Security Management Strategies for the CIO-
Data encryption methods: Securing emerging endpoints
Enterprises face a new challenge in the form of endpoint encryption for emerging devices. In this tip, Mike Chapple explains how companies can go about evaluating and choosing data encryption metho...
-
Creating a proactive security incident response program
Every organization should develop a proactive security incident response program to ensure that when an incident does occur, it can be handled quickly and efficiently. Contributor Marcos Christodon...
-
How to use Malwarebytes to scan for and remove malware
This month, Peter Giannoulis from TheAcademyPro.com offers a video demonstration of Malwarebytes' Anti-Malware, a free tool that can eliminate many of the especially difficult or hidden viruses and...
-
How risk management standards can work for enterprise I
Every organization should be able to articulate how IT threats can harm a business. Forrester Research Analyst Chris McClean explains how a five-step risk management strategy, based on a risk manag...
-
How to buy an IPS: Features, testing and review
If you're considering IPS for your enterprise, make sure you know what to look for in the products you're reviewing. In this tip, network security expert David Meier describes how to conduct an IPS...
-
Leveraging an effective information security career net
Building an effective information security career network is a difficult task, but leveraging it can also be a challenge. In this tip, infosec career experts Lee Kushner and Mike Murray explain how...
-
How to use COBIT for compliance
While the COBIT framework has been around for a long time, it can still be very useful in terms of understanding goals and benchmarks for a security program that can, in turn, aid compliance with m...
-
Forensic incident response: Integrating a SIM system an
SIM systems and identity management systems are designed to operate independently; by understanding where each technology's integration points are and how to maintain their effectiveness once they'...
-
Scapy tutorial: How to use Scapy to test Snort rules
When creating Snort rules, it's often difficult to test them before they go live. In this Scapy tutorial, Judy Novak explains how to use Scapy, a tool that simplifies packet crafting, to test new S...
-
Clientless SSL VPN vulnerability and Web browser protec
In a recent US-CERT advisory, clientless SSL VPN vulnerabilities were listed as posing serious threats to Web browser security. In this tip, learn possible actions to take for Web browser protection.
-
How to prevent iPhone spying: Mobile phone management t
So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the que...
-
How to use hping to craft packets
A packet crafting tool that's been around for a long time, hping can be used to test if ports are open, as well as for firewall testing. Learn how to use hping in this tutorial.
-
PCI compliance requirements affect IT risk assessments
In their book PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, authors Dr. Anton Chuvakin and Branden Williams discuss how to best approach PCI compliance...
-
Networking for career success in the information securi
Networking for career success in information security can be a difficult task. In this month's infosec career tip, learn how to build an effective information security career network, and why doing...
-
Securing naming and directory services for application
There are several aspects of naming and directory services when it comes to security. In this tip, part of the SearchSecurity.com Application Security School lesson, learn how to secure LDAP, as we...
-
Five endpoint DLP deployment data security tips
Deploying data loss prevention technology on endpoints requires a careful roll-out. Expert Rich Mogull offers five tips, including the need to start slowly with a set of power users and how to mana...
-
Improving software with the Building Security in Maturi
Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does ...
-
Defending against RAM scraper malware in the enterprise
A new type of malware attack, RAM scraper, may pose a serious threat to enterprise security. Learn what a RAM scraper attack is, and how you can defend your organization from this potentially damag...
-
How to properly implement firewall egress filtering
Deploying outbound rules on a firewall is easier said than done. Scott Floyd reviews how to block outbound network traffic while avoiding mistakes that may lead to business process interruptions.
-
Server Message Block Version 2 security in question
Nick Lewis reviews the recent vulnerability discovered in a popular Windows file-sharing and printing protocol. Yes, there's a patch, but should you deploy it, or simply disable SMBv2?
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.