Security Management Strategies for the CIO-
An inside look at security log management forensics inv
David Strom provides some examples of log data that provided key clues to enterprise data breaches.
-
How to find sensitive information on the endpoint
Worried that your enterprise endpoints may be harboring sensitive information like credit card numbers or Social Security numbers? Fear not. Mike Chapple offers algorithms and tools to conduct a se...
-
How to choose between source code reviews or Web applic
Michael Cobb explains how to make the right choice between Web application firewalls or source code security reviews.
-
When to use open source security tools over commercial
When budgets are cut and open networks still need securing, it may be helpful to try open source security tools as a sufficient and affordable alternative to pricey commercial products.
-
How to spot attacks through Apache Web server log analy
Log analysis requires refined search skills that will help you ferret out security issues. Brad Causey explains how to sift through log data and find the relevant security information.
-
HIPAA compliance: New regulations change the game
Recent changes to HIPAA regulations coupled with renewed HIPAA enforcement may stir a panic among enterprise security teams charged with safeguarding PHI. Not so, according to security management e...
-
Kerberos configuration as an authentication system for
Looking to implement single sign-on in your enterprise, but have a lot of custom applications that don't seem compatible? In this tip, IAM expert David Griffeth takes a look at Kerberos, a non-prop...
-
Preparing enterprise Wi-Fi networks for PCI compliance
The Payment Card Industry Data Security Standard (PCI DSS) requires several key measures are in place to protect transaction data on enterprise Wi-Fi networks. In this special tip from Forrester Re...
-
Short-lived Web malware: Fading fad or future trend?
Attackers are increasingly spreading their malicious code through fly-by-night websites that seem legitimate to unsuspecting users, but are actually laden with malware. Marcos Christodonte II expla...
-
Data security best practices for PCI DSS compliance
The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compli...
-
Maltego demo: Identifying a website's trust relationshi
This month, Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com demonstrates Maltego, an information-gathering tool that infosec pros can use to assist with vulnerability assessments and p...
-
Vulnerability test methods for application security ass
Learn what to do when you have a huge portfolio of potentially insecure applications, limited resources and an overwhelming sense of urgency.
-
Security book chapter: The Truth About Identity Theft
Jim Stickley, author of The Truth About Identity Theft, explains how easy it really is to hack a password.
-
Evaluating MSSP security before taking the plunge
As the economic climate becomes more uncertain, many enterprises are considering the security and cost-saving benefits of managed security service providers (MSSPs). They're not for everyone, howev...
-
Key elements of a HIPAA compliance checklist
Putting together a HIPAA compliance program can be fraught with difficulty and unseen challenges. Richard Mackey reviews four best practices that can help you avoid common pitfalls and pass an audit.
-
How to clear out anonymous Web proxy servers in the wor
Enterprises may use Web filtering software to limit Internet use, but some employees may respond right back with easily available anonymizing proxies. John Strand explains how to keep your users fr...
-
How to use single sign-on for Web access control to pre
Web-based applications are popping up everywhere, and new worms and viruses are being developed just as quickly to exploit them. In this IAM expert tip, David Griffeth explains how to use single si...
-
How to use (almost) free tools to find sensitive data
No matter how much security awareness training employees get, some of them will still store sensitive data in insecure places. As a security manager, finding that data becomes of paramount importan...
-
A preview of PCI virtualization specifications
The PCI Data Security Standard has little to say about virtualization – for now. Michael Cobb explores which best practices are likely to appear in the council's upcoming clarification document.
-
How to integrate the security of both physical and virt
According to a recent Gartner Inc. research report, 60% of virtual machines will be less secure than their physical counterparts through 2009. Michael Cobb explores the challenges of securing a mix...
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.