Security Management Strategies for the CIO-
Alternatives to password-reset questions tackle social
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset...
-
When to leave a job: Deciding to look for a new job in
Knowing when to leave a job can be difficult, as transitions and building clout in the new position take time. In this expert tip, learn how to know when it's worthwhile to scope new security jobs.
-
Web 2.0 widgets: Enterprise protection for Web add-ons
Web 2.0 widgets represent a threat vector that should not be overlooked at any enterprise organization. In this tip, Nick Lewis explains what a Web 2.0 widget is, and how companies can protect agai...
-
HIPAA covered entity and business associate agreement r
Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your o...
-
Free port scan: How to use Angry IP scanner
Scanning IP ports is a critical part of maintaining enterprise information security. In this screencast, Peter Giannoulis explains how to use the free tool Angry IP scanner for these port scans.
-
Zeus botnet analysis: Past, present and future threats
The Zeus botnet isn't showing signs of fading. In fact, it now threatens a wider scope of organizations beyond the banking industry. Expert Nick Lewis offers a Zeus botnet analysis, looking at why ...
-
Choosing smartphone encryption software for mobile smar
If your enterprise users have smartphones, then your enterprise may need smartphone encryption. In this tip, expert Dave Shackleford describes what to look for in smartphone encryption software, fr...
-
Endpoint fingerprinting: How to improve NAC security fo
Many enterprises underestimate the potential security problems posed by "dumb devices" like network printers or IP phones. Forrester Research analyst Usman Sindhu explains how endpoint fingerprinti...
-
How to perform an Active Directory security audit
As a security professional, you depend on Active Directory to provision users, but how secure is your implementation of AD itself? Learn how to perform an Active Directory security audit in this ex...
-
Prevent enterprise PDF attacks
Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.
-
Incident response security plans for advanced persisten
Dealing with advanced persistent threat (APT) presents unique challenges. Learn how an incident repsonse program can save your enterprise from APT.
-
Database activity monitoring (DAM) software deployment
Database activity monitoring software deployments can have their shortcomings. For example, issues with network monitoring and policy overload can impact compliance audits and database performance.
-
Information security salary: Determining the value of s
Understanding the leverage you may have in your information security job is critical to getting the maximum compensation for your skills. In this month's Security Career Advisor tip, Lee Kushner an...
-
Netsparker: Free Web app security testing tool
Testing Web applications is critical for maintaining a secure enterprise network. Learn how to use the community version of Netsparker for free Web app security testing capabilities.
-
Ease credit card risks: POS encryption and data tokeniz
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains wh...
-
How to manage compliance as Chief Information Security
When it comes to IT compliance management, creating an effective compliance program is one of many jobs of a Chief Information Security Officer (CISO). In this tip from security management expert E...
-
Analyzing MSSP providers' log files for IT security eve
Analyzing firewall, Windows server and antivirus log files can seem like an endless and tedious task, especially for an understaffed security team, but it's extremely important for detecting IT sec...
-
Conducting a user access review with a small informatio
Has there been cutbacks on your company's information security staff? It would be easy for certain security tasks to fall through the cracks. Learn how to keep access controls tight without spendin...
-
McAfee update problem: Dealing with bad antivirus DAT f
While buggy antivirus DAT files are the exception rather than the rule, downloading them can cause just as much turmoil as a potential DDoS attack. In this tip from expert Ernie Hayden, learn how t...
-
Create a data breach response plan in 10 easy steps
Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response...
-
Exploit toolkits explained: How they aid cyberattacks
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
-
How to prevent the top five most common Web app flaws
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them.
-
SIEM best practices for advanced attack detection
SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step.
-
Reducing compliance risk through compliance automation
Tony UcedaVelez offers tips for automating compliance tasks to reduce IT security and compliance risk while easing the pain of arduous compliance audits.