Features

Features

• Ensure that legal responsibilities are clear -- Especially when trouble strikes

  Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp.  Continue Reading

• SearchSecurity.com's Checklist Library

  A round up of our security checklists.  Continue Reading

• Good relationship management skills

  Author Charles Cresson Wood outlines the importance of good relationship management skills in this excerpt from 'Information Security Roles and Responsibilities Made Easy.'  Continue Reading

• Demonstrated good judgement

   Continue Reading

• Ability to see the big picture

   Continue Reading

• Ability to work independently

  This book chapter covers the qualifications of an information security manager who is able to work independently.  Continue Reading

• Commitment to staying on top of the technology

   Continue Reading

• Honesty and high-integrity character

   Continue Reading

• Basic familiarity with information security technology

   Continue Reading

• Ability to manage many important projects simultaneously

   Continue Reading

• Familiarity with information security management

   Continue Reading

• Ability to resolve conflicts between security and business objectives

   Continue Reading

• A certain amount of polish

   Continue Reading

• Real world hands-on experience

   Continue Reading

• Excellent communication skills

   Continue Reading

• Tolerance for ambiguity and uncertainty

   Continue Reading

• Personal qualifications of an information security manager

  Charles Cresson Wood outlines the personal qualifications every information security manager should possess in this excerpt from Information Security Roles and Responsibilities Made Easy.  Continue Reading

• Information security policies: Distinct from guidelines and standards

  Information security policies differ from both standards and guidelines. In this excerpt from Information Security Policies Made Easy, author Charles Cresson Wood explains what policies are, and how they differ from standards and guidelines.  Continue Reading

• Passive fingerprinting: Applications and prevention

  In this excerpt from the book Silence on the Wire, author Michal Zalewski discusses both malicious and beneficial uses for passive fingerprinting, and how to prevent successful passive fingerprinting on your network.  Continue Reading

• Good advice, great people

  Security experts offer the best advice they've received about how to do their job.  Continue Reading

• Continuing education options, part 2: A new and improved way to submit (ISC)2 CPEs

  An overview of (ISC)2's CPE Submission Program, including how to submit CPEs and the benefits of Trusted CPE Provider Submissions.  Continue Reading

• How to tackle VoIP security risks

  In this excerpt from Chapter 7 of "VoIP Security," authors James F. Ransome and John Rittinghouse introduce VoIP security risks and offer a strategy for addressing them.  Continue Reading

• Incident response process brings ROI and peace of mind

  In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.  Continue Reading

• Combining technology and social engineering: Hacking behind bars

  In this excerpt from Chapter 11 of "The Art of Deception: Controlling the Human Element of Security," authors Kevin Mitnick and William L. Simon begin a story that shows how social engineering can be used with technology.  Continue Reading

• Security's role in mergers and acquisitions

  In this excerpt of Chapter 3 from "Mergers and Acquisitions Security," authors Edward Halibozek and Gerald Kovacich discuss the responsibilities of the security department during a merger or acquisition.  Continue Reading

• Crypto basics: VPNs

  In this excerpt of Chapter 3 from "Cryptography for Dummies," author Chey Cobb explains how virtual private networks (VPNs) use encryption to secure data in transit.  Continue Reading

• If he had just paid the rent

  In this excerpt of Chapter 3 from "High-Tech Crimes Revealed," author Steven Branigan introduces "Wesley" and the incidents that led to a computer forensics investigation.  Continue Reading

• How to avoid phishing hooks: A checklist for your end users

  Checklist of basic recommendations to share with your end users to teach them how to avoid phishing schemes.  Continue Reading

• 'Black Book' offers tidbits, but not worth keeping

  Information Security magazine reviews "The Black Book on Corporate Security," published by Larstan Publishing.  Continue Reading

• More from SearchSecurity -- July 2005

   Continue Reading

• Know your enemy: Why your Web site is at risk, Part 2

  Guest instructor Michael Cobb continues his discussion of Web site threats and who is behind them.  Continue Reading

• Spyware removal checklist

  A step-by-step guide on how to remove spyware using antispyware tools including Spybot -- Search and Destroy, and HijackThis.  Continue Reading

• Know your enemy: Why your Web site is at risk

  In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them.  Continue Reading

• Web Security School Entrance Exam Answers

  Web Security School Entrance Exam Answers  Continue Reading

• Entrance exam: Web attack prevention and defense

  Test your knowledge of Web security to see if you'd benefit from our Intrusion Defense School lesson, "Web attack prevention and defense."  Continue Reading

• Developer's active content delivery checklist

  Rules for developing secure dynamic content for an IIS Web server.  Continue Reading

• Quiz: Secure Web directories and development, answer No. 2

  Quiz: Secure Web directories and development, answer No. 2  Continue Reading

• Quiz: Secure Web directories and development, answer No. 1

  Quiz: Secure Web directories and development, answer No. 1  Continue Reading

• Quiz: Secure Web directories and development, answer No. 5

  Quiz: Secure Web directories and development, answer No. 5  Continue Reading

• Quiz: Secure Web directories and development, answer No. 3

  Quiz: Secure Web directories and development, answer No. 3  Continue Reading

• Quiz: Secure Web directories and development

  Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management.  Continue Reading

• Quiz: Secure Web directories and development, answer No. 4

  Quiz: Secure Web directories and development, answer No. 4  Continue Reading

• Life at the edge part 4: When things go wrong

  A checklist and other hints to protect your Web servers from a worst-case scenario.  Continue Reading

• Web Security School Lesson 3

  In Lesson 3 of Web Security School, Michael Cobb teaches you how to plan and implement Web directory structures and permissions, and manage secure Web development. Also, a primer on secure coding and data management, and procedures for combating Web...  Continue Reading

• Web Security School Lesson 1

  Learn how to plan and perform a secure installation of your Web server's operating system and services.  Continue Reading

• Top tools for testing your online security, part 2

  Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources.  Continue Reading

• Top tools for testing your online security

  Learn a structured approach for Web security that can make your security management tasks easier and increase your chances of success.  Continue Reading

• Web Security School Lesson 2

  In Lesson 2 of Web Security School, guest instructor Michael Cobb explains what to expect and look for when analyzing an attack on your Web server.  Continue Reading

• Quiz: Identify and analyze Web server attacks, answer No. 4

  Quiz: Identify and analyze Web server attacks, answer No. 4  Continue Reading

• Quiz: Identify and analyze Web server attacks, answer No. 5

  Quiz: Identify and analyze Web server attacks, answer No. 5  Continue Reading

• Quiz: Identify and analyze Web server attacks, answer No. 2

  Quiz: Identify and analyze Web server attacks, answer No. 2  Continue Reading

• Quiz: Identify and analyze Web server attacks

  Test your knowledge of the material covered in the "Identify and analyze Web server attacks" section of Intrusion Defense School.  Continue Reading

• Lesson 2 Quiz, Answer No. 1

  Lesson 2 Quiz, Answer No. 1  Continue Reading

• Quiz: Identify and analyze Web server attacks, answer No. 3

  Quiz: Identify and analyze Web server attacks, answer No. 3  Continue Reading

• Lesson 1 Quiz, Answer No. 4

  Lesson 1 Quiz, Answer No. 4  Continue Reading

• Lesson 1 Quiz, Answer No. 5

  Lesson 1 Quiz, Answer No. 5  Continue Reading

• Lesson 1 Quiz, Answer No. 3

  Lesson 1 Quiz, Answer No. 3  Continue Reading

• Quiz: Web attack prevention and defense

  Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server.  Continue Reading

• Lesson 1 Quiz, Answer No. 2

  Lesson 1 Quiz, Answer No. 2  Continue Reading

• Lesson 1 Quiz, Answer No. 1

  Web Security School: Lesson 1 Quiz, Answer No. 1  Continue Reading

• How to use SMTP relay service to keep spammers away from Exchange Server

  Learn how to use the IIS SMTP mail relay service to prevent spammers from directly interacting with your Microsoft Exchange Server.  Continue Reading

• Avoid phishing with e-mail authentication: Sender ID

  Learn how Sender ID provides e-mail authentication and helps organizations avoid phishing.  Continue Reading

• Avoid phishing with e-mail authentication: DomainKeys

  Learn how DomainKeys authenticate e-mail and can help your organization avoid phishing.  Continue Reading

• Checklist of known IIS vulnerabilities

  Secure your Web server against these vulnerabilities.  Continue Reading

• Avoid phishing with e-mail authentication: The Sender Policy Framework

  Learn how the Sender Policy Framework helps organizations avoid phishing.  Continue Reading

• Helping your organization avoid phishing: E-mail authentication

  In this excerpt from "Phishing: Cutting the Identity Theft Line" by Rachael Lininger and Russell Dean Vines, learn how e-mail authentication helps prevent phishing attacks.  Continue Reading

• Avoid phishing with e-mail authentication: Cisco Identified Internet Mail

  Learn how Cisco Identified Internet Mail authenticates e-mail and helps organizations avoid phishing.  Continue Reading

• Security support from MOM

  Learn how Microsoft Operations Manager supports security in this excerpt from "Hacking Exposed Windows Server 2003."  Continue Reading

• Pitching patch: Shavlik Technologies

   Continue Reading

• Pitching patch: St. Bernard Software

   Continue Reading

• Pitching patch: PatchLink

   Continue Reading

• Pitching patch: RFP bakeoff

  Information Security magazine asked vendors to propose a patch system for a fictional enterprise. Their responses reveal more than just their product spec sheets.  Continue Reading

• Pitching patch: BigFix

   Continue Reading

• Pitching patch: Citadel Software Security

   Continue Reading

• Demand good proposals

   Continue Reading

• Pitching patch: Configuresoft

   Continue Reading

• Pitching patch: Everdream

   Continue Reading

• Robby Ann Hamlin

   Continue Reading

• Pre-CISSP: Options for the security newbie

  Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.  Continue Reading

• Hacking Windows: MSRPC vulnerabilities

  In this book excerpt, learn why attackers are drawn to MSRPC exploits when conducting IIS attacks, and the weaknesses in MSRPC that enterprises struggle to secure.  Continue Reading

• E-mail policies -- A defense against phishing attacks

  In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks.  Continue Reading

• A new era of computer worms: Wireless mobile worms

  In this excerpt of Chapter 9 from "The Art of Computer Virus Research and Defense," author Peter Szor dissects the Cabir worm.  Continue Reading

• The 'ultimate' in virus analysis theory and practice

  Information Security magazine reviews Peter Szor's "The Art of Computer Virus Research and Defense."  Continue Reading

• Dos and don'ts for passing the CISSP exam

  From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.  Continue Reading

• A spammer's weapon: The envelope sender address

  Learn how spammers take advantage of the envelope sender address to avoid a deluge of bounced e-mail.  Continue Reading

• 'Near-perfect' security guide for execs

  Information Security magazine calls this book "a near-perfect executive summary of security challenges and practices."  Continue Reading

• Creating a formal information security program

  This excerpt is from Chapter 3, Developing Your Information Security Program of "Executive Guide to Information Security: Threats, Challenges and Solutions" written by Mark Egan with Tim Mather, and published by Symantec Press.  Continue Reading

• Final Exam / Answer No. 4

  E-mail Security School Final Exam  Continue Reading

• Final Exam / Answer No. 3

  E-mail Security School Final Exam / Answer No. 3  Continue Reading

• Final Exam / Answer No. 1

  E-mail Security School Final Exam / Answer No. 1  Continue Reading

• Rules for tools: Buying the right e-mail security product

  E-mail Security School guest instructor Joel Snyder offers practical advice for purchasing antivirus, antispam and e-mail policy control solutions.  Continue Reading

• Finding the email product with the best policy-based controls

  E-mail Security School guest instructor Joel Snyder offers advice on choosing e-mail security products.  Continue Reading

• How to stop spam and email viruses

  Learn how to protect your enterprise from email viruses and other messaging malware.  Continue Reading

• Filling SMTP gaps -- The secrets to using e-mail standards

  Learn how to use TLS and S/MIME to strengthen your e-mail security.  Continue Reading

• Worst practices in antispam and antivirus defense

  Learn about the worst practices in antispam and antivirus defense and how to stop doing them.  Continue Reading

• Adding email authentication and encryption with S/MIME

  Joel Snyder reviews the encryption and authentication benefits of S/MIMe and how the Secure MIME standard can enhance email security.  Continue Reading

• Identity and Access Management: Provisioning

   Continue Reading

• RootkitRevealer turns root kits' tactics back at them

  A contributor reviews freeware RootkitRevealer from Sysinternals.  Continue Reading

• ID theft and national security

  Check out what some ITKnowledge Exchange members had to say about this controversial issue.  Continue Reading

• Quick policy checklist

  Here's a quick checklist you can run through with your existing or new policy to help make sure you're on the right track.  Continue Reading