Security Management Strategies for the CIO-
How to prepare for an information security job intervie
Lee Kushner and Mike Murray offer tips on how to impress possible employers after finally nailing down an information security job interview.
-
Security on a budget: How to make the most of authentic
Working on an identity and access management project can be hard enough without having to worry about sufficient funding. In this tip, learn how to leverage existing identity and access management ...
-
How a corporate Twitter policy can combat social networ
Despite the recent security risks, there is no reason to completely shut down Twitter use in the enterprise. There are, however, important policy controls and technologies that need to be put in pl...
-
Understanding PCI DSS compliance requirements for log m
Proper PCI DSS compliance requires effective event log management, but many enterprises fail to not only gather all the relevant data, but also analyze and remediate the results. Forrester Research...
-
Information security management hype: Debunking best pr
The phrase "best practices" gets tossed around frequently in the security industry, but what does it really mean? Are enterprises actually implementing these best practices in information security,...
-
Screencast: BackTrack 4 offers an arsenal of penetratio
Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com demonstrates BackTrack 4, the final version of the venerable pen-testing live Linux-based CD distribution.
-
Cyberwarfare and the enterprise: Is the threat real?
Recently, there has been a great deal of press about massive botnets and killer denial-of-service attacks. So how concerned should you really be about cyberwarfare? The threat is real, says contrib...
-
Top social networking sites to boost your information s
Information security professionals who are not using LinkedIn, Facebook and Twitter could be missing out on potentially valuable opportunities to advance their careers. In this month's Information ...
-
Network access control technology: Over-hyped or underu
Thinking of deploying network access control (NAC) technology in your enterprise, but aren't sure if its capabilities have finally caught up to its hype? In this expert tip, Mike Chapple offers an ...
-
Are 'strong authentication' methods strong enough for c
If multifactor authentication is so great, why hasn't it replaced the password? Michael Cobb reviews the hype surrounding strong authentication. There are more drawbacks than you think.
-
Smoothwall video: Smoothwall firewall offers defense in
Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com details why Smoothwall may be a smart choice to protect SMBs or lower-priority assets on the cheap
-
Strategies for using technology to enable automated com
Enterprise compliance programs depend on a variety of people, data and processes, so it's no surprise that many organizations seek to implement automated compliance with the help of technology. How...
-
Monitoring program data and internal controls for risk
It's sad but true: Some employees are going to leak or even steal sensitive data. But what are the best ways to mitigate that risk? Learn the best ways to create internal controls for risk manageme...
-
How to prepare for a layoff or 'career incident'
Information security professionals carry valuable skills, but they're still not immune to today's economic downturn. In this month's Information Security Career Advisor column, experts Lee Kushner ...
-
An introduction to Information Security Career Advisor
SearchSecurity.com is pleased to partner with infosec career experts Lee Kushner and Mike Murray to bring you a new monthly column on information security careers. In their debut article, they expl...
-
How to find virtual machines for greater virtualization
When it comes to compliance and virtualization, security vulnerabilities and privacy concerns are not the only issues of interest to auditors. Managing internal virtual machines can be a major secu...
-
Making the case for enterprise IAM centralized access c
Central access to multiple applications and systems can raise the level of security while getting rid of lots of red tape, so how do you go about creating central access management? In this tip, IA...
-
How to defend against rogue DHCP server malware
Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them.
-
Common PCI questions: Web application firewalls or sour
Is it better to use Web application firewalls, automated source code security reviews or vulnerability scans? Michael Cobb reviews your options.
-
PCI management: The case for Web application firewalls
Expert Michael Cobb lays out the compliance and security benefits of Web application firewalls.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.