Security Management Strategies for the CIO-
Fake antivirus pop-up scams: Forming a security awarene
Rogue antimalware programs have been around for a while, and, according to a recent Google report, are more prominent and more difficult to detect than ever before. In this expert tip, Michael Cobb...
-
Role-based access control: Pros of an open source RBAC
There are many advantages to an open source RBAC implementation. However, it's important to know the context in which such a product will work best. In this tip, expert Randall Gamby discusses how ...
-
Email, website and IP spoofing: How to prevent a spoofi
Find out how to prevent spoofing attacks, including IP spoofing, email and website spoofing.
-
FTP security best practices for the enterprise
FTP is easy and commonly used in the enterprise, but is it secure? Anand Sastry discusses its security shortcomings, best practices for securing FTP in the enterprise and FTP alternatives that may ...
-
Database application security: Balancing encryption, ac
Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andrea...
-
Log management best practices: Five tips for success
The right log management tool can quickly seem like the wrong one without advance planning on how to make the most of it. Diana Kelley offers six log management best practices to help do just that.
-
Using the Microsoft Sysinternals suite for a computer s
If you're an auditor, or are looking to perform an internal audit, Microsoft's suite of Sysinternals tools could greatly help you. Learn how to use these free tools in this video demo.
-
How to use a PDF redaction tool with a redacted documen
It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microso...
-
KHOBE attack technique: Kernel bypass risk or much ado
Some say the KHOBE attack technique is a serious threat looming over enterprises, while others believe it's been greatly over-hyped. Who's right? Nick Lewis offers his analysis.
-
Alternatives to password-reset questions tackle social
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset...
-
When to leave a job: Deciding to look for a new job in
Knowing when to leave a job can be difficult, as transitions and building clout in the new position take time. In this expert tip, learn how to know when it's worthwhile to scope new security jobs.
-
Web 2.0 widgets: Enterprise protection for Web add-ons
Web 2.0 widgets represent a threat vector that should not be overlooked at any enterprise organization. In this tip, Nick Lewis explains what a Web 2.0 widget is, and how companies can protect agai...
-
HIPAA covered entity and business associate agreement r
Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your o...
-
Free port scan: How to use Angry IP scanner
Scanning IP ports is a critical part of maintaining enterprise information security. In this screencast, Peter Giannoulis explains how to use the free tool Angry IP scanner for these port scans.
-
Zeus botnet analysis: Past, present and future threats
The Zeus botnet isn't showing signs of fading. In fact, it now threatens a wider scope of organizations beyond the banking industry. Expert Nick Lewis offers a Zeus botnet analysis, looking at why ...
-
Choosing smartphone encryption software for mobile smar
If your enterprise users have smartphones, then your enterprise may need smartphone encryption. In this tip, expert Dave Shackleford describes what to look for in smartphone encryption software, fr...
-
Endpoint fingerprinting: How to improve NAC security fo
Many enterprises underestimate the potential security problems posed by "dumb devices" like network printers or IP phones. Forrester Research analyst Usman Sindhu explains how endpoint fingerprinti...
-
How to perform an Active Directory security audit
As a security professional, you depend on Active Directory to provision users, but how secure is your implementation of AD itself? Learn how to perform an Active Directory security audit in this ex...
-
Prevent enterprise PDF attacks
Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.
-
Incident response security plans for advanced persisten
Dealing with advanced persistent threat (APT) presents unique challenges. Learn how an incident repsonse program can save your enterprise from APT.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.