Security Management Strategies for the CIO-
Information security career path: Aligning career objec
Credentials that set you apart from other information security applicants can determine whether you land your dream job. In this tip, Lee Kushner and Mike Murray give advice on how to choose effect...
-
Resist credit card data compromise via memory-scraping
PCI DSS does a good job of making sure credit card data in persistent storage is secure, however, such data in non-persistent storage -- such as files stored temporarily in memory -- can still be v...
-
Database security best practices: Tuning database audit
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn mor...
-
Microsoft IIS 7 security best practices
Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.
-
The pros and cons of deploying OpenLDAP: Windows and Un
Randall Gamby discusses how OpenLDAP should (or shouldn't) be used in conjunction with enterprise directory implementations.
-
A pre-implementation Windows 7 security guide for enter
Many enterprises are preparing to upgrade to Windows 7, but what are the security advantages and implications of the move? Expert Michael Cobb has the answers.
-
Cisco MARS: What third-party lockout means for SIEM pro
Now that Cisco's MARS SIEM product no longer supports third-party product integration, should enterprises migrate away from the product? In this tip, network security expert Anand Sastry discusses ...
-
XSSer demo: How to use open source penetration testing
In this video demo, learn how to use XSSer, open source penetration testing tools for detecting various Web application flaws and exploiting cross-site scripting (XSS) vulnerabilities against appli...
-
Handling acquisitions: Career tips for infosec pros
A company merger or acquisition is always a tumultuous time, and can be even more nerve wracking if you're concerned that your position might be eliminated. In this tip, career experts Lee Kushner ...
-
How to refine an enterprise database security policy
Noel Yuhanna of Forrester Research outlines what should be covered in a successful enterprise database security policy, including foundational security, preventative measures and intrusion detection.
-
Creating a network endpoint security policy for hostile
The plethora of IP-enabled devices available today makes it harder to discern a friendly endpoint from a hostile one. Learn how to create an endpoint security policy for non-corporate-owned devices.
-
Self-service user identity management
While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randa...
-
A PCI compliance network testing checklist to limit PCI
Network security pros may not realize it, but they may inadvertently be on the hook regarding PCI DSS compliance if card data is inadvertently spread across the network. Ed Moyle discusses how this...
-
A vulnerability management process for the Windows XP H
A recently discovered flaw in the Windows XP Help and Support Center could leave your enterprise open to infection. In this tip, Nick Lewis explains the vulnerability management process that organi...
-
How to use NeXpose: Free enterprise vulnerability manag
Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases.
-
How to build a toolset to avoid Web 2.0 security issues
An enterprise defense-in-depth strategy should include security tools that monitor, prevent, alert, encrypt and quarantine data from leaving your network, as well as processes put in place to monit...
-
Unmasking data masking techniques in the enterprise
Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros...
-
IT security salary survey reveals infosec compensation
Recently, Lee Kushner and Mike Murray of Information Security Leaders surveyed nearly 500 infosec pros to discover how they felt about their current compensation.
-
Monitoring strategies for insider threat detection
Insider threat detection is a vital part of the security of any enterprise organization. In this tip, part of the SearchSecurity.com Insider Threats Security School lesson, learn about the best ins...
-
Assessment success: PCI DSS standards and secure data s
PCI DSS standards for secure data storage are specific and detailed, but there are two key steps that can significantly reduce the pain of an assessment. PCI DSS expert Anton Chuvakin explains.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.