Security Management Strategies for the CIO-
Firewall deployment scenarios for new types of security
Is the firewall still an effective defense against new types of security threats? Network security expert Anand Sastry offers up contemporary firewall deployment scenarios for improving security.
-
Secure browsing: Plug-in lessens social networking risk
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks.
-
PCI DSS questions answered: Solutions to tough PCI prob
Experts Diana Kelley and Ed Moyle answer your PCI DSS questions and give advice on how to solve your enterprise's toughest PCI problems.
-
Understanding SCAP NIST guidance and using SCAP tools t
The Security Content Automation Protocol (SCAP) is intended to help automate vulnerability management, but is it really effective? Learn how NIST guidance can help you navigate an SCAP implementation.
-
Security sandbox program: Defense-in-depth or layered v
Recently, companies like Adobe and Google have been using sandboxes to aid measures in their applications, but how can sandboxes be useful in the enterprise, and do they just add more vulnerabiliti...
-
Database monitoring best practices: Using DAM tools
To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.
-
Identity and access management concepts and predictions
Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.
-
Log Parser examples: Using the free log analysis tool
Log analysis is an essential security function for almost all enterprises, and, with Log Parser, much of it can be done for free. Learn how to use Microsoft's free Log Parser in this expert tip.
-
Security in virtualization: IDS/IPS implementation stra
Considering virtualization? Take into account that your IDS or IPS may not work the same way in a virtualized environment as it does in a physical one. Expert Dave Shackleford explains how to addre...
-
PCI requirement 7: PCI compliance policy for access con
Though PCI DSS is generally prescriptive, when it comes to requirement 7, organizations have more leeway -- and, thus, more potential for error -- than other sections of the standard. Learn how to ...
-
The state of enterprise spam filters: Can more be done
Does your enterprise rely solely on its email filter to protect against spam? Are you aware of how spam filters work? Expert Michael Cobb discusses how today's spam works, and what can help control...
-
Netcat tutorial: How to use the free Netcat command-lin
Helpful for penetration testers and network admins who need to debug infected systems, the netcat command-line tool boasts many free features for enterprise use.
-
Enterprise antivirus protection: Is signature AV worth
There's little doubt that signature-based enterprise antivirus protection is dying, but what technologies should enterprises consider to replace it? Expert Nick Lewis weighs in.
-
Understanding the value of an enterprise application-aw
Today's enterprise application-aware firewall technology offers a host of features to manage application and Web 2.0 traffic. Expert Michael Cobb takes a look at the features and how to make the mo...
-
Creating a culture for compliance, risk management
Creating a culture of compliance takes time, but expert Eric Holmquist offers five time-tested tactics to help break down cultural barriers to improve information security risk and compliance manag...
-
Career strategies: Alternatives to certification
Certification isn't the only -- and may not even be the best -- way to set yourself apart in the eyes of potential employers. Learn networking strategies to get your name in front of the right people.
-
Data sanitization policy: How to ensure thorough data s
Could you be inadvertently leaking sensitive data via poorly sanitized devices? Learn techniques for thorough data scrubbing in this tip.
-
P0f: A free collection of passive OS fingerprinting too
In this screencast, learn how to use p0f, a collection of free passive OS fingerprinting tools.
-
How secure managed file transfers help meet compliance
By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant wit...
-
Data breach procedures to stop Gawker-type Web password
Following its recent security breach, Gawker.com has promised to boost its security, but, in this tip, threats expert Nick Lewis looks at what the site could've done to pre-empt the breach in the f...
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.