Manage

Manage

Learn to apply best practices and optimize your operations.

• Skill building is key to furthering gender diversity in tech

  Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent. Continue Reading

• 8 tips to ensure enterprise video conferencing security and privacy

  Video conferencing tools are a remote worker's lifeline. As such, it is essential to maintain their security. These eight best practices will help ensure secure, private video-enabled meetings. Continue Reading

• Employ AI for cybersecurity, reap strong defenses faster

  The cyber arms race is never-ending. Learn how to prevail over advanced attacks by putting the latest intelligent technology to service in your cybersecurity program. Continue Reading

• Using AIOps for cybersecurity and better threat response

  AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways. Continue Reading

• Certified Information Security Manager (CISM)

  Certified Information Security Manager (CISM) is an advanced certification which indicates that an individual possesses the knowledge and experience required to develop and manage an enterprise information security (infosec) program. Continue Reading

• Shifting security left: How to pivot from DevOps to DevSecOps

  A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps.Continue Reading

• How to implement zero-trust security, from people who did it

  Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work.Continue Reading

• Best practices for threat modeling service mesh, microservices

  In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods.Continue Reading

• How to implement a strong COVID-19 cybersecurity plan

  Cybercriminals aren't slowing down during the coronavirus pandemic, and neither can your security. Learn what are the biggest threats and how to stop them cold.Continue Reading

• RSA Conference 2020 guide: Highlighting security's human element

  What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.Continue Reading

• 4 tips to ensure secure remote working during COVID-19 pandemic

  Don't let teleworkers compromise your enterprise's security. Follow these tips to ensure secure remote working in the event of a teleworker boom during a pandemic.Continue Reading

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden.Continue Reading

• ITOps security requires attention to training

  Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security.Continue Reading

• Updating the data discovery process in the age of CCPA

  Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR.Continue Reading

• Use this CCPA compliance checklist to get up to speed

  California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist.Continue Reading

• Best practices to secure data at rest, in use and in motion

  With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion.Continue Reading

• Tips for cybersecurity pandemic planning in the workplace

  Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event.Continue Reading

• Use TODO comments for secure software, development to production

  Security is often considered a software development burden, despite its importance. Learn app developer tricks to ensure security controls make it from development to production.Continue Reading

• Windows IIS server hardening checklist

  Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use.Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.Continue Reading

• AI-driven cybersecurity teams are all about human augmentation

  AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them.Continue Reading

• Even with a roadmap, zero-trust model an ongoing process

  Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises.Continue Reading

• What should I protect with a zero-trust architecture?

  Never trust, always verify. Learn how to implement a zero-trust architecture to help manage risk and protect IT workloads at your organization.Continue Reading

• 4 enterprise database security best practices

  Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices.Continue Reading

• For minimum password length, are 14-character passwords sufficient?

  When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe.Continue Reading

• security information and event management (SIEM)

  Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.Continue Reading

• Data breach costs hit hard; where are you most vulnerable?

  Breaking down the cost of a data breach isn't for the faint of heart. But with millions of dollars on the line for a single event, companies also need to have their eyes wide open.Continue Reading

• CISOs face a range of cybersecurity challenges in 2020

  Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020.Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.Continue Reading

• Fresh thinking on cybersecurity threats for 2020

  It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses.Continue Reading

• Getting the most from cyberthreat intelligence services

  Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy.Continue Reading

• Improve data security in the modern enterprise

  From growing attack surfaces to new regulations, these data security considerations must be on every company's radar.Continue Reading

• Building an effective security operations center framework

  An effective security operations center framework includes more than just monitoring and analysis. AI and machine learning can also play a role.Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified.Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading

• NIST CSF provides guidelines for risk-based cybersecurity

  Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection.Continue Reading

• IT vs. OT security -- and how to get them to work together

  While IT and OT security have historically been separate, the advent of IoT is forcing the two together. Cross-pollinating IT with OT is critical to ensuring IoT security.Continue Reading

• Data breach risk factors, response model, reporting and more

  Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner.Continue Reading

• Perimeterless security still has borders -- and APIs need it

  Many people believe perimeterless security means borders are a thing of the past. But virtual borders secure APIs needed by mobile users and cloud workloads. Check out how to manage them.Continue Reading

• Master IoT and edge computing security challenges

  Edge devices are not necessarily designed with security in mind. Organizations need to think critically about how to approach today's edge computing security challenges.Continue Reading

• What is shellcode and how is it used?

  Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk.Continue Reading

• Ideal DevSecOps strategy requires the right staff and tools

  Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy.Continue Reading

• Use a data privacy framework to keep your information secure

  Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats.Continue Reading

• Best practices to help CISOs prepare for CCPA

  With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations.Continue Reading

• How to prevent port scan attacks

  The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks.Continue Reading

• What are best practices for a modern threat management strategy?

  Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both.Continue Reading

• How should threat management processes change as risk evolves?

  Advances in security tools are changing threat management processes. Learn how infosec pros are utilizing UTM platforms, AI and threat intelligence services to alleviate risk.Continue Reading

• The network security tools to combat modern threats

  Incorporating new network security tools and methods into your enterprise's infosec program may mean the difference between staying safe or falling victim to an attack.Continue Reading

• What are the top network security techniques for modern companies?

  Protecting the enterprise network remains integral to overall IT security. Here are the top network security techniques enterprises are using to protect data.Continue Reading

• Zero trust is IT security's best hope for effective defense

  The material collected here provides not just an explanation of why you need to adopt the zero-trust model, it serves as detailed guide on moving from adoption to implementation.Continue Reading

• How to use and manage BitLocker encryption

  Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it.Continue Reading

• Raise enterprise network visibility, and security rises too

  The need to improve network visibility has bedeviled IT teams for years. Better tools offer hope but there are privacy and ethical concerns that come with responsible use.Continue Reading

• Boost network security visibility with these 4 technologies

  The network is where it's at if you want to stop malicious actors. But first you need to up your network visibility. Learn about four technologies that can help.Continue Reading

• Build new and old strategies into insider threat management

  The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture.Continue Reading

• A fresh look at enterprise firewall management

  Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization.Continue Reading

• Zero-trust framework creates challenges for app dev

  Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers.Continue Reading

• 3 security and ethics considerations for modern-day CISOs

  Many conversations today revolve around security and ethics. A strong CISO voice is crucial to keeping enterprises safe while embracing this critical cultural awakening.Continue Reading

• Creating and managing a zero-trust security framework

  IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face.Continue Reading

• When cyberthreats are nebulous, how can you plan?

  Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.Continue Reading

• AI threats, understaffed defenses and other cyber nightmares

  Continue Reading

• CISOs, does your incident response plan cover all the bases?

  Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?Continue Reading

• Report shows CISOs, IT unprepared for privacy regulations

  Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?Continue Reading

• Understand the top 4 use cases for AI in cybersecurity

  AI applications in security offers organizations four unique benefits. Learn how machine learning advances can change industry approaches to threat detection and prevention.Continue Reading

• How to address cloud IAM challenges

  Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges.Continue Reading

• Heed 5 security operations center best practices before outsourcing

  Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives.Continue Reading

• DevSecOps model requires security get out of its comfort zone

  Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge.Continue Reading

• Choosing between an SSL/TLS VPN vs. IPsec VPN

  Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here.Continue Reading

• To secure DevOps, break culture and tooling barriers

  The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved.Continue Reading

• Virtual network security measures to thwart access threats

  Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues.Continue Reading

• Your third-party risk management best practices need updating

  Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips.Continue Reading

• Top tips for using the Kali Linux pen testing distribution

  It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman.Continue Reading

• When should I use breach and attack simulation tools?

  Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure.Continue Reading

• Build an agile cybersecurity program with Scrum

  Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams.Continue Reading

• How to use SOAR tools to simplify enterprise infosec programs

  SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users.Continue Reading

• Using DNS RPZ to pump up cybersecurity awareness

  Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites.Continue Reading

• How to shore up your third-party risk management program

  A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks.Continue Reading

• IT/OT convergence is necessary, desirable, but not so simple

  A secure IT/OT convergence requires a strategy that takes into account compliance requirements and likely threats and recognizes the critical role of people.Continue Reading

• Create a manageable, secure IT/OT convergence strategy in 3 steps

  An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT.Continue Reading

• Tips and tricks to integrate IT and OT teams securely

  IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined.Continue Reading

• What's the role of people in IT/OT security?

  To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures.Continue Reading

• RPA security best practices include access control, system integration

  Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good.Continue Reading

• VMware's internal Service-defined Firewall reimagines firewalling

  VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments.Continue Reading

• Securing IoT involves developers, manufacturers and end users alike

  Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?Continue Reading

• CISO challenges include building credibility within the business

  No matter what comes at them in terms of cybersecurity issues, the main CISO challenge comes down to building credibility as a trustworthy person.Continue Reading

• 5 enterprise patch management best practices

  It might not be the most exciting of responsibilities, but the value of enterprise patch management cannot be denied. Review these best practices to build a smooth patching process.Continue Reading

• Prevent ransomware attacks on cities in perimeterless networks

  City ransomware attacks are disruptive, annoying and potentially life-threatening. In increasingly mobile and perimeterless networks, how can municipalities prevent the risk?Continue Reading

• Fitting cybersecurity frameworks into your security strategy

  Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication.Continue Reading

• IoT cybersecurity: Do third parties leave you exposed?

  IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues.Continue Reading

• Is your identity management up to the task?

  IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle.Continue Reading

• Managing identity and access well unlocks strong security

  Continue Reading

• Tackling IT security awareness training with a county CISO

  A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved.Continue Reading

• How to pass the CISSP exam on your first try: Tips to get a good score

  Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.Continue Reading

• 3 ways to shore up third-party risk management programs

  A new Nemertes research study shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams.Continue Reading

• IoT Cybersecurity Improvement Act calls for deployment standards

  The IoT Cybersecurity Improvement Act would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit.Continue Reading

• Mastercard CTO on cybersecurity and AI integration

  Mastercard CTO Kush Saxena describes his approach to cybersecurity and AI as two-fold. Learn how AI and machine learning impacts the cybersecurity practice in the enterprise.Continue Reading

• Office 365 security challenges and how to solve them

  To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription.Continue Reading

• Boost application security in DevOps with DevSecOps

  Without DevSecOps, application security can end up on the back burner during application development. Learn how DevSecOps can bake security back into the process.Continue Reading