Security Management Strategies for the CIO-
DATA Act protection: Effects of a federal breach notifi
The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Macke...
-
PCI encryption requirements: Limiting PCI scope with P2
P2P encryption, or encryption of data in transit, has long been a point of confusion for PCI DSS-bound merchants. In this tip, expert Ed Moyle explains the PCI SSC's recent guidance on P2P encryption.
-
Video: OSSEC screenshots show how to use the free IDS
An intrusion detection system has become necessary for most enterprises, but they can be both expensive and difficult to configure. In part two of this screencast, learn how to use the free IDS OSSEC.
-
IDS vs. IPS: How to know when you need the technology
IDS and IPS are useful security technologies, but how do you know whether your enterprise can benefit from one? In this tip, infosec pro Jennifer Jabbusch offers a few specific use cases to help yo...
-
Honeypots for network security: How to track attackers'
Honeypots have long been used to track attackers' activity and defend against coming threats. In this tip, network security expert Anand Sastry describes the different types of honeypots and which ...
-
User provisioning best practices: Access recertificatio
User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging...
-
Android enterprise security: Mobile phone data protecti
Android devices are increasingly popular among enterprise users, but is Android enterprise security where it needs to be to ensure the safety of important enterprise documents? Expert Michael Cobb ...
-
SSL vulnerabilities: Trusted SSL certificate generation
Presentations at both Black Hat and Defcon 2010 demonstrated serious vulnerabilities in the SSL protocol, which, considering how widely used SSL is, could mean security problems for many enterprise...
-
Firewall logging: Telling valid traffic from network 'a
While tracking firewall "deny" actions is a good way to identify threats, logging the "allow" actions can give greater insight into malicious traffic that could be both more subtle and more dangerous.
-
PCI 2.0: Changes aren't drastic, but don't address card
In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain.
-
PCI DSS 2.0: PCI assessment changes explained
PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process.
-
How to install an OSSEC server on Linux and an OSSEC Wi
Learn how to install the free, host-based intrusion detection system OSSEC, with step-by-step instructions on setting up an OSSEC Linux server with an OSSEC Windows agent.
-
Information security career path: Aligning career objec
Credentials that set you apart from other information security applicants can determine whether you land your dream job. In this tip, Lee Kushner and Mike Murray give advice on how to choose effect...
-
Resist credit card data compromise via memory-scraping
PCI DSS does a good job of making sure credit card data in persistent storage is secure, however, such data in non-persistent storage -- such as files stored temporarily in memory -- can still be v...
-
Database security best practices: Tuning database audit
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn mor...
-
Microsoft IIS 7 security best practices
Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.
-
The pros and cons of deploying OpenLDAP: Windows and Un
Randall Gamby discusses how OpenLDAP should (or shouldn't) be used in conjunction with enterprise directory implementations.
-
A pre-implementation Windows 7 security guide for enter
Many enterprises are preparing to upgrade to Windows 7, but what are the security advantages and implications of the move? Expert Michael Cobb has the answers.
-
Cisco MARS: What third-party lockout means for SIEM pro
Now that Cisco's MARS SIEM product no longer supports third-party product integration, should enterprises migrate away from the product? In this tip, network security expert Anand Sastry discusses ...
-
XSSer demo: How to use open source penetration testing
In this video demo, learn how to use XSSer, open source penetration testing tools for detecting various Web application flaws and exploiting cross-site scripting (XSS) vulnerabilities against appli...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.