Security Management Strategies for the CIOVideo Library
-
NSA’s Sager: Firms must seek to disrupt cyberattacks
The NSA’s Tony Sager discusses the likelihood of ‘digital Pearl Harbor’ and how to prepare for cyberattacks by cost-effectively disrupting attackers.
-
NSA’s Sager on recent breach trends, APT hype
The NSA’s Tony Sager discusses macro trends of 2011 security breaches, why advanced persistent threat hype isn’t justified, and infosec lessons learned from his wife and kids.
-
Video: Dan Guido on rethinking infosec threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that.
-
Inside the NSA trusted computing strategy
The NSA’s Tony Sager discusses the NSA trusted computing strategy and the importance of finding cost-effective ways to disrupt potential attackers.
-
(ISC)2 director on group's strategy, women in infosec
(ISC)2 Executive Director W. Hord Tipton discusses (ISC)2 training, strategy, new initiatives and how it’s helping women in information security.
-
MGH security director on the business case for security
Bonnie Michelman, security chief for Massachusetts General Hospital, discusses making the security business case to executives.
-
(ISC)2 chief on CISSP test transparency, criticism
(ISC)2 Executive Director Hord Tipton on why a CISSP cert is still valuable, CISSP test transparency and the board of directors election process.
-
Realities of dealing with Web app security flaws
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them.
-
Granado on the benefits of pen testing, human hacking
Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well.
-
Black Hat 2011: SSL is broken, researcher says
Configuration issues and other errors mire the SSL implementations of thousands of legitimate websites, according to research conducted by SSL Labs, a research arm of Qualys Inc.
-
Black Hat 2011: Database threats and mitigations
Databases have come under increased attacks in recent months from hacktivist groups and cybercriminals. Learn how to apply the appropriate security technologies to defend your database.
-
Black Hat: Android attacks and smartphone privacy leaks
Neil Daswani and his team demonstrated a drive-by attack on an Android smartphone and discussed behavioral analysis of more than 10,000 Android applications.
-
Black Hat 2011: SIM rule maker on attacks and defenses
LogRhythm Labs explains their new rules for the vendor’s SIM appliances.
-
Attack vectors, vulnerabilities and malware analysis
Rodrigo Branco talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals work.
-
Dan Guido on penetration testing; intrusion analysis
The iSec Partners consultant talks about his penetration testing courses at NYU, his research on intrusion analysis and rethinking intrusion defense.
-
Don Bailey on mobile device threats, security policy
In this video, researcher Don Bailey of iSec Partners discusses the myriad threats facing corporate mobile devices, and how to stop them.
-
IT patch management best practices
This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes.
-
Interpreting PCI encryption, virtualization guidelines
Get expert advice on understanding the PCI encryption requirements and virtualization guidance in this video.
-
Enterprise encryption strategy: The path to encryption
This primer on enterprise encryption strategy covers use cases for various devices and data types, and offers strategies for simple data encryption.
-
Marcus Ranum on cyberwar
Network security expert Marcus Ranum explains why he believes cyberwarfare is only a tool for powerful nation states and discusses how Stuxnet supports his premise.