Security Management Strategies for the CIO
Video Library
-
Screencast: Burp Suite as a local proxy for pen testing
In this screencast, Mike McLaughlin offers a short Burp Suite tutorial, including the key features of this powerful pen testing tool: Burp Proxy.
-
Webcast: Data management & PCI DSS compliance
In this special presentation, expert Mike Chapple explores how to build a data management program in support of enterprise PCI DSS compliance.
-
Screencast: Use GHDB to locate security vulnerabilities
In this screencast, Mike McLaughlin uses the Google Hacking Database (GHDB) to identify Googledorks and other security vulnerabilities.
-
Video: Microsoft's Katie Moussouris on disclosure
Katie Moussouris discusses coordinated vulnerability disclosure, the Microsoft Blue Hat Prize and developing an ISO vulnerability disclosure standard.
-
Ira Winkler: Hacktivism threat is overstated
Information security expert Ira Winkler discusses hacktivism news, in the wake of Anonymous and LulzSec, and justifies why enterprise hacktivism defense isn't needed.
-
Webcast: Three methods for securing DNS infrastructure
Char Sample details three key methods for securing DNS, including how to monitor an enterprise’s DNS infrastructure traffic.
-
Video: David Navetta on what's hot in compliance
Attorney David Navetta discusses why PCI liability matters to card brands, the effect of the HIPAA enforcement rule and breach notification laws.
-
Ernie Hayden on SCADA security issues
ICS and SCADA system security expert Ernie Hayden of Verizon discusses key exploit areas and the threat SCADA systems pose to national security.
-
Bruce Schneier explains sociology of trust
Bruce Schneier’s new book Liars and Outliers takes a deep dive into the evolution of trust and the sociology of security.
-
Mobile security still evolving, expert says
Kevin Mahaffey, CTO of mobile security firm Lookout, says innovative mobile security technologies are on the horizon.
-
Video: Gary McGraw on secure software development
Getting a handle of your software security processes is not easy, but noted software security expert Gary McGraw says forward learning organizations share some similarities.
-
ShareEnum eases network enumeration, share permissions
Mike McLaughlin displays how easy network enumeration can be with ShareEnum, including the ability to quickly secure network shares and display share permissions.
-
How to use WPScan to provide WordPress plug-in security
Mike McLaughlin displays the abilities of WPScan and the simplicity the tool offers in assessing the security of WordPress plug-ins and avoiding related security vulnerabilities.
-
Enterprise file integrity software benefits
In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises.
-
EDRM: Bolstering content management security
Learn about implementing enterprise EDRM and how this technology combo supports enterprise content management security.
-
Web application attacks: Types and countermeasures
Video: Matasano Security's Cory Scott covers Web application attack types and how they target different layers of an application.
-
Revitalizing endpoint security with VDI desktops
Implementing VDI desktops provides an opportunity to re-architech endpoint security and management. Learn how in this supercast with Eric Ogren.
-
NSA’s Sager: Firms must seek to disrupt cyberattacks
The NSA’s Tony Sager discusses the likelihood of ‘digital Pearl Harbor’ and how to prepare for cyberattacks by cost-effectively disrupting attackers.
-
NSA’s Sager on recent breach trends, APT hype
The NSA’s Tony Sager discusses macro trends of 2011 security breaches, why advanced persistent threat hype isn’t justified, and infosec lessons learned from his wife and kids.
-
Video: Dan Guido on rethinking infosec threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that.