Security Management Strategies for the CIOVideo Library
-
OWASP Security Spending Benchmarks Project
An OWASP project investigates company spending on software development. A survey found a majority of firms getting an independent third-party security review of software code.
-
Economy fuels malware, spam
Dave Marcus of McAfee's Avert Labs, breaks down the threat landscape and explains why spam numbers are rising and malware writers are taking advantage of the down economy.
-
Security incident response 101
Even the best procedures fail to overcome the stresses in the initial throes of an incident. Security consultant Lenny Zeltser explains how to run a well coordinated response.
-
Jose Nazario on botnets, cyberwarfare
SOURCE Boston 2009: Botnets are being used to silence political dissenters, explains Jose Nazario of Arbor Networks. DDoS attacks are a growing part of cyberwarfare.
-
L0phtCrack returns
Security expert Chris Wysopal explains why the L0phtCrack password cracking tool was unveiled once again after Symantec discontinued sales of L0phtCrack in 2006.
-
Black Hat DC 2009: Keynote excerpt – Paul Kurtz
Former White House advisor Paul Kurtz, said representatives from the public and private sector need to coordinate who should direct a national response to a cyberattack.
-
Black Hat DC 2009: Joanna Rutkowska on Intel TXT flaws
In this session excerpt, researcher Joanna Rutkowska explains flaws discovered in current Intel Trusted Execution Technology (TXT) implementations and how they can be exploited.
-
Black Hat DC 2009: Mac OS attack method
Security researcher Vincenzo Iozzo explains how he found a way to inject malicious code directly into Mac OS X memory, leaving no trace for forensics investigation.
-
Virtualization: Disruptive technologies part 2
Security pros Chris Hoff, Rich Mogull and Dino Dai Zovi discuss the greatest benefits virtualization can offer enterprises, as well as some strategies for anticipating threats to virtualized enviro...
-
Virtualization: Disruptive technologies part 4
Is there a future for vendors offering security solutions for virtualized environments, or will security eventually be almost entirely built-in? Experts Chris Hoff, Rich Mogull and Dino Dai Zovi di...
-
Virtualization: Disruptive technologies part 1
Virtualization promises enterprises amazing cost-saving benefits, but what about the inherent security threats? In part one of this panel, Chris Hoff, Rich Mogull and Dino Dai Zovi discuss the grea...
-
Virtualization: Disruptive technologies part 3
Security experts Chris Hoff, Rich Mogull and Dino Dai Zovi talk about the organizational challenges of virtualization, including the most dangerous way to use virtualization in the enterprise.
-
How to scan a network with Nmap
Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap.
-
How to defend against data-pilfering attacks
In this video from Information Security Decisions 2008, Mandiant's Kevin Mandia details data-pilfering attacks and the four ways hackers can penetrate a network.
-
How to improve incident response plans and procedures
Mandiant's Kevin Mandia reviews his top five incident response challenges.
-
Inside a retail hack
Mandia's Kevin Mandiant offers a post-mortem case study on a recent retail bank hack involving SQL injection.
-
Cyberattacks and extortion
Mandiant's Kevin Mandia assesses the state of cybercrime, which includes an increase in extortion, SQL injections and targeted email attacks.
-
Will cloud computing and virtualization save the day?
Will cloud computing and virtualization make enterprises more secure or leave them more vulnerable? At Information Security Decisions 2008, security researchers discuss the pros and cons of the ine...
-
Defending against Internet security threats and attacks
From buffer overflows to cross-site scripting, Web threats are many. Security researchers at Information Security Decisions 2008 discuss how to keep enterprises safe from these attacks (part 2 of 4).
-
The importance of secure software development training
At Information Security Decisions 2008, security researchers discuss secure application coding and how to teach best practices to young developers (part 4 of 4).