Security Management Strategies for the CIO-
Preventing two-factor token authentication exploits
What are the most common attacks against two-factor authentication, and how can you protect against them? Expert Nick Lewis weighs in.
-
Balancing compliance with infosec threat assessment
Compliance is often the driver for security spending rather than real risks. Learn how to incorporate current threats into a compliance program.
-
An inside look into OWASP’s Mantra tool
OWASP’s Mantra tool is being praised by security pro’s for its abundance of options and ease of use. In this screencast, Mike McLaughlin takes a look at what Mantra has to offer.
-
How to collect Windows Event logs to detect attacks
Targeted attacks are growing, and eventually your enterprise will be a target. Expert Richard Bejtlich covers how to collect Windows Event logs to detect an intrusion.
-
Understanding iPad security concerns
Are iPad security concerns burdening your company’s adoption of the technology? Expert Michael Cobb discusses common security concerns and iPad enterprise management issues.
-
Job hopping: The only way to become a CISO?
Is going elsewhere the only path to the top? InfoSecLeaders.com's career experts Lee Kushner and Mike Murray discuss the pros and cons of job hopping.
-
Business partner security: Managing business risk
Allowing outside business partner access to your systems and data always comes with some level of risk. Nick Lewis examines what those risks are and strategies for managing business risk.
-
PCI virtualization SIG: Guidance for the CDE
The PCI virtualization SIG guidance is in. Get analysis and advice on virtualization in the cardholder data environment from expert Diana Kelley.
-
WebScarab tutorial: Demonstration of WebScarab proxy
In this WebScarab tutorial video, get step-by-step advice on how to install and use this free tool, including the WebScarab proxy features, among others.
-
Requirements for IPv6 deployments include better tools
More staff training, industry research and improved IPv6 tester tools are essential for secure IPv6 deployments in the enterprise. Expert Fernando Gont explains why.
-
Using an IAM maturity model to hone IAM strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy.
-
Is private browsing really private?
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks.
-
Gov't cybersecurity: User-level tools mitigate risk
Taking on a new zero-trust model, many federal agencies are implementing insider threat controls at the user level.
-
Application log management: Application compliance
Expert Michael Cobb discusses how application audits and information and event management can save you time and energy with application security compliance.
-
IPv6 myths: Debunking misconceptions regarding IPv6
Aggressive marketing has helped perpetuate a number of security-related IPv6 myths. Expert Fernando Gont helps separate myth from fact to ensure a secure IPv6 deployment.
-
IPSec VPN vs. SSL VPN: Comparing VPN security risks
When it comes to VPNs, which of the two most-used options -- IPSec or SSL -- presents the greater security threat? Expert Anand Sastry describes the pros and cons of each, as well as how to test yo...
-
How to detect content-type attacks
Malicious attackers have increasingly turned to exploiting vulnerabilities in client-side software. Learn how to detect and prevent these types of attacks in your environment.
-
Auditing virtualization: Security training
This chapter discusses auditing virtualized environments, and begins with an overview of common virtualization technologies and key controls.
-
Thwarting a hacktivist: Avoid sociopolitical attacks
Is your enterprise a significant hacktivist target? Learn how to determine whether your enterprise is more likely to be attacked.
-
IPv6 security issues: IPv6 transition mechanisms
Several IPv6 transition mechanisms have been created to ease the transition from IPv4, but Fernando Gont explains why they present IPv6 security concerns for enterprises.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.