Security Management Strategies for the CIO-
Distributed denial-of-service protection: How to stop D
In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by u...
-
Prevent cross-site scripting hacks with tools, testing
In this tutorial, learn how to prevent cross-site scripting (XSS) attacks, how to avoid a hack, and how to fix vulnerabilities and issues with cross-site scripting prevention tools, system and appl...
-
Preventing and stopping SQL injection hack attacks
In this tip, which is a part of our Web Application Attack Security Guide, you will learn methods, tools and best practices for preventing, avoiding and stopping SQL injection hack attacks.
-
How to stop buffer-overflow attacks and find flaws, vul
In this tip, which is part of our Web Application Attack Security Guide, learn how to stop buffer-overflow attacks from infiltrating your systems and learn how to find buffer-overflow flaws and vul...
-
Compliance strategy: How to become an internal IT audit
The word "auditor" can make many information security pros cringe. But in this tip, learn how to become an internal IT auditor to help advance your enterprise's regulatory compliance programs.
-
PuTTY configuration tips: How to connect to remote netw
Peter Giannoulis reviews PuTTY and explains how to use the Windows-based program as an SSH, telnet and rlogin client.
-
How to prevent memory dump attacks
Because databases are often encrypted, some attackers have switched to memory dump attacks. Michael Cobb explains how to protect your unencrypted transactions.
-
GRC customers point to better efficiency, convergence a
There's no getting around the need for corporate governance, risk and compliance management, but a GRC platform can improve efficiency, convergence and consistency. Forrester Research explains the ...
-
A guide to internal and external network security audit
Contributor Stephen Cobb reviews the baseline network audit processes that a security professional should absolutely conduct regularly.
-
Entering 2010: The economy and the state of information
The year 2009 will be remembered as a paradigm-shift in the information security employment market, say career experts Lee Kushner and Mike Murray. See why they predict an even more competitive env...
-
Risk-based multifactor authentication implementation be
A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. In this tip, learn four key strategies to ensure that both groups understand and support the...
-
Using unique device identification for bank website sec
Almost everyone has been asked a password challenge question on a website. Learn how to prevent identity fraud with unique device identification.
-
Best practices for (small) botnets
Your enterprise might have a strategy to deal with a large-scale botnet attack, but how would you deal with a micro-botnet that knows how to bypass antivirus and firewalls? Get botnet help with thi...
-
How to keep networks secure when deploying an 802.11n u
Before you upgrade to 802.11n, Lisa Phifer has seven questions that every network security pro should consider.
-
Benefits of ISO 27001 and ISO 27002 certification for y
If your enterprise is considering becoming ISO 27001 and 27002 certified, there are several important questions to ask. Learn about the potential benefits of ISO 27001 and 27002 certification with ...
-
Screencast: Find rogue wireless access points with Vist
Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com explains how to use the basic features of the free Vistumbler tool.
-
How to protect distributed information flows
In a book excerpt from "The Shortcut Guide to Prioritizing Security Spending," author Dan Sullivan explains how to get a handle on enterprise data that may be moving around the globe.
-
Identity lifecycle management for security and complian
Enterprise identities and their associated roles need to be provisioned for access to a variety of services and systems around the organization. In many cases, the entitlements provided to these va...
-
Cut down on calls to help desk with cybersecurity aware
It's no secret that human error accounts for many security blunders. But what's the best way to implement cybersecurity awareness training in your enterprise to keep employees from clicking on phis...
-
Interpreting 'risk' in the Massachusetts data protectio
After many changes, it appears that the recent Massachusetts data protection law is here to stay. Contributor David Navetta reviews the important, ambiguous places in the legislation that your lega...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.