Manage

Manage

Learn to apply best practices and optimize your operations.

• 8 benefits of a security operations center

  A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. Here are eight SOC benefits to consider. Continue Reading

• identity management (ID management)

  Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources. Continue Reading

• 10 tips for building a next-generation SOC

  Check out 10 tips to help build a next-generation security operations center with the integrated tools to free security analysts to get ahead of and respond to threats fast. Continue Reading

• Pair cyber insurance, risk mitigation to manage cyber-risk

  The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading

• Note these 5 security operations center best practices

  Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives. Continue Reading

• 7 key cybersecurity metrics for the board and how to present them

  Learn how to present important cybersecurity metrics for the board to ensure that business leaders understand that money allocated to security is money well spent.Continue Reading

• Red team vs. blue team vs. purple team: What's the difference?

  Red team-blue team exercises simulate attacks on enterprise networks. What does each team do? Where do purple teams fit in? Find out here.Continue Reading

• Cybersecurity communication key to addressing risk

  As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged.Continue Reading

• Cybersecurity for remote workers: Lessons from the front

  Tackle the security challenges COVID-19 wrought by using this playbook from an experienced disaster-zone responder.Continue Reading

• COVID-19 cybersecurity data shows rising risk during remote pivot

  When enterprises quickly pivoted to remote work during the pandemic, it prompted a wave of new threats while also widening existing gaps in cybersecurity postures.Continue Reading

• AI cybersecurity raises analytics' accuracy, usability

  Continue Reading

• The need for independent cybersecurity solutions testing

  Rohit Dhamankar suggests implementing standardized testing of cybersecurity providers, like MSSPs and MDRs, to help companies better understand the services they're getting from each.Continue Reading

• incident response

  Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.Continue Reading

• For cybersecurity training, positive reinforcement is best

  Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive reinforcement is the best way to get results.Continue Reading

• Identify and prepare for 5G security issues

  A key 5G security issue is that vulnerabilities are still being researched and identified. Learn more about the known 5G network security risks and how to mitigate them.Continue Reading

• Planning a zero-trust strategy in 6 steps

  Launch a zero-trust strategy in six steps. Learn how to form a dedicated team, ask questions about existing security controls and evaluate the priority of zero-trust initiatives.Continue Reading

• Cybersecurity budget relies on planning and negotiation

  Experts from Gartner and Forrester discuss how successful cybersecurity budgeting during these uncertain times requires planning, research and negotiation.Continue Reading

• For Cybersecurity Awareness Month, learn about emerging risks

  Tami Hudson examines why leaders should use October to educate themselves and their companies around the latest attacks bad actors are implementing and where to prioritize investment.Continue Reading

• 3 common election security vulnerabilities pros should know

  Election security remains top of mind for many right now, with Nabil Hannan discussing vulnerabilities like remote breaches, new attack surfaces and poor current controls.Continue Reading

• How to improve cybersecurity for the workforce of the future

  Many organizations continue to have employees work from home, but they haven't always hardened their cybersecurity efforts alongside this move to better protect employees and data.Continue Reading

• Cybersecurity team structure stronger with 3 new roles

  Having the right cybersecurity team in place can help reduce how long it takes to control threats. Consider adding cloud security, third-party risk and digital ethics specialists.Continue Reading

• Cybersecurity governance: A path to cyber maturity

  All organizations need cybersecurity governance programs so that every employee understands and is aware of cybersecurity mitigation efforts to reduce cyber risks.Continue Reading

• 7 SOC automation use cases to augment security operations

  Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs.Continue Reading

• Inclusive job descriptions key for infosec hiring

  When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start.Continue Reading

• Federal Information Security Management Act (FISMA)

  The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and security standards to protect government information, operations and assets.Continue Reading

• Top 4 firewall-as-a-service security features and benefits

  Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS.Continue Reading

• How to protect companies from business email compromise

  Research shows that business email compromise attacks continue to proliferate as threat actors continue to see success. Here are a few ways to protect your company.Continue Reading

• Combination of new, old tech driving remote access security

  The massive shift to home-based workforces left IT vulnerable to unexpected threats, but organizations are combining old and new strategies to maintain remote access security.Continue Reading

• Manage unsuccessful login attempts with account lockout policy

  Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to prevent credential-based attacks.Continue Reading

• Inclusivity a crucial step beyond diversity in cybersecurity

  Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well.Continue Reading

• The 7 elements of an enterprise cybersecurity culture

  An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks.Continue Reading

• Identify common cybersecurity problems with fresh approach

  It pays to expect the unexpected in information security. In this webinar, learn how starting with a blank slate helps identify and mitigate common cybersecurity problems.Continue Reading

• Develop internal cybersecurity talent to build your dream team

  Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development.Continue Reading

• 10 tips for cybersecurity awareness programs in uncertain times

  Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you.Continue Reading

• Cybersecurity education for employees: Learn what works

  Continue Reading

• 8 video conferencing security and privacy best practices

  Video conferencing tools are a remote worker's lifeline. As such, it is essential to maintain their security. These eight best practices will help ensure secure, private video-enabled meetings.Continue Reading

• How to shift from DevOps to DevSecOps

  A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps.Continue Reading

• Security issues with working remotely (and how to fix them)

  With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely.Continue Reading

• How IAM systems support compliance

  IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise.Continue Reading

• Invest in new security talent with cybersecurity mentorships

  Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must.Continue Reading

• 6 key identity and access management benefits

  Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework.Continue Reading

• How to protect workloads using a zero-trust security model

  Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization.Continue Reading

• 3 key identity management tips to streamline workflows

  Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started.Continue Reading

• How to ensure security for 3 types of digital identity

  Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how.Continue Reading

• A case for both cybersecurity detection and prevention tools

  Companies need both detection and prevention cybersecurity tools to effectively keep data and employees safe from attackers. Just one or the other isn't enough.Continue Reading

• How to build an effective IAM architecture

  Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization.Continue Reading

• 4 essential identity and access management best practices

  Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program.Continue Reading

• How to fortify IoT access control to improve cybersecurity

  Security technology is still playing catch-up with the new risks and attack vectors associated with IoT. Learn how to improve IoT access control and identity management here.Continue Reading

• 12 Microsoft 365 security best practices to secure the suite

  Migrating to or operating cloud-based Microsoft 365 can bring with it a host of problems and misconfigurations. Check out 12 best practices to tighten Microsoft 365 security.Continue Reading

• How security testing could change after COVID-19

  As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT.Continue Reading

• How to get actionable threat intelligence from tech tools

  Even advanced threat intelligence tools can't do it all alone. Learn what it takes to parse actionable insights from the information that threat intelligence feeds gather.Continue Reading

• AI threat intelligence is the future, and the future is now

  Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works.Continue Reading

• Uncover and overcome cloud threat hunting obstacles

  You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them.Continue Reading

• IT and security teams collide as companies work from home

  The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security.Continue Reading

• Advance your security operations center with AI

  Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes.Continue Reading

• Identifying common Microsoft 365 security misconfigurations

  Microsoft 365 security problems can double the time it takes to contain a breach, according to a new survey. Check out best practices and operational strategies to fix them.Continue Reading

• Why nation-state cyberattacks must be top of mind for CISOs

  Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why.Continue Reading

• One security framework may be key to cyber effectiveness

  The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations.Continue Reading

• CISO stress and burnout cause high churn rate

  The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work.Continue Reading

• The state of cybersecurity risk: Detection and mitigation

  Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading

• Why CISOs need advanced network security strategies now

  Continue Reading

• SSL certificate best practices for 2020 and beyond

  SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more.Continue Reading

• Zero-trust management challenges outweighed by benefits

  The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises.Continue Reading

• Use an IoT security architecture to protect networks end to end

  Organizations can reap benefits from IoT technology but only if it is properly secured. Learn the components of IoT network architecture and the unique security considerations of each.Continue Reading

• Building security, privacy and trust in IoT deployments

  The T in IoT doesn't stand for trust, but it's a critical component of any IoT deployment. Follow the AEIOU vowel framework for an actionable blueprint of building trust in IoT.Continue Reading

• Skill building is key to furthering gender diversity in tech

  Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent.Continue Reading

• Employ AI for cybersecurity, reap strong defenses faster

  The cyber arms race is never-ending. Learn how to prevail over advanced attacks by putting the latest intelligent technology to service in your cybersecurity program.Continue Reading

• Using AIOps for cybersecurity and better threat response

  AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways.Continue Reading

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program.Continue Reading

• How to implement zero-trust security with real-life examples

  Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work.Continue Reading

• Best practices for threat modeling service mesh, microservices

  In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods.Continue Reading

• How to implement a strong COVID-19 cybersecurity plan

  Cybercriminals aren't slowing down during the coronavirus pandemic, and neither can your security. Learn what are the biggest threats and how to stop them cold.Continue Reading

• RSA Conference 2020 guide: Highlighting security's human element

  What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.Continue Reading

• 4 tips to ensure secure remote working during COVID-19 pandemic

  Don't let teleworkers compromise your enterprise's security. Follow these tips to ensure secure remote working in the event of a teleworker boom during a pandemic.Continue Reading

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden.Continue Reading

• ITOps security requires attention to training

  Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security.Continue Reading

• Updating the data discovery process in the age of CCPA

  Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR.Continue Reading

• Use this CCPA compliance checklist to get up to speed

  California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist.Continue Reading

• How to secure data at rest, in use and in motion

  With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion.Continue Reading

• Tips for cybersecurity pandemic planning in the workplace

  Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event.Continue Reading

• How to use TODO comments for secure software development

  Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production.Continue Reading

• Windows IIS server hardening checklist

  Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use.Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.Continue Reading

• AI-driven cybersecurity teams are all about human augmentation

  AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them.Continue Reading

• Zero-trust model case study: One CISO's experience

  Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises.Continue Reading

• 4 enterprise database security best practices

  Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices.Continue Reading

• security information and event management (SIEM)

  Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.Continue Reading

• For minimum password length, are 14-character passwords sufficient?

  When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe.Continue Reading

• Data breach costs hit hard; where are you most vulnerable?

  Breaking down the cost of a data breach isn't for the faint of heart. But with millions of dollars on the line for a single event, companies also need to have their eyes wide open.Continue Reading

• CISOs face a range of cybersecurity challenges in 2020

  Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020.Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.Continue Reading

• Fresh thinking on cybersecurity threats for 2020

  It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses.Continue Reading

• Getting the most from cyberthreat intelligence services

  Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy.Continue Reading

• Improve data security in the modern enterprise

  From growing attack surfaces to new regulations, these data security considerations must be on every company's radar.Continue Reading

• Building an effective security operations center framework

  An effective security operations center framework includes more than just monitoring and analysis. AI and machine learning can also play a role.Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified.Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading

• NIST CSF provides guidelines for risk-based cybersecurity

  Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection.Continue Reading

• IT vs. OT security -- and how to get them to work together

  While IT and OT security have historically been separate, the advent of IoT is forcing the two together. Cross-pollinating IT with OT is critical to ensuring IoT security.Continue Reading