Security Management Strategies for the CIO-
Compliance strategy: How to become an internal IT audit
The word "auditor" can make many information security pros cringe. But in this tip, learn how to become an internal IT auditor to help advance your enterprise's regulatory compliance programs.
-
Distributed denial-of-service protection: How to stop D
In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by u...
-
Preventing and stopping SQL injection hack attacks
In this tip, which is a part of our Web Application Attack Security Guide, you will learn methods, tools and best practices for preventing, avoiding and stopping SQL injection hack attacks.
-
Prevent cross-site scripting hacks with tools, testing
In this tutorial, learn how to prevent cross-site scripting (XSS) attacks, how to avoid a hack, and how to fix vulnerabilities and issues with cross-site scripting prevention tools, system and appl...
-
How to stop buffer-overflow attacks and find flaws, vul
In this tip, which is part of our Web Application Attack Security Guide, learn how to stop buffer-overflow attacks from infiltrating your systems and learn how to find buffer-overflow flaws and vul...
-
PuTTY configuration tips: How to connect to remote netw
Peter Giannoulis reviews PuTTY and explains how to use the Windows-based program as an SSH, telnet and rlogin client.
-
How to prevent memory dump attacks
Because databases are often encrypted, some attackers have switched to memory dump attacks. Michael Cobb explains how to protect your unencrypted transactions.
-
GRC customers point to better efficiency, convergence a
There's no getting around the need for corporate governance, risk and compliance management, but a GRC platform can improve efficiency, convergence and consistency. Forrester Research explains the ...
-
Risk-based multifactor authentication implementation be
A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. In this tip, learn four key strategies to ensure that both groups understand and support the...
-
Using unique device identification for bank website sec
Almost everyone has been asked a password challenge question on a website. Learn how to prevent identity fraud with unique device identification.
-
Entering 2010: The economy and the state of information
The year 2009 will be remembered as a paradigm-shift in the information security employment market, say career experts Lee Kushner and Mike Murray. See why they predict an even more competitive env...
-
A guide to internal and external network security audit
Contributor Stephen Cobb reviews the baseline network audit processes that a security professional should absolutely conduct regularly.
-
Best practices for (small) botnets
Your enterprise might have a strategy to deal with a large-scale botnet attack, but how would you deal with a micro-botnet that knows how to bypass antivirus and firewalls? Get botnet help with thi...
-
How to keep networks secure when deploying an 802.11n u
Before you upgrade to 802.11n, Lisa Phifer has seven questions that every network security pro should consider.
-
Benefits of ISO 27001 and ISO 27002 certification for y
If your enterprise is considering becoming ISO 27001 and 27002 certified, there are several important questions to ask. Learn about the potential benefits of ISO 27001 and 27002 certification with ...
-
Screencast: Find rogue wireless access points with Vist
Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com explains how to use the basic features of the free Vistumbler tool.
-
How to protect distributed information flows
In a book excerpt from "The Shortcut Guide to Prioritizing Security Spending," author Dan Sullivan explains how to get a handle on enterprise data that may be moving around the globe.
-
Identity lifecycle management for security and complian
Enterprise identities and their associated roles need to be provisioned for access to a variety of services and systems around the organization. In many cases, the entitlements provided to these va...
-
Black box and white box testing: Which is best?
There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip.
-
Cut down on calls to help desk with cybersecurity aware
It's no secret that human error accounts for many security blunders. But what's the best way to implement cybersecurity awareness training in your enterprise to keep employees from clicking on phis...
-
Network flow analysis for network security visibility
To overcome network security issues from advanced attackers and BYOD, security professionals are turning to network flow analysis to gain improved network security visibility.
-
Exploit toolkits explained: How they aid cyberattacks
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
-
How to prevent the top five most common Web app flaws
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them.
-
SIEM best practices for advanced attack detection
SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step.