Security Management Strategies for the CIO-
Information security salary: Determining the value of s
Understanding the leverage you may have in your information security job is critical to getting the maximum compensation for your skills. In this month's Security Career Advisor tip, Lee Kushner an...
-
Database activity monitoring (DAM) software deployment
Database activity monitoring software deployments can have their shortcomings. For example, issues with network monitoring and policy overload can impact compliance audits and database performance.
-
Netsparker: Free Web app security testing tool
Testing Web applications is critical for maintaining a secure enterprise network. Learn how to use the community version of Netsparker for free Web app security testing capabilities.
-
How to manage compliance as Chief Information Security
When it comes to IT compliance management, creating an effective compliance program is one of many jobs of a Chief Information Security Officer (CISO). In this tip from security management expert E...
-
Ease credit card risks: POS encryption and data tokeniz
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains wh...
-
Analyzing MSSP providers' log files for IT security eve
Analyzing firewall, Windows server and antivirus log files can seem like an endless and tedious task, especially for an understaffed security team, but it's extremely important for detecting IT sec...
-
Conducting a user access review with a small informatio
Has there been cutbacks on your company's information security staff? It would be easy for certain security tasks to fall through the cracks. Learn how to keep access controls tight without spendin...
-
McAfee update problem: Dealing with bad antivirus DAT f
While buggy antivirus DAT files are the exception rather than the rule, downloading them can cause just as much turmoil as a potential DDoS attack. In this tip from expert Ernie Hayden, learn how t...
-
Create a data breach response plan in 10 easy steps
Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response...
-
Employee compliance: Creating a compliance-focused work
If your security team is low on time and money, one of the best things you can do is recruit more people: an entire enterprise worth's. In this tip, learn how to engage corporate employees to be se...
-
Virtual patching eases short-staffed patch management p
Virtual patching can serve as a quick way to deal with patch management procedures when short staffed. But how effective is virtual patching? Michael Cobb explains the pros and cons of virtual patc...
-
Defining an incident response process when short staffe
The incident response process can be difficult when short staffed. In this tip, learn how to put together a computer security incident response team by leveraging other departments in your organiza...
-
Detect rootkit alternate data streams (ADS) with Stream
In this month's screencast, Peter Giannoulis of TheAcademyPro.com explains how to use StreamArmor, a new tool that can detect alternate data streams that may be hiding rootkit data.
-
How to change from WEP to WPA for PCI DSS compliance
The deadline to change from WEP to WPA wireless encryption standard for PCI DSS compliance is quickly approaching. Learn how to change from WEP to WPA and how to ensure that WEP is completely eradi...
-
Performing a security risk analysis to assess acceptabl
No organization is ever completely without risk, but there are steps that can be taken to establish an acceptable level of risk that can be appropriately mitigated. In this tip, Michael Cobb explai...
-
Career survival tips: Steps to a recession-resistant in
The information security market has not been immune to the recession. For this reason, it's vital to take steps to ensure that your company understands what value you bring to the table. In this ti...
-
SMS two-factor authentication for electronic identity
Tokens are no longer the only choice when it comes to OTPs and electronic identity verification. Learn about new two-factor authentication options involving SMS and mobile phones.
-
Portable USB thumb drive encryption: Software and secur
If you allow USB flash drives at your enterprise, encryption software and policy are a must. In this tip, learn about the best USB encryption options and how to choose one for your organization.
-
Operation Aurora: Tips for thwarting zero-day attacks,
In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack,...
-
UTM appliances in the enterprise: Are they enough?
UTM appliances are in high demand at small and midsize companies looking to secure the network. But how do UTM appliances fit into a defense-in-depth strategy in the enterprise? In this tip, Michae...
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.