Security Management Strategies for the CIO-
Employee-owned handhelds: Security and network policy c
Consumer use of iPhones, smartphones and other handhelds has exploded in recent years, and naturally more employees want to use them for business. With today's growing number of personally owned de...
-
Worst practices: Encryption conniptions
Through the years, SearchSecurity.com's expert contributors have no doubt spent much of their time pointing out a variety of security best practices. But what about the worst practices? In honor...
-
Worst practices: Recognizing the biggest compliance mis
With all of the compliance requirements and regulations organizations need to abide by these days, corporate compliance blunders are inevitable. In this tip, security management expert Mike Rothman...
-
Worst Practices: Three big identity and access manageme
Simple IAM mistakes such as writing down passwords and unaudited user accounts can allow malicious access into corporate networks. In this tip, contributor Joel Dubin exposes the most common identi...
-
Failure mode and effects analysis: Process and system r
Information security pros are always trying to assess which systems and processes pose the greatest risk to an organization. In this tip, Gideon T. Rasmussen explains how the failure mode and effec...
-
Google hacking exposes a world of security flaws
In this tip, contributor Scott Sidel examines Goolag, a open source security tool that assists security pros in finding flaws in websites through Google hacking.
-
E-discovery management: How IT should interact with the
Amid the growing important of electronic discovery, it's critical that an organization's IT team strike a good working relationship with its legal team. But this can be un-chartered territory for I...
-
Screencast: Using Nessus to scan for vulnerabilities
Peter Giannoulis of Bones Consulting demonstrates how Nessus can be used as a vulnerability assessment tool that enterprises can use to help protect critical systems and networks.
-
Phased NAC deployment for compliance and policy enforce
Thinking about NAC? You're not alone. Many organizations are taking a new look at the latest generation of network access control tools, with the hopes of mapping security policy requirements to te...
-
Web scanning and reporting best practices
Implementing a solid Web scanning routine is a key way to avoid corporate Web application attacks. And with industry requirements such as PCI DSS, performing vulnerability scans are also required t...
-
Windows BitLocker: Enabling disk encryption for data pr
With Windows Vista, Microsoft introduced a whole-disk encryption mechanism called BitLocker. The feature has enabled Windows to provide better data protection, but the tool is not without drawbacks...
-
Stopping malware in its tracks
There's no such thing as a cure-all for stopping malware. Effective malware defense demands a keen attention to detail and careful planning. Expert Lenny Zeltser offers a malware-defense blueprint ...
-
Built-in Windows commands to determine if a system has
In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine h...
-
Incident response success in five quick steps
Most organizations claim to have an incident response plan, but if it exists only in someone's head or as a few sketches on a crusty notepad, then that's as good as asking for failure. In this tip,...
-
Data loss prevention (DLP) tools: Can they prevent iden
Despite advances in perimeter technologies, data theft has become common in today's enterprises. To protect their confidential information, some security professionals are turning to an emerging te...
-
Screencast: Opening up the Network Security Toolkit
Tom Bowers reviews the basics of the browser-based Network Security toolkit, including proper configurations, tool selection and general usage.
-
Exploit research: Keeping tabs on the hacker undergroun
Protecting an organization against malicious hackers is a constant challenge, especially when attack methods are constantly evolving. But, according to information security threats expert Ed Skoudi...
-
The forensics mindset: Making life easier for investiga
Eventually every enterprise suffers an incident, and a little preparation now can make all the difference when an event occurs. In this tip, contributor Mike Rothman explains why thinking like an i...
-
How to lock down USB devices
USB devices, thumb drives, flash drives -- whatever you call them, portable media present a significant challenge for enterprises, as they enable easier data transport for mobile workers, but are o...
-
Enigmail: Wrapping email in a digital security blanket
In this tip, contributor Scott Sidel examines Enigmail, a Mozilla Thunderbird add-on that makes email security esay for security pros.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.