Manage

Data security strategies and governance

• How to implement zero-trust security, from people who did it

  Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work. Continue Reading

• Updating the data discovery process in the age of CCPA

  Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading

• Use this CCPA compliance checklist to get up to speed

  California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist. Continue Reading

• Best practices to secure data at rest, in use and in motion

  With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion. Continue Reading

• What should I protect with a zero-trust architecture?

  Never trust, always verify. Learn how to implement a zero-trust architecture to help manage risk and protect IT workloads at your organization. Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.Continue Reading

• Fresh thinking on cybersecurity threats for 2020

  It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses.Continue Reading

• Getting the most from cyberthreat intelligence services

  Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy.Continue Reading

• Improve data security in the modern enterprise

  From growing attack surfaces to new regulations, these data security considerations must be on every company's radar.Continue Reading

• Building an effective security operations center framework

  An effective security operations center framework includes more than just monitoring and analysis. AI and machine learning can also play a role.Continue Reading

• Data breach risk factors, response model, reporting and more

  Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner.Continue Reading

• Use a data privacy framework to keep your information secure

  Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats.Continue Reading

• What are best practices for a modern threat management strategy?

  Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both.Continue Reading

• How should threat management processes change as risk evolves?

  Advances in security tools are changing threat management processes. Learn how infosec pros are utilizing UTM platforms, AI and threat intelligence services to alleviate risk.Continue Reading

• Zero-trust framework creates challenges for app dev

  Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers.Continue Reading

• When cyberthreats are nebulous, how can you plan?

  Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.Continue Reading

• Report shows CISOs, IT unprepared for privacy regulations

  Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.Continue Reading

• The case for continuous security monitoring

  When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program.Continue Reading

• Top 7 IT security frameworks and standards explained

  Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization.Continue Reading

• identity and access management (IAM)

  Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.Continue Reading

• Key steps to put your zero-trust security plan into action

  There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company.Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.Continue Reading

• How does site isolation defend against Spectre vulnerabilities?

  Spectre exploits how processors manage performance-enhancing features. Expert Michael Cobb explains Google Chrome's initiative to use site isolation as a defense mechanism.Continue Reading

• Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

  New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.Continue Reading

• How to identify and protect high-value data in the enterprise

  Protecting data in the enterprise is a crucial but challenging task. Expert Charles Kao shares key steps and strategies to consider to identify and protect high-value data.Continue Reading

• Cisco's chief privacy officer on the future of data after GDPR

  Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation.Continue Reading

• Cost of data privacy breach may not be enough

  While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook.Continue Reading

• How are logic devices like WAGO PFC200 used by hackers?

  The Department of Homeland Security warned of a vulnerability affecting WAGO PFC200 logic devices. Discover how this flaw enables threat actors with expert Judith Myerson.Continue Reading

• Entropy sources: How do NIST rules impact risk assessments?

  NIST recently released new guidance on entropy sources used for random bit generation. Judith Myerson explains these recommendations and how they alter cryptography principles.Continue Reading

• How to secure bitcoin: What are the best ways to keep it safe?

  As bitcoin's value has steadily increased, so too have cyberattacks on cryptocurrency exchanges and wallets. Michael Cobb explains how to keep your bitcoin secure.Continue Reading

• Protecting safety instrumented systems from malware attacks

  Trisis malware targets safety instrumented systems and puts industrial control systems at risk. Expert Ernie Hayden reviews what to know about SIS and its security measures.Continue Reading

• GDPR breach notification: Time to focus on the requirements

  Some large U.S. companies have been working behind the scenes on GDPR requirements for more than a year, but there's strong evidence that many have not been as diligent.Continue Reading

• Data protection compliance costs less than noncompliance

  Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math.Continue Reading

• Confused deputy: How did the vulnerability affect Slack?

  A major SAML vulnerability was found in Slack that granted expired login credentials permission into the system. Matt Pascucci explains how this 'confused deputy' problem was handled.Continue Reading

• The CISO job seems to be finally getting the credit it's due

  The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities.Continue Reading

• Understanding data manipulation attacks in enterprise security

  When it comes to protecting data, ransomware isn't the only thing that should worry enterprises. Nick Lewis explains the threat of data manipulation attacks and how to stop them.Continue Reading

• What risk do Windows 10 telemetry features pose enterprises?

  Microsoft collects data using Windows 10 telemetry features. Expert Michael Cobb explains what type of data is collected, and whether enterprises need to be worried about it.Continue Reading

• Why data fidelity is crucial for enterprise cybersecurity

  Cybersecurity teams can't be effective if they don't trust their data. Expert Char Sample explains the importance of data fidelity and the threat of cognitive hacking.Continue Reading

• Tactics for security threat analysis tools and better protection

  Threat analysis tools need to be in top form to counter a deluge of deadly security issues. Here are tips for getting the most from your analytics tool.Continue Reading

• Information privacy and security requires a balancing act

  Maintaining information privacy and security seem to be separate challenges, but in reality, each is integral to the other. Expert Kevin Beaver explains how to work toward both.Continue Reading

• Cloud access security brokers: Hard to tell what's real

  Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do ...Continue Reading

• Measuring and Managing Information Risk: A FAIR Approach

  In this excerpt from chapter 13 of Measuring and Managing Information Risk, authors Jack Freund and Jack Jones discuss information security metrics.Continue Reading

• The security pros and cons of using a free FTP tool

  A free FTP tool can help move enterprise files to a managed file transfer service, but there are security factors to consider. Expert Judith Myerson explains what they are.Continue Reading

• Patching and updating applications: How much time should be spent?

  A survey found that half of its respondents perform application updates daily. Expert Michael Cobb explains how to allocate appropriate time on different security controls.Continue Reading

• CISOs face cloud GRC challenges as services take off

  Governance, risk management and compliance goals are tested by the proliferating use of cloud services -- and it's even worse than IT organizations think.Continue Reading

• Cloud governance model still behind services

  A lot of the cloud adoption in organizations has happened in an organic fashion with little to no IT involvement and even less policy oversight. In most cases, the security, policy and cloud governance model you implement will be somewhat ...Continue Reading

• Are self-encrypting drives the right choice for enterprises?

  Self-encrypting drives can provide added security for enterprises, but they aren't without vulnerabilities. Expert Michael Cobb explains what you need to know.Continue Reading

• Five supporting technologies for DLP products

  Expert Bill Hayes examines five technologies that can complement data loss prevention products and improve enterprise security.Continue Reading

• How to protect corporate data from government surveillance

  News of government surveillance programs is appearing almost daily. Enterprises need to do what they can to protect corporate data from potential eavesdropping -- but how? Expert Kevin Beaver offers some best practices.Continue Reading

• How to keep track of sensitive data with a data flow map

  Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading

• Six criteria for buying data loss prevention products

  Expert Bill Hayes lays out six steps to take in order to buy the right data loss protection (DLP) products for your organization.Continue Reading

• Three usage scenarios for deploying data loss prevention products

  Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading

• The business case for email encryption software

  Email encryption is a valuable security tool for enterprises, but where and how should it be deployed? Expert Karen Scarfone outlines specific use cases for email encryption software.Continue Reading

• A CISO's introduction to enterprise data governance strategy

  Every enterprise must have a viable strategy for protecting high-value data. See if your plan aligns with Francoise Gilbert's advice on top priorities to consider when defining data governance plans.Continue Reading

• Does your enterprise need a data loss prevention system?

  Not every business needs a data loss prevention system. Security expert Rich Mogull offers clues to help your organization decide if DLP will suit its business needs.Continue Reading

• Using metadata tagging tools for PCI DSS compliance

  Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.Continue Reading

• Data governance 2.0: Adapting to a new data governance framework

  Data governance 2.0, an updated enterprise data governance framework, brings challenges and opportunities. Henry Peyret of Forrester Research details.Continue Reading

• Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading

• Risk management must include physical-logical security convergence

  Continue Reading

• Using a managed file transfer for secure data transmission, exchange

  Continue Reading

• Removable Storage Security: ControlGuard Access Manager 3.0 review

  Continue Reading

• Log management and analysis: How, when and why

  In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Continue Reading

• Book chapter: Browser security principles, same-origin policy exceptions

  This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.Continue Reading

• EDRM-DLP combination could soon bolster document security management

  The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management.Continue Reading

• Enterprise network content monitoring best practices

  This presentation offers a strategic look at enterprise content monitoring and provides guidance on how key technologies can underpin necessary control sets for your organization.Continue Reading

• PDF download: Information Security magazine December 2011

  This issue of Information Security features a firsthand account of the Windows Vista security review. Also learn about enterprise digital rights management best practices.Continue Reading

• Enterprise digital rights management best practices

  EDRM brings users into security more than any other tool. Are you ready?Continue Reading

• NSA best practices for data security

  Find out about Homeland Security and NSA best practices for automating data gathering, easing compliance and improving security.Continue Reading

• VDI security supports active protection strategies

  ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.Continue Reading

• Organizations need a new data security model to combat today’s threats

  Modern threats require a fundamental shift in information security away from the fortress mentality.Continue Reading

• Data breaches show enterprise need for better data security management

  Sony and other data breaches suggest need for data accountability, better configuration management.Continue Reading

• IT consumerization drives new security thinking

  The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.Continue Reading

• Information Security magazine online May 2011

  This issue of Information Security examines how enterprises can streamline compliance by building a robust data protection program.Continue Reading

• Robust information security program key to PCI compliance requirements

  A strong information security program that goes beyond minimum standards will ease compliance.Continue Reading

• Social networking best practices for preventing social network malware

  Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.Continue Reading

• Data loss prevention best practices start with slow, incremental rollouts

  Early adopters of DLP deployments say slow, incremental rollouts help reduce the burden on IT staff and the potential for chaos among business units.Continue Reading

• Validating ERP system security and ERP best practices

  Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.Continue Reading

• Unmasking data masking techniques in the enterprise

  Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros should endorse its use in order to keep production ...Continue Reading

• How to use a PDF redaction tool with a redacted document policy

  It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microsoft "Track Changes" data -- can potentially lead to ...Continue Reading

• Check Point acquires Liquid Machines for enterprise rights management

  Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) offering.Continue Reading

• Creating data destruction policies to protect sensitive company data

  Sensitive data may be where you least expect it: including in the drawers of old office furniture you've given away. Kevin J. Mock explains how to create a data destruction policy that can prevent sensitive data from being thrown out with the trash.Continue Reading

• DBMS security: Data warehouse advantages

  Are there data warehouse advantages in regard to security? Without question. Michael Cobb explains.Continue Reading

• Cloud-based security services should start private

  When it comes to cloud-based services, security vendors often put the cart before the horse, says columnist Eric Ogren.Continue Reading

• Risk management must include physical-logical security convergence

  If your organization is serious about managing risk and total asset protection, then physical-logical convergence is a necessary step.Continue Reading

• Encryption in data management should never be ignored, expert says

  It isn't always convenient to encrypt sensitive data as part of an e-discovery process, but a data management expert at the Computer Forensics Show said its use is essential.Continue Reading

• Data loss prevention benefits in the real world

  DLP promises strong data protection via content inspection and security monitoring, but real-world implementations can be complex and expensive; these eight real-world lessons help you use DLP to its fullest.Continue Reading

• Mass., Nev. data protection laws wrong, ineffective

  Government should consider extending existing frameworks for fraud, trespassing and trafficking across state and national borders, not legislating technology, explains Eric Ogren.Continue Reading

• How to Secure Cloud Computing

  On-demand computing services can save large enterprises and small businesses a lot of money, but security and regulatory compliance become difficult.Continue Reading

• Enforcing a vendor risk assessment to avoid outsourcing security risks

  As enterprises outsource more services and share data, they must be vigilant about the security of third parties.Continue Reading

• HIPAA changes force healthcare to improve data flow

  Do you know where your data is? The latest HIPAA changes should motivate healthcare security teams to understand information flows.Continue Reading

• Can USB compromise the security of an embedded mobile device?

  USB is only a standard to interface devices to a host computer. Expert Michael Cobb explains why it doesn't provide any security features to protect data that passes through the connection.Continue Reading

• Using a managed file transfer for secure data transmission, exchange

  Managed file transfer (MFT) products meet the increasing security, compliance and operational demands of data in motion.Continue Reading

• TrueCrypt an open source laptop encryption choice for SMBs

  TrueCrypt eases security and privacy concerns. The open source security software encrypts a dedicated space on your hard drive, a partition or the whole disk, as well as removable storage devices.Continue Reading

• Encryption no longer an optional technology

  Unravel the ins and outs of how your organization should deploy encryption.Continue Reading

• GRC: Over-Hyped or Legit?

  Governance, risk and compliance (GRC) is being used as a catch-all phrase for most information security strategies and tagged onto various products, adding even more confusion in the market as to what it truly means or promises to corporations.Continue Reading

• Mix of Frameworks and GRC Satisfy Compliance Overlaps

  Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands.Continue Reading

• Product Review: Workshare Protect Premium 6.0

  Workshare Protect Premium 6.0 seeks to eliminate the malicious or accidental leakage of sensitive corporate data.Continue Reading

• Should users have a removable boot drive for online banking?

  Accessing your bank account through a browser -- one that has been loaded from a non-writable source and is known to be free of malicious code -- is safer than accessing your account from a computer booted from the same hard drive. Find out why.Continue Reading

• Web 2.0 and e-discovery: Risks and countermeasures

  Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especially when litigation calls for electronic discovery ...Continue Reading