Security Management Strategies for the CIO-
Certificate security: Attack methods and defenses
Is your enterprise struggling with digital security certificate problems? Expert Nick Lewis discusses mitigations for digital certificate attacks.
-
Complying with new NIST incident response guidelines
NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan.
-
Analysis: Surface tablet up for BYOD security challenge
Expert Michael Cobb says the forthcoming Windows tablet security features on Microsoft's Surface could help meet enterprise BYOD challenges.
-
Primer: Software-defined networking security
Matthew Pascucci offers an intro to software-defined networking and explains why SDN security relies on securing the SDN controller at all costs.
-
Five tips for improving a threat management program
Utilize these five simple tips from expert Diana Kelley to improve your enterprise's threat and vulnerability management program.
-
Broad participation key to successful GRC framework
Chris McClean of Forrester Research provides a GRC framework. It offers three lines of defense to boost participation rates and define clear roles.
-
How to streamline log analysis and management
Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.
-
Five tips for better information security processes
Change is hard, but expert Claudia Girrbach provides five techniques to help enterprises establish new information security processes and culture.
-
Prepare for Flame's functionality, not Flame itself
Security expert Nick Lewis analyzes Flame malware, plus gives tips for dealing with Flame's most unique function: its use of fraudulent certificates.
-
Data center virtualization and the cost of compliance
Security expert Mike Chapple explores whether the cost of compliance outweighs the benefits afforded by enterprise data center server virtualization.
-
Feeding the SIEM: Why integration, coverage matters
Reliable anomaly detection using a SIEM hinges on collecting a wide range of security events. Andrew Hutchison covers SIEM integration best practices.
-
Firewall vs. IPS: NGFWs offer the best of both worlds
News analysis: Will the evolution of next-generation firewalls eliminate the stand-alone IPS market? Sean Martin discusses firewalls vs. IPS.
-
Essential enterprise mobile security controls
Learn about the mobile security controls you should consider when formulating an enterprise mobile security strategy.
-
Web application firewalls: Best option for security?
Mike Chapple on improving defense-in-depth security with Web application firewalls (WAFs) and a strong software development lifecycle (SDLC) process.
-
Fighting off zero-day attacks with anomaly monitoring
Expert Char Sample explains how anomaly-based monitoring may be a key step forward in uncovering zero-day vulnerabilities.
-
Big data for infosec: What’s the big deal?
Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape.
-
So if AV doesn't work, what's next?
Do any viable antivirus alternatives exist? Security expert Matt Pascucci offers an endpoint security strategy that looks beyond AV to fight malware.
-
Five key controls to prevent data exfiltration
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration.
-
Secure Web gateways: New features that matter
Expert Michael Cobb reviews secure Web gateway appliance features that can better shield endpoints, plus SWG deployment options.
-
User account security best practices to thwart attacks
The recent CloudFlare hack showed how poor user account security and password recovery can be compromised. Learn how to avoid a similar incident.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.