprise risk assessment template
Despite skeptics, an enterprise risk assessment template is worth investing in. Forrester’s Chris McClean explains why and how to get started.
-
Addressing the dangers of JavaScript in the enterprise
The dangers of JavaScript are no secret to security professionals. Expert Michael Cobb discusses enterprise JavaScript defense technology and tactics.
-
COBIT 5: A first look at the recent updates
In this tip, learn how to integrate the new management practices from COBIT 5 into current IT security framework implementations.
-
Proactive security measures to prevent malware attacks
Security teams don't always need to be on the reactive. Learn how to implement proactive security strategies that prevent malware infections.
-
Choosing between security career opportunities
How can you tell which job offer could lead you to becoming a CISO? InfoSec Leaders' Lee Kushner and Mike Murray weigh in.
-
Network forensics basics: How to reconstruct a breach
In the aftermath of a breach, what are the first steps security pros should take? Learn how to get started with enterprise network forensic analysis.
-
Identity Ecosystem should make life easier for IT shops
While implementation of the Identity Ecosystem is a long way off, the benefits for projects such as electronic health records could be significant.
-
Mitigating risks of mobile location-based services
What can enterprises do to mitigate the security risk of mobile location-based services technology and the like? Start by limiting smartphone apps.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.