Manage

Manage

Learn to apply best practices and optimize your operations.

• How to manage TeamViewer security risk, mitigate the TeamSpy malware

  In light of the recent TeamSpy malware, Nick Lewis examines whether TeamViewer's security risk has reached an acceptable level for enterprises. Continue Reading

• Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong. Continue Reading

• Analytics and the insider threat: Privileged users and patterns of deception

  Security professionals should analyze metrics to learn baseline behavioral patterns of their employees and identify anomalous behaviors. Continue Reading

• A full-service model for SIEM

  The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations. Continue Reading

• Incident response lessons from Facebook's red team exercises

  Expert Nick Lewis provides advice for enterprises looking to take inspiration for an incident response plan from Facebook's red team exercises. Continue Reading

• Mitigate malicious apps with mobile device security training

  Mobile device security training can help reduce the threat of malicious mobile apps by making users think twice before clicking download.Continue Reading

• USGCB (United States Government Configuration Baseline)

  The United States Government Configuration Baseline, or USGCB, is a government-wide initiative that provides guidance on information security configuration best practices for IT products leveraged by federal agencies.Continue Reading

• Is FTP malware threatening network port security?

  A diligent enterprise must watch for FTP attacks over non-standard ports, says network security expert Brad Casey.Continue Reading

• How to test for and protect against firewall vulnerabilities

  Vulnerabilities in a firewall operating system can render the firewall useless. Learn how to test for and protect against them.Continue Reading

• MDM vs. MAM: Comparing enterprise mobile security management options

  Struggling to compare MDM vs. MAM? You're not alone. Learn all about the various technology options in enterprise mobile security management.Continue Reading

• The implications of mobile hotspot security vulnerabilities

  Learn how enterprises can ensure mobile hotspot security by guarding against security vulnerabilities in 3G and 4G modems.Continue Reading

• Web browser extension security: Mitigating browser plug-in threats

  Application security expert Michael Cobb discusses the risks of Web browser extensions and what enterprises can do to counter browser plug-in threats.Continue Reading

• Inside the BREACH attack: How to avoid HTTPS traffic exploits

  Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk.Continue Reading

• Web application firewalls may not fix Web application security issues

  Some consultants are finding Web application firewall products don't deliver due to poor deployment strategies and a lack of skilled maintenance.Continue Reading

• Open source code reuse: What are the security implications?

  Reusing open source code can present a security risk. Application security expert Michael Cobb explains why and how to protect applications.Continue Reading

• CRM, ERP security best practices: How to secure aging software

  Enterprises rely on ERP and CRM systems, but they pose a risk if left unpatched. Michael Cobb reviews enterprise application security best practices.Continue Reading

• AutoIt script in malware attacks: Defensive best practices

  Industry expert Nick Lewis outlines the growing popularity of AutoIt script code in malware attacks and how to defend against these attacks.Continue Reading

• Eliminating black hat bargains

  Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.Continue Reading

• Encryption key management: Should keys still be stored in the cloud?

  Expert Joe Granneman explains whether encryption key management in the cloud is still possible after a slew of revelations around the NSA.Continue Reading

• Software [In]security: BSIMM-V does a number on secure software dev

  The fifth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading

• Data governance 2.0: Adapting to a new data governance framework

  Data governance 2.0, an updated enterprise data governance framework, brings challenges and opportunities. Henry Peyret of Forrester Research details.Continue Reading

• For a PCI-compliant database, implement database security controls

  Expert Mike Chapple details the necessary database security controls that an organization must implement to achieve a PCI-compliant database.Continue Reading

• Does running end-of-life software lead to compliance violations?

  There are several risks involved when using end-of-life software, including the possibility of compliance violations. Expert Mike Chapple explains.Continue Reading

• How threat intelligence can give enterprise security the upper hand

  Expert Nick Lewis covers the benefits of threat intelligence for enterprises, plus how to integrate intel feeds with existing security programs.Continue Reading

• How to ensure legacy serial port security on enterprise networks

  In the wake of H.D. Moore's discovery of rampant serial port security problems, learn how to secure legacy, Internet-connected serial port servers.Continue Reading

• VDI security: The benefits and pitfalls of virtualizing endpoints

  With the rise of endpoint virtualization, enterprises need to grasp the positives and manage the negatives of VDI security. Expert Brad Casey details.Continue Reading

• Security: The genesis of SDN

  SDN is a design with security as its foundation, and it has the potential to solve traditional networking's glaring security issues.Continue Reading

• SIEM analytics: Process matters more than products

  Expect Microsoft Word to write the next great American novel? Success or failure with SIEM products rests on your security monitoring capabilities.Continue Reading

• Best of Web application firewalls 2013

  Readers vote on the top Web application firewalls in 2013: Standalone WAFs and products that are part of application acceleration/delivery systems.Continue Reading

• IT compliance planning: How to maintain IT compliance documentation

  Documentation is a key requirement for many IT security regulations. Expert Mike Chapple offers tips for maintaining documentation the right way.Continue Reading

• A decade later: SOX program management best practices

  After 11 years of Sarbanes-Oxley and other mandates, enterprises have finally embraced holistic compliance program management as a best practice.Continue Reading

• Cybersecurity: Global risk management moves beyond regulations

  Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead.Continue Reading

• Bridging the IT security skills gap

  While poaching security talent may plug short-term gaps, outreach and education will solve the long-term shortfall in IT security professionals.Continue Reading

• Firewalls play by new rules

  Modern firewalls offer greater application awareness and user controls. Protect your migration strategy with these tips from the pros.Continue Reading

• Security incident response procedures: When to do a system shutdown

  At times, security incident response procedures require drastic measures. Expert Nick Lewis explains when and how to perform a system shutdown.Continue Reading

• Open source code management: How to safely use open source libraries

  Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.Continue Reading

• Enterprise mobile security by the numbers

  Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading

• Unlock new pathways to network security architecture

  Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.Continue Reading

• Ten years later: The legacy of SB 1386 compliance on data privacy laws

  A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.Continue Reading

• How to define SIEM strategy, management and success in the enterprise

  Enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Learn how to achieve success with SIEM in your organization.Continue Reading

• Web application session management issues, and how to avoid a hijacking

  Continue Reading

• Two-factor authentication options, use cases and best practices

  It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises. Learn how to get started in this 2FA primer.Continue Reading

• How to enact Apache security best practices for Web server security

  With Apache Web servers becoming ever more popular with attackers, organizations should follow Apache security best practices to avoid compromise.Continue Reading

• How to use ThreadFix to simplify the vulnerability management process

  Video: Keith Barker of CBT Nuggets demonstrates how Denim Group's ThreadFix helps simplify the enterprise vulnerability management process.Continue Reading

• How key MDM features affect mobile security policy management

  As MDM features become more robust, enterprises must not only look for mature products, but also evolve mobile security policies accordingly.Continue Reading

• Big data analytics: New patterns emerge for security

  Will big data analytics make security better? With data scientists in short supply, solution providers rush to provide big data analytics tools.Continue Reading

• Identity and access management solutions: The basics and issues

  With the surge of disruptive technologies like cloud-based systems, mobile apps and BYOD, identity and access management (IAM) has become unruly and complex for organizations. This TechGuide covers the fundamentals of and issues associated with the ...Continue Reading

• How to reduce IT security risk with IT asset management

  IT asset management expert Barb Rembiesa explains how ITAM best practices like IT asset standardization and rationalization reduce IT security risk.Continue Reading

• Improving security management processes with SIEM

  In our newest Security School lesson, Mike Rothman covers how to get the best data to improve incident response.Continue Reading

• BSIMM4 measures and advances secure application development

  The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading

• SIEM best practices for advanced attack detection

  SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step.Continue Reading

• Federal Information Security Management Act

  The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.Continue Reading

• Federal Information Security Management Act (FISMA)

  The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.Continue Reading

• The evolution of threat detection and management

  Enterprises must understand the latest threat detection options to keep up with advanced cybercriminals who can bypass enterprise security defenses.Continue Reading

• Data breach protection requires new barriers

  Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?Continue Reading

• Apple security update: Is it ready for the enterprise?

  It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.Continue Reading

• Microsoft FIM (Microsoft Forefront Identity Manager)

  Microsoft Forefront Identity Manager (FIM) is a self-service identity management software suite.Continue Reading

• Quiz: Using SIEM technology to improve security management processes

  In this five question quiz, test your knowledge of our Security School lesson on using SIEM technology to improve security management processes.Continue Reading

• How to configure a VLAN to achieve the benefits of VLAN security

  Expert Brad Casey explains how to configure a VLAN in order to achieve the benefits of VLAN security, including protection against insider attacks.Continue Reading

• DLP management tools and reporting: Key considerations

  When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.Continue Reading

• Should syslog format be mandatory in a log management product?

  Matt Pascucci discusses what to look for when evaluating a log management product and whether syslog format should be a requirement.Continue Reading

• Address IPv6 security before your time runs out

  Most networks have partial deployment of IPv6 often without IT realizing it. It’s time to take stock of the security implications before attackers do.Continue Reading

• Botnet takedowns: A dramatic defense

  The infections and cyberattacks that botnets are used to launch remain hard-to-detect malware threats that have moved beyond PCs to mobile devices.Continue Reading

• Managing big data privacy concerns: Tactics for proactive enterprises

  The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading

• Well-rounded information security education benefits IT professionals

  A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.Continue Reading

• Quiz: Managing BYOD endpoint security

  In this six question quiz, test your knowledge of our Security School lesson on managing BYOD endpoint security.Continue Reading

• How to implement firewall policy management with a 5-tuple firewall

  Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons.Continue Reading

• Exploring the security risks of network management outsourcing

  Is network management outsourcing the future of network security or too great a risk? Matthew Pascucci discusses the risks and rewards.Continue Reading

• BYOD security strategies: Balancing BYOD risks and rewards

  Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading

• SSL certificate management: Avoiding common mistakes

  Errors are bound to occur when SSL certificate management is handled manually. Learn how to avoid these common mistakes.Continue Reading

• Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading

• Private market growing for zero-day exploits and vulnerabilities

  Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.Continue Reading

• Chief information security officer skills go beyond customary technical roles

  A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.Continue Reading

• Download: Log management best practices: Six tips for success

  In this expert e-guide from SearchSecurity.com you'll discover Six tips for success in Log managementContinue Reading

• Implement software development security best practices to support WAFs

  WAFs aren't a panacea for all Web security woes. Software development security best practices are still vital. Expert Michael Cobb discusses why.Continue Reading

• Secure Web gateway overview: Implementation best practices

  In this secure Web gateway overview, learn how to implement, configure and maintain a Web security gateway to support other security devices.Continue Reading

• Aligning enterprise identity and access management with CIO priorities

  Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM.Continue Reading

• Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading

• Cloud Compliance: Tackling Compliance in the Cloud

  Moving to a cloud environment brings compliance challenges, but they’re not insurmountable.Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.Continue Reading

• The new era of big data security analytics

  The information security industry needs to shift its focus to data-driven security.Continue Reading

• FISMA Compliance and the Evolution to Continuous Monitoring

  The U.S. Department of State developed a system for improving federal cybersecurity.Continue Reading

• GRC Management and Critical Infrastructure Protection

  GRC needs to adapt to become a truly effective risk management tool for critical infrastructure.Continue Reading

• Developing a BYOD Strategy: Weigh the Risks, Challenges and Benefits

  Organizations need to consider benefits and risks as they embrace BYOD.Continue Reading

• Pros and Cons of Information Security Certifications

  Educating the security professional requires far more than a certification exam.Continue Reading

• Can ISO 27002 be used as a standalone guide for security management?

  Learn the difference between ISO 27001 and ISO 27002, and how the latter can be used to build an infosec program.Continue Reading

• How to comply with updated NIST incident response guidelines

  NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan.Continue Reading

• PDF download: Information Security magazine October 2012

  In this issue, find out who won this year's Readers' Choice Awards. Also learn about threat management best practices and how hacktivists are impacting the threat landscape.Continue Reading

• Five tips to improve a threat and vulnerability management program

  Utilize these five simple tips from expert Diana Kelley to improve your enterprise's threat and vulnerability management program.Continue Reading

• Threat prevention techniques: Best practices for threat management

  A successful threat management program requires effective processes, layered technology and user education.Continue Reading

• Network log management on a budget: How to streamline log analysis

  Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.Continue Reading

• pfSense tutorial: Configure pfSense as an SMB-caliber firewall

  Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall.Continue Reading

• PDF download: Information Security magazine September 2012

  In this issue, learn about the pros and cons of cloud-based security services and mobile application security considerations.Continue Reading

• A new framework for preventing XSS attacks

  Understand how cross-site scripting attacks work and how to prevent them.Continue Reading

• Security as a Service: Benefits and risks of cloud-based security

  Know the pros and cons to cloud-based security services before making the leap.Continue Reading

• Log management and analysis: How, when and why

  In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Continue Reading