Security Management Strategies for the CIO-
How to learn from your compliance mistakes
In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen.
-
Lessons learned from the Tavis Ormandy Sophos research
Learn how the discovery of several flaws in the Sophos antivirus engine can help advance the state of antimalware software.
-
Windows MBSA scan: Conduct a Windows security review
In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review.
-
Insights on strategies for modern security management
Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.
-
Reviewing your Web app security assessment tools
Expert Cory Scott offers pointers for using Web application security assessment tools and developing an application security assessment strategy.
-
Training: The first line of defense against human error
Security team member Jeffrey Catalfamo details the key elements of a successful anti-social engineering training program.
-
Writing a mobile device security policy that works
Expert Lisa Phifer explains the process for creating a winning enterprise mobile device security policy that reduces the risk of mobile data threats.
-
NSA best practices for data security
Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security.
-
Four VDI security concepts for every virtual desktop
Traditional IT security measures don’t always apply well to virtual desktop infrastructures; apply these four VDI security concepts.
-
HIPAA privacy rules changes may demand new processes
Proposed HIPAA privacy rules changes may require companies to keep closer tabs on electronic health records. Charles Denyer explains what it may mean for enterprise compliance.
-
Comparing enterprise endpoint security; Mac VS Windows
Expert Mike Chapple explores the security implications of running Macs on the corporate network in a side-by-side comparison of Windows vs. Mac security.
-
Continuous monitoring strategy for government security
A security expert offers insights and advice for government security managers on implementing a continuous monitoring strategy.
-
A probem management process flow minimizes incident
Most organizations have an incident response team, but how many have a problem management team? Michael Cobb explains how problem management can prevent incidents.
-
NMAP NSE tutorial: ID network assets, vulnerabilities
In this screencast, expert Mike McLaughlin offers an NMAP NSE tutorial for enterprise network asset and vulnerability identification.
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials.
-
Antivirus software: Virus detection techniques
Antivirus software uses several different virus detection techniques, as described in this tip by expert Lenny Zeltser.
-
Is now the time to upgrade from Windows XP to 7?
A disproportionate percentage of PCs infected with rootkits are running Windows XP. Does the upgrade from Windows XP to 7 need to happen now?
-
Securing Android devices with a mobile security policy
Secure employee-liable Android devices with workable security policies that discover, enroll, protect and monitor all Android endpoints.
-
Patch management: Fast rollouts vs. thorough testing
Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing.
-
Standardized security practices to defend your network
PCI DSS, HIPAA, ISO and other enterprise compliance guidelines offer a foundation to build repeatable information security processes and procedures. Marcos Christodonte II explains how.
-
Three simple rules for talking compliance with execs
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings.
-
Advanced malware and threat-detection products emerge
Traditional security tools are no longer sufficient for defending against new breeds of attacks, forcing advanced threat-detection products to emerge.
-
How to deploy network security devices the right way
John Burke offers advice on effectively deploying network security devices to protect sensitive data and manage the mobility boom in the enterprise.
-
Breach crisis: How to get better at intrusion detection
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis.