Security Management Strategies for the CIO-
How to accept mobile payments and stay PCI compliant
Merchant PCI compliance is hard enough, but now mobile payment processing adds a new wrinkle. Learn how P2P encryption can help you stay compliant.
-
Defending against the collateral damage of cyberwar
Surviving cyberwar is now a priority for enterprises, with more Stuxnet malware-style attacks sure to come. Expert Nick Lewis has a defensive primer.
-
Using the network to defend against Oracle TNS Listener
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications.
-
What’s new in enterprise IPS/IDS?
Haven’t shopped for an IDS/IPS in a while? Karen Scarfone details important recent innovations to IDS/IPS technologies.
-
Four techniques for social engineering pen tests
Social engineering penetration testing is now a must for enterprises. Learn about the four methods your pen tests should use.
-
The effects of Visa's PCI compliance policy change
Does Visa's PCI compliance policy change mean the end of the PCI assessment? Mike Chapple discusses what it means for security professionals.
-
Remote Desktop Protocol security best practices
What is RDP and why does it pose a security threat? Expert Matt Pascucci explains why it’s needed and how best to secure RDP it in the enterprise.
-
Comparing data anonymization techniques
Compare data anonymization techniques including encryption, substitution, shuffing, number and data variance and nulling out data.
-
After Flashback: How to evolve Mac enterprise security
Expert Nick Lewis discusses how Mac enterprise security must evolve to combat the rising Mac malware tide, spearheaded by the Flashback malware.
-
Taming IAM in the extended enterprise with Zero Trust
Cloud and distributed computing have caused many enterprise IAM challenges. Eve Maler details how Forrester's Zero Trust model can help.
-
Why CISOs must actively engage management on security
A CISO’s responsibilities must include convincing executives to take an active role in security governance. Expert Ernie Hayden explains how.
-
Choosing the right third-party incident response help
Expert Nick Lewis provides criteria for selecting outside incident response firms and how to define security incident response process needs early on.
-
How the JOBS Act affects SOX compliance requirements
While SMBs may benefit from the JOBS Act, Sarbanes-Oxley compliance for enterprises may remain largely unchanged. Expert Mike Chapple explains why.
-
Are enterprises unnecessarily paying for AV software?
When looking for effective enterprise antivirus software, does it matter whether it is free or paid antivirus? Yes it does, says expert Michael Cobb.
-
Addressing methods make IPv6 attacks easy for attackers
For World IPv6 Launch Day 2012, Fernando Gont covers why common ways of generating IPv6 addresses actually make an attacker’s job easier.
-
Security execs discuss value of security certifications
Do security certifications provide value and advance information security careers? Peter Rendall offers some surprising opinions from security execs.
-
MDM features vs. native mobile security
MDM features abound, but should they always trump native security features of mobile devices? Lisa Phifer discusses the pros and cons.
-
Facing the threat of SSL vulnerabilities
Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely.
-
How to prep for KPMG's HIPAA audit tidal wave
KPMG HIPAA audits will hit 150 companies this year. What if yours is one of them? Mike Chapple explains how to handle the HIPAA compliance hot seat.
-
How to protect against APT attacks
Mike Chapple offers best practices to defend your network against the latest threat to the security landscape, targeted APT attacks.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.