Security Management Strategies for the CIO-
KHOBE attack technique: Kernel bypass risk or much ado
Some say the KHOBE attack technique is a serious threat looming over enterprises, while others believe it's been greatly over-hyped. Who's right? Nick Lewis offers his analysis.
-
Alternatives to password-reset questions tackle social
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset...
-
When to leave a job: Deciding to look for a new job in
Knowing when to leave a job can be difficult, as transitions and building clout in the new position take time. In this expert tip, learn how to know when it's worthwhile to scope new security jobs.
-
Web 2.0 widgets: Enterprise protection for Web add-ons
Web 2.0 widgets represent a threat vector that should not be overlooked at any enterprise organization. In this tip, Nick Lewis explains what a Web 2.0 widget is, and how companies can protect agai...
-
HIPAA covered entity and business associate agreement r
Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your o...
-
Free port scan: How to use Angry IP scanner
Scanning IP ports is a critical part of maintaining enterprise information security. In this screencast, Peter Giannoulis explains how to use the free tool Angry IP scanner for these port scans.
-
Zeus botnet analysis: Past, present and future threats
The Zeus botnet isn't showing signs of fading. In fact, it now threatens a wider scope of organizations beyond the banking industry. Expert Nick Lewis offers a Zeus botnet analysis, looking at why ...
-
Choosing smartphone encryption software for mobile smar
If your enterprise users have smartphones, then your enterprise may need smartphone encryption. In this tip, expert Dave Shackleford describes what to look for in smartphone encryption software, fr...
-
Endpoint fingerprinting: How to improve NAC security fo
Many enterprises underestimate the potential security problems posed by "dumb devices" like network printers or IP phones. Forrester Research analyst Usman Sindhu explains how endpoint fingerprinti...
-
How to perform an Active Directory security audit
As a security professional, you depend on Active Directory to provision users, but how secure is your implementation of AD itself? Learn how to perform an Active Directory security audit in this ex...
-
Prevent enterprise PDF attacks
Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.
-
Incident response security plans for advanced persisten
Dealing with advanced persistent threat (APT) presents unique challenges. Learn how an incident repsonse program can save your enterprise from APT.
-
Database activity monitoring (DAM) software deployment
Database activity monitoring software deployments can have their shortcomings. For example, issues with network monitoring and policy overload can impact compliance audits and database performance.
-
Information security salary: Determining the value of s
Understanding the leverage you may have in your information security job is critical to getting the maximum compensation for your skills. In this month's Security Career Advisor tip, Lee Kushner an...
-
Netsparker: Free Web app security testing tool
Testing Web applications is critical for maintaining a secure enterprise network. Learn how to use the community version of Netsparker for free Web app security testing capabilities.
-
Ease credit card risks: POS encryption and data tokeniz
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains wh...
-
How to manage compliance as Chief Information Security
When it comes to IT compliance management, creating an effective compliance program is one of many jobs of a Chief Information Security Officer (CISO). In this tip from security management expert E...
-
Analyzing MSSP providers' log files for IT security eve
Analyzing firewall, Windows server and antivirus log files can seem like an endless and tedious task, especially for an understaffed security team, but it's extremely important for detecting IT sec...
-
Conducting a user access review with a small informatio
Has there been cutbacks on your company's information security staff? It would be easy for certain security tasks to fall through the cracks. Learn how to keep access controls tight without spendin...
-
McAfee update problem: Dealing with bad antivirus DAT f
While buggy antivirus DAT files are the exception rather than the rule, downloading them can cause just as much turmoil as a potential DDoS attack. In this tip from expert Ernie Hayden, learn how t...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.