Security Management Strategies for the CIO-
Short-lived Web malware: Fading fad or future trend?
Attackers are increasingly spreading their malicious code through fly-by-night websites that seem legitimate to unsuspecting users, but are actually laden with malware. Marcos Christodonte II expla...
-
Data security best practices for PCI DSS compliance
The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compli...
-
Maltego demo: Identifying a website's trust relationshi
This month, Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com demonstrates Maltego, an information-gathering tool that infosec pros can use to assist with vulnerability assessments and p...
-
Vulnerability test methods for application security ass
Learn what to do when you have a huge portfolio of potentially insecure applications, limited resources and an overwhelming sense of urgency.
-
Security book chapter: The Truth About Identity Theft
Jim Stickley, author of The Truth About Identity Theft, explains how easy it really is to hack a password.
-
Evaluating MSSP security before taking the plunge
As the economic climate becomes more uncertain, many enterprises are considering the security and cost-saving benefits of managed security service providers (MSSPs). They're not for everyone, howev...
-
Key elements of a HIPAA compliance checklist
Putting together a HIPAA compliance program can be fraught with difficulty and unseen challenges. Richard Mackey reviews four best practices that can help you avoid common pitfalls and pass an audit.
-
How to clear out anonymous Web proxy servers in the wor
Enterprises may use Web filtering software to limit Internet use, but some employees may respond right back with easily available anonymizing proxies. John Strand explains how to keep your users fr...
-
How to use single sign-on for Web access control to pre
Web-based applications are popping up everywhere, and new worms and viruses are being developed just as quickly to exploit them. In this IAM expert tip, David Griffeth explains how to use single si...
-
A preview of PCI virtualization specifications
The PCI Data Security Standard has little to say about virtualization – for now. Michael Cobb explores which best practices are likely to appear in the council's upcoming clarification document.
-
How to use (almost) free tools to find sensitive data
No matter how much security awareness training employees get, some of them will still store sensitive data in insecure places. As a security manager, finding that data becomes of paramount importan...
-
How to integrate the security of both physical and virt
According to a recent Gartner Inc. research report, 60% of virtual machines will be less secure than their physical counterparts through 2009. Michael Cobb explores the challenges of securing a mix...
-
Recovering lost passwords with Cain & Abel
In his latest screencast, Peter Giannoulis of The AcademyPro.com demonstrates how to use the Cain & Abel tool to decipher or track down lost passwords..
-
How to block adult websites from enterprise users by lo
Inappropriate content has always been a problem for enterprise security teams. What are some best practices for blocking adult content and websites from systems? In this security management tip, le...
-
Strategies for email archiving and meeting compliance r
According to a recent study, 29% of surveyed IT professionals archive their email for compliance reasons. Michael Cobb reviews compliance regulations that demand email archiving and how such produc...
-
Book chapter: IPv6 implementation security issues
IPv6 is becoming a reality, but the network-layer protcol is far from perfect. In Chapter 1 of his new book, "IPv6 Security," author Eric Vyncke reviews some vulnerabilities.
-
Are Windows Vista security features up to par?
Expert Michael Cobb explains why attempts to bypass Windows Vista memory protections don't necessarily mean that the operating system lacks security.
-
Security book chapter: Applied Security Visualization
In this section of Chapter 5: Visual Security Analysis (.pdf), author Raffael Marty discovers the forensic analysis of log data for discovering attacks and reporting incidents.
-
Screencast: How to scan with Nmap
Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap.
-
Network security 2009 trends: Mergers, security budget
With a possibly reduced security budget, will you be ready for 2009? Full-time network expert and part-time pundit Mike Chapple offers up four network security predictions for the new year.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.