Manage
Learn to apply best practices and optimize your operations.
Cloud Data Storage Encryption and Data Protection Best Practices
At Your Service: January 2007 managed services security news
Unified threat management: Fortinet's FortiGate 3600A
Access Management
-
Symantec breach highlights remote management holes
Layer 8: Security managers come into their own
Risk Management: Skybox Security's Skybox View 3.0
Marcus Ranum and Bob Blakley discuss risk management failures
Risk Management: ClearPoint Metrics' Metrics Accelerator 1.1
Deploying DP systems: Four DLP best practices for success
Mobile device management systems help mitigate BYOD risks
-
Mobile application security best practices in a BYOD world
Securing SharePoint: SharePoint security best practices
Removable Storage Security: ControlGuard Access Manager 3.0 review
Configuration Management: FullArmor's FullArmor PolicyPortal
Unified Threat Management Guide for Managers
On The Radar: Preparing for managed security services
At Your Service: August 2006 managed services security news
At Your Service: September 2006 managed services security news
Security Event Management
Instant Messaging: Symantec IM Manager 8.0
Using security information management systems for a posture assessment
At Your Service: October 2006 managed services security news
Unified threat management devices for the enterprise
How to comply with updated NIST incident response guidelines
NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan.Continue Reading
Compliance Guide for Managers
Antispyware / Patch Management
Configuration Management: Configuresoft's Enterprise Configuration Manager v4.7
TriGeo Network Security's TriGeo Security Information Manager 3.0
Hot Pick: Sana Security's Primary Response 3.0
Editor's Desk: An email security guide for managers
nCircle's IP360 Vulnerability Management System product review
Identity Management: Trustgenix's IdentityBridge Standard Edition
Hot Pick: Hercules 4.0 Enterprise Vulnerability Management Suite
E-mail Security Guide for Managers
Digital Rights Management: Microsoft Windows Rights Management Services
Hot Pick: Polivec Compliance Management System 3.7
Perspectives: Walk in management's shoes
Hot Pick: Enterasys's Dynamic Intrusion Response
Configuration Management: St. Bernard Software's SecurityEXPERT 1.0
Security information management review: Security Threat Manager 3.0
PDF download: Information Security magazine October 2012
In this issue, find out who won this year's Readers' Choice Awards. Also learn about threat management best practices and how hacktivists are impacting the threat landscape.Continue Reading
Five tips to improve a threat and vulnerability management program
Utilize these five simple tips from expert Diana Kelley to improve your enterprise's threat and vulnerability management program.Continue Reading
Expert urges security pros to speak out, educate upper management
Security expert Jayson E. Street explains why security pros must learn to communicate effectively to gain trust from management and empower employees.Continue Reading
Threat prevention techniques: Best practices for threat management
A successful threat management program requires effective processes, layered technology and user education.Continue Reading
The hacktivist threat to enterprise security
With their goal of damaging corporate reputations, hacktivists aren't your average cybercriminals.Continue Reading
Big data issues: Big data analytics offers both rewards and risks
Companies are under pressure to take advantage of big data analytics but they should be aware of the risks.Continue Reading
The bolt-on information security trend needs to end
Unless security is viewed as a core function instead of an add-on, we're bound to repeat the mistakes of the past.Continue Reading
Java security problems: Is disabling Java the answer?
In the wake of recent exploits, experts recommend disabling the programming language but that can be tricky in the enterprise.Continue Reading
Malware trends: The rise of cross-platform malware
Security researchers are finding more malware that attacks multiple operating systems.Continue Reading
Network log management on a budget: How to streamline log analysis
Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.Continue Reading
pfSense tutorial: Configure pfSense as an SMB-caliber firewall
Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall.Continue Reading
Formulate a more effective information security incident response plan
In this Hot Type podcast, author Neal McCarthy discusses how enterprises should create and maintain an information security incident response plan.Continue Reading
For Target, retailer's risk management program hinged on executive buy-in
To get executive buy-in, the retailer's risk management program architect had to define success and make sure everyone could speak the same language.Continue Reading
PDF download: Information Security magazine September 2012
In this issue, learn about the pros and cons of cloud-based security services and mobile application security considerations.Continue Reading
A new framework for preventing XSS attacks
Understand how cross-site scripting attacks work and how to prevent them.Continue Reading
Malware analysis tools and techniques failing but researchers aim for improvement
Malware analysis is falling short but some security researchers are working to reverse the trend.Continue Reading
Marcus Ranum chat: The information security metrics dilemma
Security expert Marcus Ranum goes one-on-one with Alex Hutton about the problems with security metric efforts.Continue Reading
Reflections on changing information security trends
Veteran security journalist reminisces about covering the industry and says farewell to TechTarget.Continue Reading
BYOD policy: The costs and potential ROI
Security pros need to understand the total costs and potential ROI of BYOD policies.Continue Reading
Security as a Service: Benefits and risks of cloud-based security
Know the pros and cons to cloud-based security services before making the leap.Continue Reading
Mobile application security best practices in a BYOD world
Mobile applications are proliferating in the enterprise, posing new risks to enterprises and requiring mitigation.Continue Reading
Setting up for BYOD success with enterprise mobile management and mobile application security
Bring your own device is quickly becoming a popular practice and unfortunately, it's often misused. Access this informative e-zine to learn more about protection and mobile management. Find out how mobility is really changing the enterprise and what...Continue Reading
Deep dive into authentication methods and best practices
Is your token authentication vulnerable to exploit or attack? In this handbook, discover how to lock down two-factor authentication methods in the enterprise. Then, we look at authentication methods such as two-factor tokens, biometrics and ...Continue Reading
Is IDaaS viable for a hybrid enterprise identity management system?
Is IDaaS a wise choice for managing access to cloud and on-premise systems? Randall Gamby discusses hybrid identity management systems.Continue Reading
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Continue Reading
How to manage feedback in the compliance review process
The compliance review process can be complicated, especially when getting input from others. Mike Chapple offers advice to streamline the process.Continue Reading
Do I need GRC or compliance management software?
Is it necessary to purchase pricey GRC or compliance management software to meet PCI DSS and HIPAA compliance requirements? Mike Chapple discusses.Continue Reading
Firewall security best practices: Get firewall network security advice
Get to know your firewall inside and out with this compilation of resources on firewall vulnerabilities, configuration and more.Continue Reading
Survey: Firewall rules sprawl makes firewall policy management a mess
Bloated firewall rules are making security unmanageable and audits a nightmare, according to a survey by firewall management vendor Athena.Continue Reading
PDF download: Information Security magazine July/August 2012
In this issue, learn pen testing best practices and how to build an internal pen testing team.Continue Reading
Extended enterprise poses identity and access management challenges
Cloud and distributed computing have caused many enterprise IAM challenges. Eve Maler details how Forrester's Zero Trust model can help.Continue Reading
How to pen test: Why you need an internal security pen testing program
Learn pen testing best practices and how to build an internal pen testing team.Continue Reading
Big data security analytics: Harnessing new tools for better security
New techniques are emerging to help organizations analyze security data and improve security defenses.Continue Reading
Securing SharePoint: SharePoint security best practices
SharePoint has become ubiquitous in the enterprise, but organizations can overlook security. Learn SharePoint security best practices in this article.Continue Reading
Three steps for securing SharePoint
Restricting user permissions, server hardening and dedicated service accounts are critical.Continue Reading
Talk of cyberwarfare threats heats up with Flame malware
Experts say malware toolkit isn’t unique, but warn of cyberweapons falling into the wrong hands.Continue Reading
Gary McGraw on mobile security: It’s all about mobile software security
Mobile systems have a lot of moving parts, but securing them is as simple as practicing software security.Continue Reading
Cyberspace protection requires government collaboration with industry
Government and private sector collaboration is critical to surviving in cybespace.Continue Reading
LinkedIn password leak: Lessons to be learned from LinkedIn breach
Breach at the professional networking site highlights password practices, storage procedures.Continue Reading
Network Forensics: Tracking Hackers through Cyberspace
Authors Sherri Davidoff and Jonathan Ham discuss the benefits of Web proxies and caching for forensic analysts in this chapter excerpt from their co-authored book, Network Forensics: Tracking Hackers through Cyberspace.Continue Reading
CISO responsibilities: Commit senior management to security governance
A CISO’s responsibilities must include convincing executives to take an active role in security governance. Expert Ernie Hayden explains how.Continue Reading
UGNazi hacker group claims responsibility for Twitter outage
Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame.Continue Reading
Diagram outside firm role early in security incident response process
Expert Nick Lewis provides criteria for selecting outside incident response firms and how to define security incident response process needs early on.Continue Reading
PCI compliance in the cloud: Can cloud service providers manage PCI?
PCI compliance in the cloud is controversial, so can a company really trust cloud service providers to manage their PCI DSS compliance?Continue Reading
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.'Continue Reading
PDF download: Information Security magazine June 2012
In this issue, learn how organizations are overcoming challenges in sharing cyberthreat information.Continue Reading
Secure remote access best practices: Guidelines for the enterprise
Remote access threats are on the rise. Use expert Randall Gamby's secure remote access best practices to help users make good security decisions.Continue Reading
MDM architecture considerations for enterprise identity management
Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture.Continue Reading
SCIM identity management and SCIM provisioning options
SCIM identity management and identity provisioning have increased in their implementation. Learn how a company can assess these technology options.Continue Reading
Password compliance and password management for PCI DSS
Can poor password management lead to PCI DSS non-compliance? Mike Chapple outlines key password compliance best practices.Continue Reading
Cybersecurity information sharing initiatives on the rise
Businesses and government agencies work to improve sharing of cyberthreat information.Continue Reading
Challenges with data protection in the cloud
Capabilities such as encryption and DLP can be complicated in the cloud.Continue Reading
Security information management systems and application monitoring
SIMs aren’t just for network monitoring anymore.Continue Reading
CISPA cybersecurity legislation wins industry support
Legislation designed to provide the federal government with threat data from the private sector gains steam.Continue Reading
Reporter notebook: SCADA security, Oracle vulnerability, SQL Slammer
Reflections on the ICS CERT alert, Oracle’s handling of a zero-day and more.Continue Reading
Marcus Ranum chat: Software development practices and security
Security expert Marcus Ranum talks with Brian Chess, formerly of HP, about coding practices and security.Continue Reading
Information security threats: Building risk resilience
Enterprises need an agile risk management strategy to deal with today’s evolving threats.Continue Reading
Division of CISO responsibilities may prevent burnout
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.Continue Reading
Securely implement and configure SSL to ward off SSL vulnerabilities
Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely.Continue Reading
BeyondTrust acquires eEye Digital Security for vulnerability management
Analysts say eEye’s vulnerability and configuration management capabilities are a good fit with BeyondTrust’s privilege management and AD integration.Continue Reading