Security Management Strategies for the CIO-
Screencast: Samurai offers pen-testing nirvana
Peter Giannoulis of The AcademyPro and The Academy Home demonstrates the Samurai Web Testing Framework, a free, live Linux distro pre-configured to function as a stand-alone Web pen-testing environ...
-
Firewall rule management best practices
Given the growing complexity of firewalls, organizations often have hundreds, even thousands, of rules to review and manage. But configuration doesn't have to be overly complicated. Michael Cobb of...
-
When BIOS updates become malware attacks
Most security pros don't give the system BIOS a second thought, or even a first one, but today's BIOS types are highly susceptible to malicious hackers. Information security threats expert Sherri D...
-
The basics of enterprise GRC project management
Implementing an enterprise GRC project requires not only the right technology and training, it also requires cooperation with the executives and employees whose systems and daily work functions may...
-
Best practices for a privileged access policy to secure
Enterprises need to secure accounts belonging to actual users by reviewing and monitoring their privileged access.
-
Mac OS memory flaws pose challenges for enterprise endp
Recent research suggests that poor memory protections in the Mac OS make it much less secure than previously believed. Dee-Ann LeBlanc details how the Mac OS can be exploited and whether new defens...
-
How to align an information security framework to your
CISOs should consider blending traditional business models with information security frameworks, and not rely solely on regulations to drive security programs.
-
Rootkit Hunter demo: Detect and remove Linux rootkits
Peter Giannoulis of The Academy Home and The Academy Pro demonstrates how to install and use Rootkit Hunter, a free rootkit scanner for Linux and BSD distributions.
-
Enterprise UTM security: The best threat management sol
Unified threat management technology is touted as the cure-all for enterprise network security. But is UTM the best product for keeping threats at bay? Expert Mike Chapple explains the pros and con...
-
Best practices: How to implement and maintain enterpris
Effective enterprise role management is essential for properly managing user access rights and enforcing access policies, but the implementation process can be challenging. In this tip, Forrester R...
-
Making the case for network security configuration mana
Network security configuration management isn't exciting, but it's necessary to ensure attackers can't exploit an enterprise's network. In this tip, Tom Bowers explains how easily malicious hackers...
-
How to find and stop automated SQL injection attacks
Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this tip, Patrick Szeto explains how to keep your website off of the malware's radar.
-
An inside look at security log management forensics inv
David Strom provides some examples of log data that provided key clues to enterprise data breaches.
-
How to find sensitive information on the endpoint
Worried that your enterprise endpoints may be harboring sensitive information like credit card numbers or Social Security numbers? Fear not. Mike Chapple offers algorithms and tools to conduct a se...
-
How to choose between source code reviews or Web applic
Michael Cobb explains how to make the right choice between Web application firewalls or source code security reviews.
-
When to use open source security tools over commercial
When budgets are cut and open networks still need securing, it may be helpful to try open source security tools as a sufficient and affordable alternative to pricey commercial products.
-
How to spot attacks through Apache Web server log analy
Log analysis requires refined search skills that will help you ferret out security issues. Brad Causey explains how to sift through log data and find the relevant security information.
-
HIPAA compliance: New regulations change the game
Recent changes to HIPAA regulations coupled with renewed HIPAA enforcement may stir a panic among enterprise security teams charged with safeguarding PHI. Not so, according to security management e...
-
Kerberos configuration as an authentication system for
Looking to implement single sign-on in your enterprise, but have a lot of custom applications that don't seem compatible? In this tip, IAM expert David Griffeth takes a look at Kerberos, a non-prop...
-
Preparing enterprise Wi-Fi networks for PCI compliance
The Payment Card Industry Data Security Standard (PCI DSS) requires several key measures are in place to protect transaction data on enterprise Wi-Fi networks. In this special tip from Forrester Re...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.