Security Management Strategies for the CIO-
Defining the benefits of a securely configured VLAN
Expert Brad Casey explains how to configure a VLAN in order to achieve the benefits of VLAN security, including protection against insider attacks.
-
Is security an issue for the Ruby on Rails framework?
The recent Ruby on Rails security vulnerabilities can be patched. Expert Michael Cobb discusses the fallout and offers help with remediation planning.
-
How to thwart privilege creep with access reviews
Most enterprises suffer from privilege creep among long-time employees. Peter Gregory explains how to limit user privileges with access reviews and automation.
-
NoSQL security vs. RDBMS security
With NoSQL databases increasingly being used to tackle big data challenges, expert Michael Cobb examines NoSQL security in comparison to RDBMS.
-
DLP management tools and reporting: Key considerations
When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.
-
How DLP encryption, integration strengthen security
Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions.
-
Using DLP tools for data leakage alerting
When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking.
-
DLP tools: Defining policies to monitor data
DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take.
-
Discovery and data fingerprinting key in DLP products
Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter.
-
Complying with the new HIPAA omnibus rule
The new HIPAA omnibus rule begins a new chapter in HIPAA compliance. Learn how the changes will affect IT security pros and how to comply.
-
UPnP protocol: A security issue for enterprises?
Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat.
-
Why CISOs must adopt a new mentality to protect data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.
-
Forrester: Why IP needs increased data protection
Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.'
-
McGraw: Don't 'hack back'; instead, build security in
Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.
-
How serious are recent MySQL zero-day vulnerabilities?
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed?
-
Analysis of the PCI mobile payment security guidelines
Mike Chapple discusses the new PCI Mobile Payment Acceptance Security Guidelines and the mobile payment processing implications for merchants.
-
Improving enterprise email security: Systems and tips
Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.
-
A step-by-step targeted attack protection plan
Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.
-
Be wary of the watering hole ... attack technique
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them.
-
Low-cost methods for secure, large file transfer
Transferring large files safely can be a costly process. Matt Pascucci offers low-cost options for secure, large file transfers in the enterprise.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.