Security Management Strategies for the CIO-
Monitoring program data and internal controls for risk
It's sad but true: Some employees are going to leak or even steal sensitive data. But what are the best ways to mitigate that risk? Learn the best ways to create internal controls for risk manageme...
-
How to prepare for a layoff or 'career incident'
Information security professionals carry valuable skills, but they're still not immune to today's economic downturn. In this month's Information Security Career Advisor column, experts Lee Kushner ...
-
An introduction to Information Security Career Advisor
SearchSecurity.com is pleased to partner with infosec career experts Lee Kushner and Mike Murray to bring you a new monthly column on information security careers. In their debut article, they expl...
-
How to find virtual machines for greater virtualization
When it comes to compliance and virtualization, security vulnerabilities and privacy concerns are not the only issues of interest to auditors. Managing internal virtual machines can be a major secu...
-
Making the case for enterprise IAM centralized access c
Central access to multiple applications and systems can raise the level of security while getting rid of lots of red tape, so how do you go about creating central access management? In this tip, IA...
-
How to defend against rogue DHCP server malware
Rogue DHCP server malware is a new twist on an old concept. The good news is that effective threat mitigation strategies exist; the bad news is that many organizations haven't bothered to deploy them.
-
Common PCI questions: Web application firewalls or sour
Is it better to use Web application firewalls, automated source code security reviews or vulnerability scans? Michael Cobb reviews your options.
-
PCI management: The case for Web application firewalls
Expert Michael Cobb lays out the compliance and security benefits of Web application firewalls.
-
Screencast: Samurai offers pen-testing nirvana
Peter Giannoulis of The AcademyPro and The Academy Home demonstrates the Samurai Web Testing Framework, a free, live Linux distro pre-configured to function as a stand-alone Web pen-testing environ...
-
Firewall rule management best practices
Given the growing complexity of firewalls, organizations often have hundreds, even thousands, of rules to review and manage. But configuration doesn't have to be overly complicated. Michael Cobb of...
-
When BIOS updates become malware attacks
Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri D...
-
The basics of enterprise GRC project management
Implementing an enterprise GRC project requires not only the right technology and training, it also requires cooperation with the executives and employees whose systems and daily work functions may...
-
Best practices for a privileged access policy to secure
Enterprises need to secure accounts belonging to actual users by reviewing and monitoring their privileged access.
-
Mac OS memory flaws pose challenges for enterprise endp
Recent research suggests that poor memory protections in the Mac OS make it much less secure than previously believed. Dee-Ann LeBlanc details how the Mac OS can be exploited and whether new defens...
-
How to align an information security framework to your
CISOs should consider blending traditional business models with information security frameworks, and not rely solely on regulations to drive security programs.
-
Rootkit Hunter demo: Detect and remove Linux rootkits
Peter Giannoulis of The Academy Home and The Academy Pro demonstrates how to install and use Rootkit Hunter, a free rootkit scanner for Linux and BSD distributions.
-
Enterprise UTM security: The best threat management sol
Unified threat management technology is touted as the cure-all for enterprise network security. But is UTM the best product for keeping threats at bay? Expert Mike Chapple explains the pros and con...
-
Best practices: How to implement and maintain enterpris
Effective enterprise role management is essential for properly managing user access rights and enforcing access policies, but the implementation process can be challenging. In this tip, Forrester R...
-
Making the case for network security configuration mana
Network security configuration management isn't exciting, but it's necessary to ensure attackers can't exploit an enterprise's network. In this tip, Tom Bowers explains how easily malicious hackers...
-
How to find and stop automated SQL injection attacks
Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this tip, Patrick Szeto explains how to keep your website off of the malware's radar.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.