September 2011

• September 30, 2011 30 Sep'11

  Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention

  The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response.  Continue Reading

• September 30, 2011 30 Sep'11

  How to avoid VoIP security risks: Forrester’s six-step process

  If left unprotected, VoIP security risks pose a threat to corporate data. Learn how to secure VoIP systems with Forrester’s six-step process.  Continue Reading

• September 30, 2011 30 Sep'11

  Malware on a Mac: How to implement a Mac antimalware program

  Learn how to create a Mac security program at your enterprise, before the amount of Apple platform malware reaches critical mass.  Continue Reading

• September 29, 2011 29 Sep'11

  Symmetric key encryption algorithms and hash function cryptography united

  Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques.  Continue Reading

• September 28, 2011 28 Sep'11

  Verizon PCI report finds firms struggling to maintain compliance

  Many businesses struggle to maintain PCI DSS compliance, suggesting meeting the standard is a goal rather than an ongoing initiative, according to a new report from Verizon Business.  Continue Reading

• September 28, 2011 28 Sep'11

  Vulnerability management program has unexpected benefits

  Security 7 Award winner, Brian Wishnousky of Rogers Communications explains how to get the best actionable data from a vulnerability management program to fill patching gaps and uncover rogue devices.  Continue Reading

• September 28, 2011 28 Sep'11

  Emergency tabletop exercises enable effective crisis planning

  Emergency tabletop exercises with real-world scenarios enable effective crisis planning, incident response and disaster recovery. Security 7 Award winner, Matthew Todd of Financial Engines explores the key components of effective tabletop disaster ...  Continue Reading

• September 28, 2011 28 Sep'11

  Security awareness programs require engagement and attentiveness

  Security 7 Award winner, Christopher Paidhrin of Southwest Washington Medical Center explains why a security awareness training program can’t be successful without the engagement of employees.  Continue Reading

• September 28, 2011 28 Sep'11

  National cybersecurity requires improved communication

  Better information sharing between the government and private industry will be a foundation for improved national cybersecurity efforts. Rep. Jim Langevin (D-RI) explains the role government needs to have in fostering improved communication between ...  Continue Reading

• September 28, 2011 28 Sep'11

  Computer security education shouldn't be limited to tech pros

  Security 7 Award winner, Douglas Jacobson of Iowa State University explains why tackling today’s threats requires computer security education for the general public.  Continue Reading

• September 28, 2011 28 Sep'11

  Secure online payment system requires end-to-end encryption

  The online payment ecosystem is a prime target for cybercriminals. Security 7 Award winner, Steven Elefant, formerly of Heartland Payment Systems, explains why end-to-end encryption is needed to maintain the integrity of transactions carried out ...  Continue Reading

• September 27, 2011 27 Sep'11

  Cigital BSIMM 3 study provides software security metrics data

  The third iteration of the widely acclaimed Building Security in Maturity Model documents software security initiatives at 42 enterprises.  Continue Reading

• September 27, 2011 27 Sep'11

  Security B-Sides conferences: Hub of collaboration

  Security B-Sides conferences have expanded the confines of traditional security conferences. From unique venues to the insistence that attendees participate, founders Mike Dahn, Jack Daniel and Chris Nickerson explain how these events have broken ...  Continue Reading

• September 26, 2011 26 Sep'11

  Remediating IT vulnerabilities: Quick hits for risk prioritization

  There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization.  Continue Reading

• September 26, 2011 26 Sep'11

  How to prevent phishing attacks: User awareness and training

  In this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put a dent in phishers’ attempts at spear phishing.  Continue Reading

• September 26, 2011 26 Sep'11

  Monitoring your trusted insiders

  How much have you learned about monitoring your privileged insiders? Test your knowledge in this short quiz.  Continue Reading

• September 26, 2011 26 Sep'11

  Quiz: Monitoring your trusted insiders

  How much have you learned about monitoring your privileged insiders? Test your knowledge in this short quiz.  Continue Reading

• September 23, 2011 23 Sep'11

  Antimalware product suites: Understanding capabilities and limitations

  Traditional antivirus tools have matured into multi-featured antimalware suites. Here’s what you should know when shopping for endpoint protection.  Continue Reading

• September 23, 2011 23 Sep'11

  Determining the value of infosec certifications

  An InfoSec Leaders survey examines the impact of different certs on the security profession.  Continue Reading

• September 23, 2011 23 Sep'11

  Breaches prompt call for certificate authority architecture alternatives

  The breaches of certificate authorities fuel renewed debate for Internet security alternatives.  Continue Reading