Security Management Strategies for the CIO-
Black box and white box testing: Which is best?
There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip.
-
Straight from the inbox: Your infosec career questions
Lee Kushner and Mike Murray answer this month's batch of information security career questions. Readers asked about the value of infosec certifications, information security officer training and on...
-
How to prepare for a secure network hardware upgrade
Thanks to the spread of 64-bit technologies and the growing interest in IPv6 -- not to mention the possibility of a merger or acquisition -- a major network hardware upgrade is a definite possibili...
-
How to detect software tampering
In their book Surreptitious Software, authors Christian Collberg and Jasvir Nasvir reveals how to tamperproof your software and make sure it executes as intended.
-
FTC Red Flags Rules: How to create an identity theft pr
Under FTC's Red Flags Rules, all financial institutions and creditors with covered accounts are required to create an identity theft prevention plan. But who is a creditor and what is a covered acc...
-
Preventing SQL injection attacks: A network admin's per
Your database administrators and application developers should certainly be following best practices to avoid SQL injections, but Michael Cobb explains how network admins can do their part to fight...
-
Breach prevention: How to keep track of data and applic
The well-known Heartland Payment Systems breach demonstrates the importance of data security. Michael Cobb reviews which tools best monitor a company's valuable enterprise applications and keep tra...
-
Screencast: How to launch an OpenVAS scan
In this screencast, Peter Giannoulis demonstrates the OpenVAS Linux/Unix-based assessment and penetration testing tool.
-
Creating a HIPAA employee training program
Want to get your employees on board the HIPPA/HITECH compliance train? Learn how to create a HIPAA employee awareness training program to make sure employees understand what's at stake.
-
Wireless network guidelines for PCI DSS compliance
The PCI Security Standards Council recently released additional guidance for WLANs, but do they make the compliance process easier? Contributor Ben Rothke examines the key points of the new guideli...
-
How to prevent phishing attacks with social engineering
Is your enterprise capable of withstanding today's phishing attacks? Sherri Davidoff reviews how you can test your employees.
-
Creating a personal brand in information security
In this month's Information Security Career Advisor column, experts Lee Kushner and Mike Murray explain how security pros can better demonstrate their abilities and stand out from the crowd.
-
Content-aware IAM: Uniting user access and data rights
In the world of IT security, IAM and data protection have generally kept to their separate corners. That trend, however, may be shifting with the onset of content-aware IAM that merges granular use...
-
Data protection tips for corporate compliance leaders
Author Rebecca Herold explains why compliance professionals need to understand data protection issues in order to successfully do their job.
-
Aligning network security with business priorities
Too often, network security administrators have their security budget requests nixed by executives because they weren't able to align their requests with business priorities. In this tip, learn how...
-
An enterprise strategy for Web application security thr
People Security founder Hugh Thompson reviews the tools and tactics, from security assessments to Web application firewalls, that are essential to an application security strategy.
-
Scanning with N-Stalker offers basic Web application se
In this month's SearchSecurity.com screencast video demo, Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com introduces N-Stalker, a free Web application security assessment scanner avail...
-
How SSL-encrypted Web connections are intercepted
Enterprises and attackers alike have found ways to sniff private Web traffic, even when it's encrypted. Sherri Davidoff reviews how encrypted Web connections can be sniffed, and ways that users can...
-
PCI DSS compliance requirements: Ensuring data integrit
Want to make sure you have secure data for PCI DSS? One of the first steps is making sure the data you're trying to secure is the right data. Security management expert David Mortman explains how t...
-
Lifecycle of a network security vulnerability
In a chapter excerpt from Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century,author Ryan Trost reveals the full process of providing intrusion detection system coverage...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.