Security Management Strategies for the CIO-
Inside Web-based, social engineering attacks
Attackers have mixed a dangerous cocktail of social engineering, Web-based attacks and persistence. Lenny Zeltser explains how your organization can keep from drowning in malware.
-
Malvertisements: Malicious advertisement malware
Expert Michael Cobb explains why malvertisements are so hard to control and what enterprises can do to help mitigate the risk of malicious advertisement malware.
-
Cybersecurity insurance: Choosing an insurance policy
A cybersecurity insurance policy can help defray the costs of a data breach, should one occur, but is it worth the cost? Expert Ernie Hayden weighs in.
-
Assessing Internet Explorer 9 security: Safest browser?
Research shows Internet Explorer 9 security identifies as much as 99% of potential malware. So is IE9 now the safest browser out there? Michael Cobb answers that question in this expert tip.
-
Top 5 mobile data protection best practices
In this tip, we highlight five essential best practices for protecting business data stored on mobile devices and tablets, and identify readily available technologies that can be used to implement ...
-
SIM architecture options for data center security
To be successful in securing the virtual data center, security information management (SIM), a key element for effective data center security, must virtualize and become virtualization-aware. In th...
-
Security best practices for self-provisioned technology
Is your current enterprise security policy ready for mobile and cloud computing technology? Probably not, but it can be: Forrester's Chenxi Wang explains how.
-
UTM features: UTM device for layered defense?
Expert Mike Chapple explores what features a contemporary UTM device provides, and explains the factors that help determine UTM total cost of ownership.
-
Internal control checklist: Data protection, compliance
Expert Eric Holmquist details four key governance items that should be on every enterprise’s internal controls checklist to ensure corporate data protection.
-
Hacktivism: What companies can learn from HBGary
A few simple security best practices may have spared security company HBGary Federal from the recent attack by the hacktivist group Anonymous. Nick Lewis explains what happened and how to prevent s...
-
How to use the free eEye Retina scanner
In this screencast, learn how to use the free community edition of the eEye Retina scanner.
-
Botnet removal: Detect botnet infection and prevent re-
Though botnet mitigation tactics continue to mature, so do the botnets themselves. In this tip, expert Nick Lewis gives best practices for detecting and removing cutting edge botnets.
-
Firewall deployment scenarios for new types of security
Is the firewall still an effective defense against new types of security threats? Network security expert Anand Sastry offers up contemporary firewall deployment scenarios for improving security.
-
Secure browsing: Plug-in lessens social networking risk
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks.
-
Understanding SCAP NIST guidance and using SCAP tools t
The Security Content Automation Protocol (SCAP) is intended to help automate vulnerability management, but is it really effective? Learn how NIST guidance can help you navigate an SCAP implementation.
-
PCI DSS questions answered: Solutions to tough PCI prob
Experts Diana Kelley and Ed Moyle answer your PCI DSS questions and give advice on how to solve your enterprise's toughest PCI problems.
-
Security sandbox program: Defense-in-depth or layered v
Recently, companies like Adobe and Google have been using sandboxes to aid measures in their applications, but how can sandboxes be useful in the enterprise, and do they just add more vulnerabiliti...
-
Database monitoring best practices: Using DAM tools
To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.
-
Identity and access management concepts and predictions
Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.
-
Log Parser examples: Using the free log analysis tool
Log analysis is an essential security function for almost all enterprises, and, with Log Parser, much of it can be done for free. Learn how to use Microsoft's free Log Parser in this expert tip.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.