Security Management Strategies for the CIO-
Discovery and data fingerprinting key in DLP products
Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter.
-
Complying with the new HIPAA omnibus rule
The new HIPAA omnibus rule begins a new chapter in HIPAA compliance. Learn how the changes will affect IT security pros and how to comply.
-
UPnP protocol: A security issue for enterprises?
Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat.
-
Why CISOs must adopt a new mentality to protect data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.
-
Forrester: Why IP needs increased data protection
Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.'
-
McGraw: Don't 'hack back'; instead, build security in
Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.
-
How serious are recent MySQL zero-day vulnerabilities?
In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed?
-
Analysis of the PCI mobile payment security guidelines
Mike Chapple discusses the new PCI Mobile Payment Acceptance Security Guidelines and the mobile payment processing implications for merchants.
-
Improving enterprise email security: Systems and tips
Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.
-
A step-by-step targeted attack protection plan
Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.
-
Be wary of the watering hole ... attack technique
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them.
-
Low-cost methods for secure, large file transfer
Transferring large files safely can be a costly process. Matt Pascucci offers low-cost options for secure, large file transfers in the enterprise.
-
Evaluating embedded systems security in the enterprise
Recent high-profile printer vulnerabilities illustrate why enterprises need to be aware of embedded systems security. Expert Nick Lewis discusses.
-
Inside PCI DSS Risk Assessment Guidelines
Mike Chapple outlines the recommendations in the PCI DSS Risk Assessment Guidelines and explains how they can make a compliance program stronger.
-
Analysis: What Gigabit Wi-Fi means for network security
Will Gigabit Wi-Fi significantly alter network security, or will it mean business as usual? Expert Brad Casey discusses the new 802.11ac standard.
-
Patch management on a budget? Try virtual patching
Struggling to bring the cost of the patch management process down? Expert Michael Cobb suggests virtual patching and automated tools can play a role.
-
Concerned about business logic abuse? Improve the SDLC
Expert Nick Lewis details the threat posed by business logic attacks and how stressing the importance of security in the SDLC can reduce that threat.
-
Ensuring an ultra-redundant network security posture
Matthew Pascucci discusses layered security, explaining how to apply defense-in-depth principles toward an ultra-redundant network security posture.
-
How to prepare for the eventual arrival of SHA-3
Expert Michael Cobb digs into Keccak, the winner of NIST's SHA-3 algorithm competition, to guide infosec teams on how to prepare for its arrival.
-
SSL certificate management: Avoiding mistakes
Errors are bound to occur when SSL certificate management is handled manually. Learn how to avoid these common mistakes.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.