Manage

Manage

Learn to apply best practices and optimize your operations.

• Threat intelligence versus risk: How much cybersecurity is enough?

  Learn how threat intelligence plays into global risk assessment as more security officers are tasked with damage control. Continue Reading

• Threat intelligence and risk: Why cybersecurity hangs in the balance

  As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above and beyond compliance requirements. Global threat intelligence services have continued to evolve and ... Continue Reading

• PCI economics: Are the information security requirements working?

  How to evaluate whether PCI DSS is lowering credit card fraud and the risks associated with data breach disclosure. Continue Reading

• Command-and-control servers: The puppet masters that govern malware

  Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels. Continue Reading

• Avi Rubin on what it takes to move healthcare IT security forward

  Medical data is the next frontier, Avi Rubin tells Marcus Ranum, as Johns Hopkins University seeks to insulate medical information systems from hackers. Continue Reading

• How to explain information security concepts to business executives

  Conveying complex information security models to business executives isn't easy. Here's how IT pros can improve their communication skills.Continue Reading

• How to prevent SQL injection attacks (without a costly code review)

  Enterprise threats expert Nick Lewis reveals two key ways to prevent SQL injection attacks without breaking the bank on an expensive code review.Continue Reading

• How to make penetration test results matter

  Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise.Continue Reading

• HIPAA-covered entities: Time to act on business associate agreements

  Compliance expert Mike Chapple reviews changes to HIPAA business associate agreements under the Omnibus Rule and what they mean for covered entities.Continue Reading

• Mitigating the enterprise risks posed by PHP SuperGlobal variables

  Learn the risks PHP SuperGlobal variables present to PHP applications and how to mitigate them in an enterprise environment.Continue Reading

• Mobile security: Is antimalware protection necessary?

  Developing an enterprise mobile security strategy is a challenge. Nick Lewis offers his insight on the viability of mobile antimalware protection.Continue Reading

• Should enterprises expect heightened risk on important dates?

  Does the date on the calendar have anything to do with the likelihood of an attack? Enterprise threats expert Nick Lewis provides his insight.Continue Reading

• How to use Kismet: A free Wi-Fi network-monitoring tool

  In this video, CBT Nuggets' Keith Barker shows how to use the free Wi-Fi network monitoring tool Kismet to find possibly malicious wireless networks.Continue Reading

• Stop attackers hacking with Metasploit

  Metasploit attacks may not be sexy, but they can stab through enterprise defenses. Learn how basic security controls can thwart Metasploit hacking.Continue Reading

• Bruce Schneier: Time for society to decide on Internet surveillance

  Security expert Bruce Schneier says it's time to ensure a secure Internet exists for everybody, even if it makes Internet surveillance harder.Continue Reading

• A broader definition of identity governance

  The definition of identity governance has evolved to include a tool that could prove challenging for enterprises to implement.Continue Reading

• When single sign-on fails, is a second SSO implementation worthwhile?

  After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses.Continue Reading

• How to respond to the latest distributed denial-of-service attacks

  All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't put off learning about the threat and means available for defense. Fortunately, techniques and ...Continue Reading

• NSA encryption backdoor: How likely is it?

  Video: BeyondTrust CTO Marc Maiffret discusses the likelihood of an NSA encryption backdoor and the rise in watering hole attacks and Web defacements.Continue Reading

• Router port scanning: Mitigate the security risks of home users

  Does a surge in router port scanning mean that the number of infosec risks to home users has risen? Kevin Beaver explains.Continue Reading

• John Pescatore: Evasion techniques aiding advanced targeted attacks

  Video: SANS Institute's John Pescatore says though new evasion techniques are aiding advanced targeted attacks, defense matters as much as response.Continue Reading

• Information security spending in 2014: The top enterprise priorities

  Video: Editorial Director Robert Richardson examines enterprises planned 2014 security spending and whether it will lead to long-term success.Continue Reading

• Don't get spoofed by distributed denial-of-service attacks

  Distributed denial-of-service attacks continue to use spoofing. But there are means to stop the practice.Continue Reading

• Requirements for a PCI-compliant Web hosting company

  Expert Mike Chapple offers insight on how to maintain PCI DSS compliance when outsourcing Web hosting to a PCI-compliant provider.Continue Reading

• Is PCI DSS compliance required?

  PCI DSS compliance has little bearing on customer retention, so is it worth the effort? Mike Chapple explains why companies must comply with PCI DSS.Continue Reading

• Regulatory compliance requirements for security awareness programs

  Employees play an important role in achieving and maintaining regulatory compliance, explains compliance expert Mike Chapple.Continue Reading

• What should enterprises look for in vulnerability assessment tools?

  The main function of vulnerability assessment tools hasn't changed much, but enterprises must be aware of edge cases like cloud and virtualization.Continue Reading

• Main Street forces new avenues to security and data privacy laws

  Can the technology industry solve cybersecurity and data protection issues without federal legislation?Continue Reading

• Password-free authentication: Figuring out FIDO

  Will open FIDO standards for better interoperability of next-generation authentication technologies actually work?Continue Reading

• Filling the CISO role: Is there any reason enterprises shouldn't?

  In the wake of the Target breach, many companies still don't have a dedicated CISO.Continue Reading

• Advanced persistent threats: Has the industry moved on?

  APT gives new meaning to targeted attacks that often rely on low-tech tactics and flawed network security.Continue Reading

• Marcus Ranum and Georgia Weidman hack into cyberdefense

  Are critics of the penetration test wrong? Find out what breaking and entering your enterprise network can reveal about the state of your security.Continue Reading

• Another call for federal data privacy laws

  The patchwork of state laws has not slowed epic data breaches. Will we see federal data breach notification laws in 2015?Continue Reading

• Figuring out FIDO as the first products emerge

  The Fast Identity Online (FIDO) standards reached the public draft stage in February, and the first deployments of FIDO-ready technologies followed in April. As industry players such as Google, Microsoft and RSA work on stronger authentication ...Continue Reading

• McGraw on Heartbleed shock and awe: What are the real lessons?

  Secure software development expert Gary McGraw said the main lesson of Heartbleed is to control open source risk.Continue Reading

• Google AdID spurs talk of replacing third-party cookies in enterprises

  Google's AdID technology will supposedly replace third-party cookies. What affect will this have on security in enterprises? Michael Cobb discusses.Continue Reading

• Defense best practices for a man-in-the-middle attack

  Man-in-the-middle attack defense requires careful, layered security. Michael Cobb reviews the tactics enterprises should employ to stay secure.Continue Reading

• Heartbleed response: Tech giants to fund OpenSSL, other projects

  A number of tech giants have pledged financial help to OpenSSL and other open source projects after the Heartbleed bug exposed numerous issues.Continue Reading

• Java-based malware: Mitigating the threat of JRE vulnerabilities

  Java-based malware and JRE vulnerabilities are a constant enterprise threat. Expert Nick Lewis reveals how to reduce (or at least tolerate) the risk.Continue Reading

• Best practices for employer monitoring of social media

  Expert Joseph Granneman explains the best way for employers to approach social media monitoring as part of a social media policy for employees.Continue Reading

• Network segmentation: No-brainer or unseen network security threat?

  When it comes to security, network segmentation can be a blessing or a curse. In this tip, we look at the pros and cons of this enterprise decision.Continue Reading

• Verizon DBIR 2014: Incident patterns show industry-specific threats

  The Verizon DBIR 2014 shows that organizations should build a security strategy around industry-specific threats and incident patterns.Continue Reading

• Strategic security staffing: Generalist or specialist?

  Expert Joseph Granneman explains whether a midsize company should hire security specialists or generalists and why.Continue Reading

• Report says app risk management should fall to business stakeholders

  When it comes to app risk management, who is ultimately responsible: business leaders or security professionals? A new report weighs in.Continue Reading

• Change management best practices: Tracking eliminated firewall rules

  Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.Continue Reading

• The benefits of converged network security architecture

  The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.Continue Reading

• Secure file transfer: Send large files fast, but keep your system safe

  FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure file transfer shows how best to cure that sense of FTP insecurity.Continue Reading

• Four steps to taking the fear out of large file transfers

  Large file transfers don't have to be scary. Learn four key steps to keeping your network secure when big files exit your enterprise.Continue Reading

• Tips for keeping Wi-Fi network passwords secure

  If Wi-Fi network passwords are accessed off Android mobile devices by third parties, it could mean disaster without the right precautions.Continue Reading

• Preparing for a firewall failure: Firewall best practices

  Is your enterprise ready for a firewall failure? Uncover firewall best practices to help you prepare.Continue Reading

• Cisco TelePresence vulnerability: Mitigate default credentials issues

  Network security expert Brad Casey discusses how to mitigate the vulnerability found in Cisco's TelePresence system triggered by default credentials.Continue Reading

• Banned PCs: Finding the right network security controls to ease fears

  Several governments reportedly banned PCs with alleged ties to the Chinese government. Uncover the network security controls to ease enterprise fears.Continue Reading

• Audit concerns when migrating from traditional firewall to NGFW

  Learn about a potential audit concern when transitioning from a traditional firewall to a next-generation firewall.Continue Reading

• OpenSSL security vulnerability 'Heartbleed' may have exposed encrypted traffic

  Researchers who discovered the 'Heartbleed' OpenSSL security vulnerability say it could have exposed encrypted Internet traffic from millions of systems.Continue Reading

• Does TCP/IP reassembly pose a TCP/IP packet format risk?

  An obscure process called TCP/IP reassembly may pose an enterprise network security risk. Learn about this TCP/IP packet format security issue.Continue Reading

• Addressing the security vulnerabilities of IPMI-enabled systems

  The Intelligent Platform Management Interface (IPMI) protocol presents a number of security vulnerabilities. Uncover how to mitigate the risks.Continue Reading

• UTM vs. NGFW: Comparing unified threat management, next-gen firewalls

  What's the difference between unified threat management (UTM) products and next-generation firewalls (NGFW)? Brad Casey discusses.Continue Reading

• An enterprise guide to Windows XP security after end of updates for XP

  It's over. Now what? Learn whether it's possible to secure Windows XP without security updates, and get advice for jump-starting your migration plan.Continue Reading

• OpenDNS' Hubbard predicts Internet threats with security analytics

  OpenDNS CTO Dan Hubbard says big data techniques like machine learning and data mining can be used to spot and mitigate unknown Internet threats.Continue Reading

• After HIPAA Omnibus Rule 2013: How to implement continuous compliance

  Expert Mike Chapple explains why the HIPAA Omnibus Rule 2013 presents an opportunity for organizations to embrace a continuous compliance approach.Continue Reading

• certified information security manager (CISM)

  Certified Information Security Manager (CISM) is a certification offered by ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance.Continue Reading

• Safari security update includes fix for 2014 Pwn2Own hack

  The Safari security update addresses a number of remotely exploitable vulnerabilities and includes a fix for a hack from the Pwn2Own competition.Continue Reading

• Women in cybersecurity: The time is now

  With the field in urgent need of practitioners, the chief of a new cybersecurity program at a small women's college believes he can make a difference.Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading

• Endpoint security software market retools

  Organizations face a dangerous threat landscape that demands new endpoint security controls and oversight.Continue Reading

• Marcus Ranum and Anton Chuvakin explore big data and security

  When will big data technologies move past the hype and help security teams?Continue Reading

• Mobile security: The battle beyond malware

  Combating the wrong enemy? Evolving threats and new attack surfaces demand your mobile security strategy keep pace.Continue Reading

• Data encryption, notification and the NIST Cybersecurity Framework

  Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.Continue Reading

• Is your mobile security strategy combating the wrong enemy?

  As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too often, their efforts are focused on combating malware instead of vulnerable applications, advanced ...Continue Reading

• Smartphone biometrics: Risks and implementation hurdles

  Mobile biometric authentication, including that technology on smartphones, has yet to be widely deployed. Expert Michele Chubirka explains why.Continue Reading

• Prevent authentication vulnerabilities in enterprise applications

  The recent Django authentication flaw highlights the importance of testing for authentication vulnerabilities. Michele Chubirka explains how.Continue Reading

• Seven Techniques for More Proactive Risk and Security Management

  In this report, you’ll uncover the techniques you need to improve your ability to deal effectively with unforeseen risks.Continue Reading

• Beyond the Page: Strategies for a secure mobile device program

  This Beyond the Page focuses on how mobile application management can help CISOs move beyond consumer-oriented endpoints and their security tradeoffs.Continue Reading

• Security and Risk Management Program Maturity Assessment

  Good security and risk management requires a wide range of ingredients: Mature business continuity management, compliance, identity and access management, information security management, privacy, and risk management practices. This guide addresses ...Continue Reading

• Introduction to iCloud Keychain: Security for password synchronization

  ICloud Keychain can supposedly sync passwords across devices without using iCloud. But is it secure? Security expert Michele Chubirka explains.Continue Reading

• Linux Malware Incident Response

  In this excerpt from Linux Malware Incident Response, authors Cameron Malin, Eoghan Casey and James Aquilina discuss volatile data collection methodology, steps and preservation.Continue Reading

• The merits of encryption vs. hashing after the Adobe password breach

  In light of the Adobe password breach, expert Michele Chubirka explains the difference between encryption and hashing when storing passwords.Continue Reading

• Apple iMessage security: Is iMessage encryption strong enough?

  Is Apple iMessage encryption strong enough to mitigate reverse-engineering attacks? Learn more about one of the top iMessage security risks.Continue Reading

• How to develop software the secure, Gary McGraw way

  Building security into the software development process lowers both risks and costs in the long term. This collection explains how it can be done.Continue Reading

• Monitoring for unusual network traffic key to banking botnet detection

  Spotting unusual network traffic, like large amounts of encrypted data headed to suspicious domains, is key to better banking botnet detection.Continue Reading

• In dog days of enterprise authentication, can FIDO Alliance help?

  Enterprise authentication practices are plagued with problems. IAM expert Michele Chubirka examines whether the FIDO Alliance can offer solutions.Continue Reading

• Email address security: Can email addresses thwart phishing schemes?

  Email addresses are prime targets of phishing schemes. Uncover how to mitigate these risks and learn tips for ensuring email address security.Continue Reading

• Imperva finds old PHP vulnerability still being exploited by attackers

  Security vendor Imperva says thousands of enterprise Web servers are exposed to an easy-to-exploit PHP flaw despite a patch long being available.Continue Reading

• Incident response planning for DNS attacks against enterprises

  Practicing incident response for a DNS attack will help enterprises recover faster. Nick Lewis offers incident response planning best practices.Continue Reading

• Gartner Security & Risk Management Summit 2014

  June 23 – 26, 2014, National Harbor, MDContinue Reading

• March Adobe security updates offer fixes for Flash, Shockwave

  A pair of Adobe security updates this week patches three flaws involving Flash Player and Shockwave. The Flash patch should be applied quickly.Continue Reading

• For merchants, Windows XP POS systems put PCI compliance at risk

  PCI compliance may be nearly impossible after the April 2014 Windows XP end-of-life date if merchants don't address vulnerable XP-based POS systems.Continue Reading

• Changes to ISO 27001: What's new in the 2013 ISO 27001 update?

  Expert Mike Chapple reviews the recent ISO 27001 update, including the three most significant changes to ISO 27001 and the effect on infosec programs.Continue Reading

• API security: How to ensure secure API use in the enterprise

  API security is a growing enterprise concern. In the wake of recent high-profile breaches, discover how to alleviate the issues of insecure APIs.Continue Reading

• Risk Management Framework

  In this excerpt from chapter 3 of Risk Management Framework, author James Broad discusses the four components of risk management.Continue Reading

• Enhancing security with the right network architecture

  Organizations need to be strategic about malware protection; re-architecting portions of the enterprise network could help.Continue Reading

• Do PCI SSC-approved point-to-point encryption products reduce scope?

  Expert Mike Chapple details the potential benefits for organizations that choose PCI SSC-approved point-to-point encryption products.Continue Reading

• Does outsourcing to Amazon payment processing bring PCI DSS benefits?

  Expert Mike Chapple explains how some retailers can reduce their PCI DSS compliance burden by outsourcing credit card processing to Amazon.Continue Reading

• What's the best focus for MDM strategy now?

  This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost, stolen or hacked. That's a given. This guide outlines the basic tenets of sound strategy for ...Continue Reading

• How to secure Twitter accounts against man-in-the-browser attacks

  Amid recent man-in-the-browser attacks aimed at Twitter, expert Nick Lewis explains how enterprises can best secure business Twitter accounts.Continue Reading

• Information security incident response teams need plans and partners

  Speakers at RSA Conference 2014 said information security incident response teams must identify and prep key participants well before incidents occur.Continue Reading

• C&C infrastructure explained: Tilon malware lessons learned

  Expert Nick Lewis details how the Tilon malware strain utilizes a unique communication protocol with its C&C infrastructure.Continue Reading

• Required: A revamped antimalware strategy

  Increasingly sophisticated malware can divert the attention of IT departments from low-level security gaps. Here’s why you need a strategy that works on all levels.Continue Reading

• To protect privileged users, consider using least privilege principle

  To defend against "laterally" moving attackers, consider granting privileged users the least privileges necessary. Expert Nick Lewis explains how.Continue Reading

• Web browser protection for users: Adapting to new Web security threats

  Expert Nick Lewis explains how to provide a secure Web browsing experience for users when threats are no longer contained to certain parts of the Web.Continue Reading