Security Management Strategies for the CIO-
Information security forecast: Security management in 2
What will the year ahead hold for information security? Learn about the likely trends -- from dealing with questions of enterprise virtualization and SaaS security, to Web application security, to ...
-
Identity and access management 2009: Staff cuts, inside
Identity and access management in 2009 will be drastically different from 2008, most notably because staff reductions may result in a new crop of malicious attackers. In this tip, David Griffeth ex...
-
How to increase security with a decreasing budget
Throughout 2009, organizations will focus on being smarter, leaner and cheaper, which may leave security --- and funding for security -- out of the big picture. But don't panic; Michael Cobb explai...
-
Future security threats: Enterprise attacks of 2009
Will organizations be ready for next year's enterprise security threats? Expert John Strand reviews what's in store for 2009, including new weapons, old vulnerabilities, and new takes on old attack...
-
End-user Compliance: Creating a security awareness trai
Security awareness training is a must, but what's the best way to create a successful program, and what are the tell-tale signs that it's working? In this tip, security management expert David Mort...
-
Cracks in WPA? How to continue protecting Wi-Fi network
German researchers recently described a Wi-Fi Protected Access (WPA) flaw that seemed to put the security of the popular wireless protocol in question. Network security expert Mike Chapple explains...
-
Screencast: How to gather host-level data with Network
Peter Giannoulis of www.theacademypro.com demonstrates how to use Network Miner, an open source, passive network sniffer tool that hasn't received the attention that it deserves.
-
Use BotHunter for botnet detection
Got bots? Hopefully not, but how can you be sure? Learn about botnet detection with the help of a free tool, BotHunter. This can keep your computers from participating in a botnet and subsequently ...
-
How to prevent clickjacking attacks with security polic
Clickjacking, an emerging hacker technique similar to cross-site scripting, tricks a user into executing malicious commands on a seemingly legitimate or innocent website. John Strand reviews how th...
-
Security and audit relationships: Uneasy antagonists or
The relationship between information security pros and auditors can be a rocky one, but there are a few specific steps that can make it smoother. Tony Higgins explains the best ways to keep auditor...
-
Deleting user accounts: How to manage users during a la
When budgets get cut across the enterprise, it's likely that employees will get cut, too. So what's the best way to handle a large number of user account modifications or deletions? IAM expert Davi...
-
Writing Wireshark network traffic filters
The freely available Wireshark tool can provide valuable analysis of network traffic, but capturing packets can often lead to an overload of data. Mike Chapple explains how to use Wireshark's traff...
-
Security beyond compliance: A proactive and customized
Though compliance guidelines are a good place to start, they in no way guarantee the security of a network. Marcos Christodonte II explains how to create a unique and dynamic security framework tha...
-
Video: The foundation of an email security strategy
Guest instructor Joel Snyder explains which standards can help you increase the security of SMTP-based email.
-
Screencast: Collecting metadata with Metagoofil
Peter Giannoulis explains how Metagoofil, an information gatherer that extracts metadata from public documents, can be extremely valuable when investigating a target network.
-
The 100-day plan: Achieving success as a new security m
One of the top priorities of any newly minted information security manager is to implement a new enterprise security strategy. In this tip, security management expert Mike Rothman explains what nee...
-
Review system event logs with Splunk
Splunk is a free tool that provides log review and management. From parsing files to triggering alerts and scripts, Splunk can greatly reduce the amount of time security teams spend on logs.
-
How to stop malware in a 'Flash'
Always innovating, attackers have found ways to mask their malware by placing the code into PDFs and Flash files. The malware often appears to be legitimate ads for products, and it can be particul...
-
Video: Setting up a secure wireless network
In a four-part video series, Joel Snyder of Opus One walks you through the phases of a secure wireless network setup.
-
Cloud compliance: How to manage SaaS risk
While Software as a Service (SaaS) can cut costs, there are definite security concerns to be aware of, including compliance issues. What's the best way to make sure that data is safe and audit-read...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.