Security Management Strategies for the CIO-
The value of application whitelists
Although some may find Windows Vista's User Account Control feature annoying, it is really a variation of a security mechanism that is now re-emerging: the application whitelist. Michael Cobb explo...
-
How to implement and enforce a social networking securi
For a new generation of employees entering the workforce, social networking isn't a luxury, it's a necessity. Yet not all enterprises understand that failing to consider social networking security ...
-
New blacklists: Highly predictive or hardly worth it?
Renowned security expert Marcus Ranum once declared that blacklists were one of the most misguided ideas in computer security. But what about a new, more customized approach called highly predictiv...
-
ID and password authentication: Keeping data safe with
Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements.
-
Enterprise single sign-on: Easing the authentication pr
Learn how enterprise single sign-on (SSO) can ease the authentication process and can be a solution to employee access issues. Implementation and single sign-on software are also discussed.
-
PKI and digital certificates: Security, authentication
Get more information about PKI and digital certificates, such as how to implement PKI, how to ensure security and available implementation. Also learn about digital certificates, signatures and ach...
-
Security token and smart card authentication
Get advice on how to mitigate data theft from hackers with security token and smart card authentication technology, smart card readers and software.
-
Biometric authentication know-how: Devices, systems and
Discover the pros and cons of multiple biometric authentication devices and techniques, such as iris pattern or fingerprint scans, voice recognition and keystroke dynamics. Also get advice on biome...
-
Richard Mackey: Building a framework-based compliance p
Richard Mackey talks about frameworks that can help you find the holes in your compliance program.
-
Smartphone security: The growing threat of mobile malwa
The increasingly pervasive use of wireless handhelds in the enterprise is just one reason why malware pros are getting serious about mobile malware. Lisa Phifer details all the reasons why smartpho...
-
Screencast: How Tor improves Web surfing privacy and se
In an on-screen demonstration, learn how Tor can be used to ensure that surfing habits aren't recorded by malicious hackers.
-
FISMA compliance made easier with OpenFISMA
Scott Sidel examines the open source security tool OpenFISMA, a compliance tool that assists government agencies and their contractors in meeting FISMA's requirements.
-
Recovering stolen laptops one step at a time
When a student's laptop was stolen last year on a university campus, police and IT investigators went to work, recovering it within a matter of weeks. Neil Spellman, one of the investigators on the...
-
Workstation hard drive encryption: Overdue or overkill?
In an age of high-profile data breaches and insider risks, encryption is an important defense mechanism for enterprises. The question is: how much encryption is necessary? Many security pros have ...
-
How to detect system management mode (SMM) rootkits
Rootkits were once a system administrator's best friend. Now they have evolved to become an admin's worst nightmare: well-known, surreptitious malware that can provide super user access to an infec...
-
Learning the language of global compliance
When a company expands its operations to other countries, what compliance issues confront a security manager? Expert Mike Rothman explains how data security and data privacy can be the same in any ...
-
Wireshark tutorial: How to sniff network traffic
One of today's most popular network security analysis tools is Wireshark. The freely available analyzer can inspect traffic, identify denial-of-service attacks and troubleshoot devices and firewall...
-
User provisioning software: Emerging features reveal ma
As a fundamental feature of IAM suites, user provisioning can streamline access to multiple systems on a network. But how does user provisioning work and what features is it likely to add in the fu...
-
IE 8 beta 2 security features may mark improvements for
Despite Microsoft's previous best efforts to build a more secure browser, some users may have been discouraged with Internet Explorer 7. That may change now with the beta release of IE 8. Michael C...
-
Windows registry forensics: Investigating system-wide s
Information security forensic investigations can be a big job, but Windows registry command tools can make it easier. From querying autostart programs to getting the goods on every USB device ever ...
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.