Security Management Strategies for the CIO-
Handling acquisitions: Career tips for infosec pros
A company merger or acquisition is always a tumultuous time, and can be even more nerve wracking if you're concerned that your position might be eliminated. In this tip, career experts Lee Kushner ...
-
How to refine an enterprise database security policy
Noel Yuhanna of Forrester Research outlines what should be covered in a successful enterprise database security policy, including foundational security, preventative measures and intrusion detection.
-
Creating a network endpoint security policy for hostile
The plethora of IP-enabled devices available today makes it harder to discern a friendly endpoint from a hostile one. Learn how to create an endpoint security policy for non-corporate-owned devices.
-
Self-service user identity management
While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randa...
-
A PCI compliance network testing checklist to limit PCI
Network security pros may not realize it, but they may inadvertently be on the hook regarding PCI DSS compliance if card data is inadvertently spread across the network. Ed Moyle discusses how this...
-
A vulnerability management process for the Windows XP H
A recently discovered flaw in the Windows XP Help and Support Center could leave your enterprise open to infection. In this tip, Nick Lewis explains the vulnerability management process that organi...
-
How to use NeXpose: Free enterprise vulnerability manag
Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases.
-
How to build a toolset to avoid Web 2.0 security issues
An enterprise defense-in-depth strategy should include security tools that monitor, prevent, alert, encrypt and quarantine data from leaving your network, as well as processes put in place to monit...
-
Unmasking data masking techniques in the enterprise
Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros...
-
IT security salary survey reveals infosec compensation
Recently, Lee Kushner and Mike Murray of Information Security Leaders surveyed nearly 500 infosec pros to discover how they felt about their current compensation.
-
Monitoring strategies for insider threat detection
Insider threat detection is a vital part of the security of any enterprise organization. In this tip, part of the SearchSecurity.com Insider Threats Security School lesson, learn about the best ins...
-
Assessment success: PCI DSS standards and secure data s
PCI DSS standards for secure data storage are specific and detailed, but there are two key steps that can significantly reduce the pain of an assessment. PCI DSS expert Anton Chuvakin explains.
-
Role-based access control: Pros of an open source RBAC
There are many advantages to an open source RBAC implementation. However, it's important to know the context in which such a product will work best. In this tip, expert Randall Gamby discusses how ...
-
Fake antivirus pop-up scams: Forming a security awarene
Rogue antimalware programs have been around for a while, and, according to a recent Google report, are more prominent and more difficult to detect than ever before. In this expert tip, Michael Cobb...
-
Email, website and IP spoofing: How to prevent a spoofi
Find out how to prevent spoofing attacks, including IP spoofing, email and website spoofing.
-
FTP security best practices for the enterprise
FTP is easy and commonly used in the enterprise, but is it secure? Anand Sastry discusses its security shortcomings, best practices for securing FTP in the enterprise and FTP alternatives that may ...
-
Database application security: Balancing encryption, ac
Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andrea...
-
Log management best practices: Five tips for success
The right log management tool can quickly seem like the wrong one without advance planning on how to make the most of it. Diana Kelley offers six log management best practices to help do just that.
-
Using the Microsoft Sysinternals suite for a computer s
If you're an auditor, or are looking to perform an internal audit, Microsoft's suite of Sysinternals tools could greatly help you. Learn how to use these free tools in this video demo.
-
How to use a PDF redaction tool with a redacted documen
It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microso...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.