Security Management Strategies for the CIO-
Creating a Java security framework that thwarts a Java
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis.
-
ngrep: Learn how to find new malware with ngrep example
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool.
-
3 key steps for next-generation SOC
According to Forrester Research, traditional security operations are no longer practical. Forrester's John Kindervag discusses the new model, SOC 2.0, why it's important, and how to make it happen.
-
Review your career plan for the New Year
The end of the year is the perfect time to review how your career has played out during the past 12 months and refine future goals. In this tip, infosec career experts Lee Kushner and Mike Murray e...
-
A primer for user privilege management in Windows Serve
Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains ...
-
DATA Act protection: Effects of a federal breach notifi
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Macke...
-
Stuxnet and multiple zero-days: The future of malware?
A recent and disturbing malware trend involves attacks that attempt to compromise multiple zero-day flaws at once. Threats expert Nick Lewis explains what you can do to protect your enterprise.
-
PCI encryption requirements: Limiting PCI scope with P2
P2P encryption, or encryption of data in transit, has long been a point of confusion for PCI DSS-bound merchants. In this tip, expert Ed Moyle explains the PCI SSC's recent guidance on P2P encryption.
-
Video: OSSEC screenshots show how to use the free IDS
An intrusion detection system has become necessary for most enterprises, but they can be both expensive and difficult to configure. In part two of this screencast, learn how to use the free IDS OSSEC.
-
IDS vs. IPS: How to know when you need the technology
IDS and IPS are useful security technologies, but how do you know whether your enterprise can benefit from one? In this tip, infosec pro Jennifer Jabbusch offers a few specific use cases to help yo...
-
Honeypots for network security: How to track attackers'
Honeypots have long been used to track attackers' activity and defend against coming threats. In this tip, network security expert Anand Sastry describes the different types of honeypots and which ...
-
User provisioning best practices: Access recertificatio
User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging...
-
Android enterprise security: Mobile phone data protecti
Android devices are increasingly popular among enterprise users, but is Android enterprise security where it needs to be to ensure the safety of important enterprise documents? Expert Michael Cobb ...
-
SSL vulnerabilities: Trusted SSL certificate generation
Presentations at both Black Hat and Defcon 2010 demonstrated serious vulnerabilities in the SSL protocol, which, considering how widely used SSL is, could mean security problems for many enterprise...
-
Firewall logging: Telling valid traffic from network 'a
While tracking firewall "deny" actions is a good way to identify threats, logging the "allow" actions can give greater insight into malicious traffic that could be both more subtle and more dangerous.
-
PCI 2.0: Changes aren't drastic, but don't address card
In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain.
-
PCI DSS 2.0: PCI assessment changes explained
PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.
-
How to install an OSSEC server on Linux and an OSSEC Wi
Learn how to install the free, host-based intrusion detection system OSSEC, with step-by-step instructions on setting up an OSSEC Linux server with an OSSEC Windows agent.
-
Information security career path: Aligning career objec
Credentials that set you apart from other information security applicants can determine whether you land your dream job. In this tip, Lee Kushner and Mike Murray give advice on how to choose effect...
-
Resist credit card data compromise via memory-scraping
PCI DSS does a good job of making sure credit card data in persistent storage is secure, however, such data in non-persistent storage -- such as files stored temporarily in memory -- can still be v...
-
PCI compliance and third-party payment processors
Expert Mike Chapple details the PCI SSC's third-party processor rules and how to outsource card processing and stay PCI DSS compliant.
-
MDM 2.0: Aligning products with mobile policy
As MDM features become more robust, enterprises must not only look for mature products, but also evolve mobile security policies accordingly.
-
Getting started with Web-based 2FA
The Web's top brands are implementing two-factor authentication for consumer Web authentication. Learn 2FA benefits, burdens and how to get started.
-
South Carolina breach: A lesson in security alignment
Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it.