Security Management Strategies for the CIO-
Metadata security and preventing leakage of information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.
-
Duqu malware advice: Should enterprises worry about the
Enterprise threats expert Nick Lewis offers analysis of the recent Duqu malware outbreak and the Duqu Trojan response enterprises should take.
-
Hardening network security to contain VoIP risks
Mike Chapple analyzes the VoIP risks posed by implementing a VoIP network and exposes the reality of telephone eavesdropping.
-
Avoiding access creep in enterprise access management
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check.
-
EDRM-DLP could bolster document security management
The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management.
-
Enable secure Web developments: vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in.
-
Implement an enterprise threat assessment methodology
Learn how incorporating an assessment of external threats can increase the accuracy and comprehensiveness of risk assessments.
-
Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.
-
How to learn from your compliance mistakes
In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen.
-
Lessons learned from the Tavis Ormandy Sophos research
Learn how the discovery of several flaws in the Sophos antivirus engine can help advance the state of antimalware software.
-
Windows MBSA scan: Conduct a Windows security review
In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review.
-
Insights on strategies for modern security management
Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.
-
Reviewing your Web app security assessment tools
Expert Cory Scott offers pointers for using Web application security assessment tools and developing an application security assessment strategy.
-
Training: The first line of defense against human error
Security team member Jeffrey Catalfamo details the key elements of a successful anti-social engineering training program.
-
Writing a mobile device security policy that works
Expert Lisa Phifer explains the process for creating a winning enterprise mobile device security policy that reduces the risk of mobile data threats.
-
NSA best practices for data security
Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security.
-
Four VDI security concepts for every virtual desktop
Traditional IT security measures don’t always apply well to virtual desktop infrastructures; apply these four VDI security concepts.
-
HIPAA privacy rules changes may demand new processes
Proposed HIPAA privacy rules changes may require companies to keep closer tabs on electronic health records. Charles Denyer explains what it may mean for enterprise compliance.
-
Comparing enterprise endpoint security; Mac VS Windows
Expert Mike Chapple explores the security implications of running Macs on the corporate network in a side-by-side comparison of Windows vs. Mac security.
-
Continuous monitoring strategy for government security
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy.
-
A smarter, programmatic approach to SOX compliance
After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.
-
Next-gen firewalls improve application awareness
Learn how next-gen firewalls offer improved application awareness and granularity to manage or block particular application features.
-
Choosing the right IT security framework
Expert Joe Granneman introduces several IT security frameworks and standards, and offers advice on choosing the right one for your organization.
-
Anyka - Fotolia
The role of sandboxing in advanced malware detection
Expert Brad Casey details how advanced malware detection products rely heavily on sandboxing technology, though it's not a cure all for enterprises.