Security Management Strategies for the CIO-
Best practices for (small) botnets
Your enterprise might have a strategy to deal with a large-scale botnet attack, but how would you deal with a micro-botnet that knows how to bypass antivirus and firewalls? Get botnet help with thi...
-
How to keep networks secure when deploying an 802.11n u
Before you upgrade to 802.11n, Lisa Phifer has seven questions that every network security pro should consider.
-
Benefits of ISO 27001 and ISO 27002 certification for y
If your enterprise is considering becoming ISO 27001 and 27002 certified, there are several important questions to ask. Learn about the potential benefits of ISO 27001 and 27002 certification with ...
-
Screencast: Find rogue wireless access points with Vist
Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com explains how to use the basic features of the free Vistumbler tool.
-
How to protect distributed information flows
In a book excerpt from "The Shortcut Guide to Prioritizing Security Spending," author Dan Sullivan explains how to get a handle on enterprise data that may be moving around the globe.
-
Identity lifecycle management for security and complian
Enterprise identities and their associated roles need to be provisioned for access to a variety of services and systems around the organization. In many cases, the entitlements provided to these va...
-
Cut down on calls to help desk with cybersecurity aware
It's no secret that human error accounts for many security blunders. But what's the best way to implement cybersecurity awareness training in your enterprise to keep employees from clicking on phis...
-
Interpreting 'risk' in the Massachusetts data protectio
After many changes, it appears that the recent Massachusetts data protection law is here to stay. Contributor David Navetta reviews the important, ambiguous places in the legislation that your lega...
-
Black box and white box testing: Which is best?
There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip.
-
Straight from the inbox: Your infosec career questions
Lee Kushner and Mike Murray answer this month's batch of information security career questions. Readers asked about the value of infosec certifications, information security officer training and on...
-
How to prepare for a secure network hardware upgrade
Thanks to the spread of 64-bit technologies and the growing interest in IPv6 -- not to mention the possibility of a merger or acquisition -- a major network hardware upgrade is a definite possibili...
-
How to detect software tampering
In their book Surreptitious Software, authors Christian Collberg and Jasvir Nasvir reveals how to tamperproof your software and make sure it executes as intended.
-
Preventing SQL injection attacks: A network admin's per
Your database administrators and application developers should certainly be following best practices to avoid SQL injections, but Michael Cobb explains how network admins can do their part to fight...
-
FTC Red Flags Rules: How to create an identity theft pr
Under FTC's Red Flags Rules, all financial institutions and creditors with covered accounts are required to create an identity theft prevention plan. But who is a creditor and what is a covered acc...
-
Breach prevention: How to keep track of data and applic
The well-known Heartland Payment Systems breach demonstrates the importance of data security. Michael Cobb reviews which tools best monitor a company's valuable enterprise applications and keep tra...
-
Screencast: How to launch an OpenVAS scan
In this screencast, Peter Giannoulis demonstrates the OpenVAS Linux/Unix-based assessment and penetration testing tool.
-
Creating a HIPAA employee training program
Want to get your employees on board the HIPPA/HITECH compliance train? Learn how to create a HIPAA employee awareness training program to make sure employees understand what's at stake.
-
Wireless network guidelines for PCI DSS compliance
The PCI Security Standards Council recently released additional guidance for WLANs, but do they make the compliance process easier? Contributor Ben Rothke examines the key points of the new guideli...
-
How to prevent phishing attacks with social engineering
Is your enterprise capable of withstanding today's phishing attacks? Sherri Davidoff reviews how you can test your employees.
-
Creating a personal brand in information security
In this month's Information Security Career Advisor column, experts Lee Kushner and Mike Murray explain how security pros can better demonstrate their abilities and stand out from the crowd.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.