SearchSecurity
New & Notable
Manage
Technology checkup with Premise Health CISO Joey Johnson
Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details.
News
OURSA Conference highlights surveillance woes
The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance techniques and the limited scope of search warrants.
News
Keeper teams with Bugcrowd after bug report flap
Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a formal vulnerability disclosure program.
News
Private analytics firm exposed scraped consumer data
News roundup: A misconfigured Amazon S3 bucket led to the exposure of 48 million records collected by a private data analytics firm. Plus, PCI SSC updated its cloud guidelines, and more.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats News
Flawed security in BGP routing causes Amazon incident
A BGP routing security flaw enabled unknown threat actors to steal cryptocurrency by hijacking internet routing and rerouting traffic to a phishing site in Russia.
-
Windows security News
Windows 7 Meltdown patches introduce new flaw
A security researcher discovered the recent Windows Meltdown patches may fix the Intel flaws, but also introduced a more severe vulnerability in some versions of Windows.
-
PCI DSS News
Risk & Repeat: Does PCI DSS compliance matter?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.
-
Encryption technology News
IBM researchers pump up blockchain, crypto
At IBM's Think conference, Big Blue researchers discussed new security-centric projects around blockchain databases, crypto anchors and quantum-resilient encryption.
-
Security industry trends News
Risk & Repeat: What's in the Verizon DBIR this year?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
Find Solutions For Your Project
-
Evaluate
How biometric authentication can replace passwords
Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic.
-
Creative ways to earn CISSP CPEs
-
The time is ripe to implement cybersecurity automation
-
How swatting threats abuse telecommunications
-
-
Problem Solve
What does it take to deliver on the 'zero trust' promise?
The zero-trust model takes focused and sustained effort, but promises to improve most companies' risk posture. Learn what it takes to get the most out of zero trust.
-
How many revisions make for a good code review?
-
House IT staff investigation raises security concerns
-
Are new VPN vulnerabilities a concern for enterprises?
-
-
Manage
How a DNS rebinding attack could have pwned Blizzard
A Blizzard DNS rebinding flaw could have put users of its online PC games at risk of attack. Expert Michael Cobb explains how a DNS rebinding attack works and what to do about it.
-
Cloud security threats in 2018: Get ahead of the storm
-
The many hats of hardware hacker Joe Grand
-
Technology checkup with Premise Health CISO Joey Johnson
-
-
E-Handbook | April 2018
Cyber-risk strategies and models for a post-perimeter age
Download -
E-Zine | April 2018
Cloud security threats in 2018: Get ahead of the storm
Download -
E-Handbook | March 2018
The time is ripe to implement cybersecurity automation
Download -
E-Handbook | February 2018
Mobile security trends point to unifying policy and tools
Download -
E-Zine | February 2018
Cybersecurity roadmap: What's driving CISOs' agendas for 2018
Download
Information Security Basics
-
Get Started
Common Body of Knowledge (CBK)
In security, Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices.
-
Get Started
Metamorphic virus
A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.
-
Get Started
vulnerability assessment (vulnerability analysis)
A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary ...
Multimedia
Vendor Resources
- How to Secure Complex Cloud Environments and Reduce Costs With Sophos UTM on ... –White Paper
- Gain an Edge with Cloud Security –White Paper
- The Future of Cyber Security –White Paper
Blog: Security Bytes
-
CrowdStrike unveils Meltdown exploit in unusual fashion
At RSA Conference 2018, CrowdStrike demonstrated a new Meltdown exploit that can harvest sensitive data such as passwords even on systems that are patched.Continue Reading
-
FedRAMP security requirements put a premium on automation
Matt Goodrich, director for the Federal Risk and Authorization Management Program, detailed FedRAMP security requirements and automation at RSA's Cloud Security Alliance Summit.Continue Reading
-
More Security Bytes Posts
Privacy protections are needed for government overreach, too
Apple GDPR privacy protection will float everyone's privacy boat
RSA Conference keynotes miss the point of diversity
-
News
View All -
Emerging cyberattacks and threats
Flawed security in BGP routing causes Amazon incident
A BGP routing security flaw enabled unknown threat actors to steal cryptocurrency by hijacking internet routing and rerouting traffic to a phishing site in Russia.
-
Social media security risks
Rachel Tobac talks social engineering and being politely paranoid
Rachel Tobac discusses how to train employees to avoid social engineering attacks and how individuals can keep themselves safe with awareness and by being 'politely paranoid.'
-
Web authentication and access control
With network perimeters changing, are firewalls obsolete?
As network perimeter security grows less practical, Akamai talks at RSA Conference about moving beyond firewalls to improve authentication with a zero-trust model.
SearchSecurity Definitions
- Common Body of Knowledge (CBK)
- Metamorphic virus
- vulnerability assessment (vulnerability analysis)
- cyberextortion
- Cybercrime
- National Security Agency (NSA)
- unified threat management (UTM)
- federated identity management (FIM)