Security Management Strategies for the CIO-
Security on a budget: How to make the most of authentic
Working on an identity and access management project can be hard enough without having to worry about sufficient funding. In this tip, learn how to leverage existing identity and access management ...
-
How a corporate Twitter policy can combat social networ
Despite the recent security risks, there is no reason to completely shut down Twitter use in the enterprise. There are, however, important policy controls and technologies that need to be put in pl...
-
Understanding PCI DSS compliance requirements for log m
Proper PCI DSS compliance requires effective event log management, but many enterprises fail to not only gather all the relevant data, but also analyze and remediate the results. Forrester Research...
-
Screencast: BackTrack 4 offers an arsenal of penetratio
Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com demonstrates BackTrack 4, the final version of the venerable pen-testing live Linux-based CD distribution.
-
Information security management hype: Debunking best pr
The phrase "best practices" gets tossed around frequently in the security industry, but what does it really mean? Are enterprises actually implementing these best practices in information security,...
-
Cyberwarfare and the enterprise: Is the threat real?
Recently, there has been a great deal of press about massive botnets and killer denial-of-service attacks. So how concerned should you really be about cyberwarfare? The threat is real, says contrib...
-
Top social networking sites to boost your information s
Information security professionals who are not using LinkedIn, Facebook and Twitter could be missing out on potentially valuable opportunities to advance their careers. In this month's Information ...
-
Network access control technology: Over-hyped or underu
Thinking of deploying network access control (NAC) technology in your enterprise, but aren't sure if its capabilities have finally caught up to its hype? In this expert tip, Mike Chapple offers an ...
-
Are 'strong authentication' methods strong enough for c
If multifactor authentication is so great, why hasn't it replaced the password? Michael Cobb reviews the hype surrounding strong authentication. There are more drawbacks than you think.
-
Smoothwall video: Smoothwall firewall offers defense in
Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com details why Smoothwall may be a smart choice to protect SMBs or lower-priority assets on the cheap
-
Strategies for using technology to enable automated com
Enterprise compliance programs depend on a variety of people, data and processes, so it's no surprise that many organizations seek to implement automated compliance with the help of technology. How...
-
Monitoring program data and internal controls for risk
It's sad but true: Some employees are going to leak or even steal sensitive data. But what are the best ways to mitigate that risk? Learn the best ways to create internal controls for risk manageme...
-
How to prepare for a layoff or 'career incident'
Information security professionals carry valuable skills, but they're still not immune to today's economic downturn. In this month's Information Security Career Advisor column, experts Lee Kushner ...
-
An introduction to Information Security Career Advisor
SearchSecurity.com is pleased to partner with infosec career experts Lee Kushner and Mike Murray to bring you a new monthly column on information security careers. In their debut article, they expl...
-
How to find virtual machines for greater virtualization
When it comes to compliance and virtualization, security vulnerabilities and privacy concerns are not the only issues of interest to auditors. Managing internal virtual machines can be a major secu...
-
Making the case for enterprise IAM centralized access c
Central access to multiple applications and systems can raise the level of security while getting rid of lots of red tape, so how do you go about creating central access management? In this tip, IA...
-
How to defend against rogue DHCP server malware
Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them.
-
Common PCI questions: Web application firewalls or sour
Is it better to use Web application firewalls, automated source code security reviews or vulnerability scans? Michael Cobb reviews your options.
-
PCI management: The case for Web application firewalls
Expert Michael Cobb lays out the compliance and security benefits of Web application firewalls.
-
Screencast: Samurai offers pen-testing nirvana
Peter Giannoulis of The AcademyPro and The Academy Home demonstrates the Samurai Web Testing Framework, a free, live Linux distro pre-configured to function as a stand-alone Web pen-testing environ...
-
Exploit toolkits explained: How they aid cyberattacks
Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
-
How to prevent the top five most common Web app flaws
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them.
-
SIEM best practices for advanced attack detection
SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step.
-
Reducing compliance risk through compliance automation
Tony UcedaVelez offers tips for automating compliance tasks to reduce IT security and compliance risk while easing the pain of arduous compliance audits.