Security Management Strategies for the CIO-
Create a data breach response plan in 10 easy steps
Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response...
-
Employee compliance: Creating a compliance-focused work
If your security team is low on time and money, one of the best things you can do is recruit more people: an entire enterprise worth's. In this tip, learn how to engage corporate employees to be se...
-
Virtual patching eases short-staffed patch management p
Virtual patching can serve as a quick way to deal with patch management procedures when short staffed. But how effective is virtual patching? Michael Cobb explains the pros and cons of virtual patc...
-
Defining an incident response process when short staffe
The incident response process can be difficult when short staffed. In this tip, learn how to put together a computer security incident response team by leveraging other departments in your organiza...
-
Detect rootkit alternate data streams (ADS) with Stream
In this month's screencast, Peter Giannoulis of TheAcademyPro.com explains how to use StreamArmor, a new tool that can detect alternate data streams that may be hiding rootkit data.
-
Performing a security risk analysis to assess acceptabl
No organization is ever completely without risk, but there are steps that can be taken to establish an acceptable level of risk that can be appropriately mitigated. In this tip, Michael Cobb explai...
-
How to change from WEP to WPA for PCI DSS compliance
The deadline to change from WEP to WPA wireless encryption standard for PCI DSS compliance is quickly approaching. Learn how to change from WEP to WPA and how to ensure that WEP is completely eradi...
-
Career survival tips: Steps to a recession-resistant in
The information security market has not been immune to the recession. For this reason, it's vital to take steps to ensure that your company understands what value you bring to the table. In this ti...
-
SMS two-factor authentication for electronic identity
Tokens are no longer the only choice when it comes to OTPs and electronic identity verification. Learn about new two-factor authentication options involving SMS and mobile phones.
-
Portable USB thumb drive encryption: Software and secur
If you allow USB flash drives at your enterprise, encryption software and policy are a must. In this tip, learn about the best USB encryption options and how to choose one for your organization.
-
Operation Aurora: Tips for thwarting zero-day attacks,
In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack,...
-
UTM appliances in the enterprise: Are they enough?
UTM appliances are in high demand at small and midsize companies looking to secure the network. But how do UTM appliances fit into a defense-in-depth strategy in the enterprise? In this tip, Michae...
-
Data encryption methods: Securing emerging endpoints
Enterprises face a new challenge in the form of endpoint encryption for emerging devices. In this tip, Mike Chapple explains how companies can go about evaluating and choosing data encryption metho...
-
Creating a proactive security incident response program
Every organization should develop a proactive security incident response program to ensure that when an incident does occur, it can be handled quickly and efficiently. Contributor Marcos Christodon...
-
How to use Malwarebytes to scan for and remove malware
This month, Peter Giannoulis from TheAcademyPro.com offers a video demonstration of Malwarebytes' Anti-Malware, a free tool that can eliminate many of the especially difficult or hidden viruses and...
-
How risk management standards can work for enterprise I
Every organization should be able to articulate how IT threats can harm a business. Forrester Research Analyst Chris McClean explains how a five-step risk management strategy, based on a risk manag...
-
How to buy an IPS: Features, testing and review
If you're considering IPS for your enterprise, make sure you know what to look for in the products you're reviewing. In this tip, network security expert David Meier describes how to conduct an IPS...
-
Leveraging an effective information security career net
Building an effective information security career network is a difficult task, but leveraging it can also be a challenge. In this tip, infosec career experts Lee Kushner and Mike Murray explain how...
-
How to use COBIT for compliance
While the COBIT framework has been around for a long time, it can still be very useful in terms of understanding goals and benchmarks for a security program that can, in turn, aid compliance with m...
-
Forensic incident response: Integrating a SIM system an
SIM systems and identity management systems are designed to operate independently; by understanding where each technology's integration points are and how to maintain their effectiveness once they'...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.