Security Management Strategies for the CIO-
What to do with network penetration test results
It takes a lot of time and effort to plan and conduct an enterprise network penetration test, but the work doesn't stop there. Contributor David Meier explains how to conduct an analysis of pen tes...
-
Cloud computing in 2010: Be ready for risk management c
As our tip series continues, Michael Cobb predicts some risk management challenges in 2010 as more companies get caught with their head in the 'cloud.'
-
Stay or jump ship? How to be happy with your infosec j
Don't leave your job just yet. Lee Kushner and Mike Murray suggest ways to maximize your role and stay satisfied with your career path.
-
How to use TrueCrypt for disk encryption
Learn how to use TrueCrypt to create an ecrypted drive on a Windows PC, as well as how to create a hidden drive within a drive as an additional data protection measure.
-
Preparing for future security threats, evolving malware
Security expert Nick Lewis predicts how infosec threats will evolve in 2010. Luckily, enterprise defenses will evolve, too.
-
The future of PCI DSS encryption requirements? Tokeniza
Can tokenization help reduce the scope of PCI DSS? How does tokenization interact with PCI DSS encryption requirements? Learn more about this technology and whether it's right for your enterprise.
-
Security compliance predictions for 2010: New regulatio
What will 2010 hold for security compliance? Security management expert David Mortman discusses HITECH, changes to PCI and cloud computing compliance strategies for the new year.
-
IAM trends: Rebuilding security with provisioning techn
There's no question that the coming year will bring new demands for IAM technologies. In this tip, learn what expert Randall Gamby believes will be the best technologies on which to focus your effo...
-
Compliance strategy: How to become an internal IT audit
The word "auditor" can make many information security pros cringe. But in this tip, learn how to become an internal IT auditor to help advance your enterprise's regulatory compliance programs.
-
How to stop buffer-overflow attacks and find flaws, vul
In this tip, which is part of our Web Application Attack Security Guide, learn how to stop buffer-overflow attacks from infiltrating your systems and learn how to find buffer-overflow flaws and vul...
-
Prevent cross-site scripting hacks with tools, testing
In this tutorial, learn how to prevent cross-site scripting (XSS) attacks, how to avoid a hack, and how to fix vulnerabilities and issues with cross-site scripting prevention tools, system and appl...
-
Distributed denial-of-service protection: How to stop D
In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by u...
-
Preventing and stopping SQL injection hack attacks
In this tip, which is a part of our Web Application Attack Security Guide, you will learn methods, tools and best practices for preventing, avoiding and stopping SQL injection hack attacks.
-
PuTTY configuration tips: How to connect to remote netw
Peter Giannoulis reviews PuTTY and explains how to use the Windows-based program as an SSH, telnet and rlogin client.
-
How to prevent memory dump attacks
Because databases are often encrypted, some attackers have switched to memory dump attacks. Michael Cobb explains how to protect your unencrypted transactions.
-
GRC customers point to better efficiency, convergence a
There's no getting around the need for corporate governance, risk and compliance management, but a GRC platform can improve efficiency, convergence and consistency. Forrester Research explains the ...
-
Entering 2010: The economy and the state of information
The year 2009 will be remembered as a paradigm-shift in the information security employment market, say career experts Lee Kushner and Mike Murray. See why they predict an even more competitive env...
-
Risk-based multifactor authentication implementation be
A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. In this tip, learn four key strategies to ensure that both groups understand and support the...
-
Using unique device identification for bank website sec
Almost everyone has been asked a password challenge question on a website. Learn how to prevent identity fraud with unique device identification.
-
A guide to internal and external network security audit
Contributor Stephen Cobb reviews the baseline network audit processes that a security professional should absolutely conduct regularly.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.