Manage

Manage

Learn to apply best practices and optimize your operations.

• Cloud Compliance: Tackling Compliance in the Cloud

  Moving to a cloud environment brings compliance challenges, but they’re not insurmountable. Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers. Continue Reading

• The new era of big data security analytics

  The information security industry needs to shift its focus to data-driven security. Continue Reading

• FISMA Compliance and the Evolution to Continuous Monitoring

  The U.S. Department of State developed a system for improving federal cybersecurity. Continue Reading

• GRC Management and Critical Infrastructure Protection

  GRC needs to adapt to become a truly effective risk management tool for critical infrastructure. Continue Reading

• Developing a BYOD Strategy: Weigh the Risks, Challenges and Benefits

  Organizations need to consider benefits and risks as they embrace BYOD.Continue Reading

• Pros and Cons of Information Security Certifications

  Educating the security professional requires far more than a certification exam.Continue Reading

• Can ISO 27002 be used as a standalone guide for security management?

  Learn the difference between ISO 27001 and ISO 27002, and how the latter can be used to build an infosec program.Continue Reading

• How to comply with updated NIST incident response guidelines

  NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan.Continue Reading

• PDF download: Information Security magazine October 2012

  In this issue, find out who won this year's Readers' Choice Awards. Also learn about threat management best practices and how hacktivists are impacting the threat landscape.Continue Reading

• Five tips to improve a threat and vulnerability management program

  Utilize these five simple tips from expert Diana Kelley to improve your enterprise's threat and vulnerability management program.Continue Reading

• Threat prevention techniques: Best practices for threat management

  A successful threat management program requires effective processes, layered technology and user education.Continue Reading

• Network log management on a budget: How to streamline log analysis

  Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.Continue Reading

• pfSense tutorial: Configure pfSense as an SMB-caliber firewall

  Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall.Continue Reading

• PDF download: Information Security magazine September 2012

  In this issue, learn about the pros and cons of cloud-based security services and mobile application security considerations.Continue Reading

• A new framework for preventing XSS attacks

  Understand how cross-site scripting attacks work and how to prevent them.Continue Reading

• Security as a Service: Benefits and risks of cloud-based security

  Know the pros and cons to cloud-based security services before making the leap.Continue Reading

• Log management and analysis: How, when and why

  In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Continue Reading

• How to manage feedback in the compliance review process

  The compliance review process can be complicated, especially when getting input from others. Mike Chapple offers advice to streamline the process.Continue Reading

• Firewall security best practices: Get firewall network security advice

  Get to know your firewall inside and out with this compilation of resources on firewall vulnerabilities, configuration and more.Continue Reading

• Survey: Firewall rules sprawl makes firewall policy management a mess

  Bloated firewall rules are making security unmanageable and audits a nightmare, according to a survey by firewall management vendor Athena.Continue Reading

• PDF download: Information Security magazine July/August 2012

  In this issue, learn pen testing best practices and how to build an internal pen testing team.Continue Reading

• How to pen test: Why you need an internal security pen testing program

  Learn pen testing best practices and how to build an internal pen testing team.Continue Reading

• Securing SharePoint: SharePoint security best practices

  SharePoint has become ubiquitous in the enterprise, but organizations can overlook security. Learn SharePoint security best practices in this article.Continue Reading

• LinkedIn password leak: Lessons to be learned from LinkedIn breach

  Breach at the professional networking site highlights password practices, storage procedures.Continue Reading

• Network Forensics: Tracking Hackers through Cyberspace

  Authors Sherri Davidoff and Jonathan Ham discuss the benefits of Web proxies and caching for forensic analysts in this chapter excerpt from their co-authored book, Network Forensics: Tracking Hackers through Cyberspace.Continue Reading

• Privilege access management: User account provisioning best practices

  Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.'Continue Reading

• PDF download: Information Security magazine June 2012

  In this issue, learn how organizations are overcoming challenges in sharing cyberthreat information.Continue Reading

• Secure remote access best practices: Guidelines for the enterprise

  Remote access threats are on the rise. Use expert Randall Gamby's secure remote access best practices to help users make good security decisions.Continue Reading

• MDM architecture considerations for enterprise identity management

  Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture.Continue Reading

• Password compliance and password management for PCI DSS

  Can poor password management lead to PCI DSS non-compliance? Mike Chapple outlines key password compliance best practices.Continue Reading

• Cybersecurity information sharing initiatives on the rise

  Businesses and government agencies work to improve sharing of cyberthreat information.Continue Reading

• Challenges with data protection in the cloud

  Capabilities such as encryption and DLP can be complicated in the cloud.Continue Reading

• Information security threats: Building risk resilience

  Enterprises need an agile risk management strategy to deal with today’s evolving threats.Continue Reading

• Division of CISO responsibilities may prevent burnout

  CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.Continue Reading

• PDF download: Information Security magazine May 2012

  In this issue, security expert Lisa Phifer examines mobile device management technology.Continue Reading

• Mobile device management systems help mitigate BYOD risks

  Understand the benefits and limitations of multi-platform MDM technology.Continue Reading

• Cybersecurity education vs. cybersecurity training

  Security professionals need to understand the difference and plan accordingly.Continue Reading

• Security staffing: Why information security positions go unfilled

  Be aware of potential roadblocks and adjust your recruiting accordingly.Continue Reading

• SIEM vs. DAM technology: Enterprise DAM implementation best practices

  Mike Cobb analyzes the differences between a SIEM and DAM implementation and how to successfully configure an enterprise DAM.Continue Reading

• DoS attack responses demand better business continuity plans

  Expert Nick Lewis says an effective DoS attack responses demand better business continuity plans, including pre-negotiating with providers.Continue Reading

• Security School: Cloud app security best practices

  In this Security School lesson, expert Diana Kelley examines what enterprises need to know about application security in the cloud.Continue Reading

• PDF download: Information Security magazine April 2012

  In this issue, read about enterprise requirements for unified threat management systems. Also read about tokenization and AMI security issues.Continue Reading

• UTM for the enterprise

  Unified threat management isn’t just for the SMB market anymore.Continue Reading

• Secure remote access? Security-related remote access problems abound

  Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore.Continue Reading

• Understanding tokenization: What is tokenization and when to use it

  Tokenization protects sensitive data to reduce the compliance burden.Continue Reading

• Security event log management, analysis needs effective ways to search log files

  Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Continue Reading

• Dynamic authorization vs. other access management technologies

  Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.Continue Reading

• Managing remote employees: How to secure remote network access

  This SearchSecurity.com mini learning guide is a compilation of tips from our experts on how to secure remote network access. The guide offers best practices for managing remote employees and helping them set up a secure home network, as well as ...Continue Reading

• Secure network architecture best practices: DMZ and VLAN security

  This mini learning guide will cover best practices for achieving and maintaining a secure network architecture, discussing several aspects of DMZ security and VLAN security.Continue Reading

• PDF download: Information Security magazine March 2012

  This month's features include a discussion of how SIEM technology can help an organization if implemented properly, and an in-depth analysis of how the RSA breach impacted the industry.Continue Reading

• The RSA breach: One year later

  The attack on RSA shook the security industry to its core: A look at the breach’s far reaching impact.Continue Reading

• NGFW: Getting clarity on next-gen firewall features

  There’s a lot of hype about next-generation firewalls. Here’s what you need to know.Continue Reading

• A framework for big data security

  Organizations are entranced with big data but need to acknowledge the security risks and plan accordingly.Continue Reading

• Book chapter: Social media security policy best practices

  The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.Continue Reading

• Mobile device protection: Tackling mobile device security risks

  Managing mobile device risks tops the list of priorities for security pros this year.Continue Reading

• Tackling SSL vulnerabilities for secure online transactions

  A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Continue Reading

• BIOS management best practices: BIOS patches and BIOS updates

  Amid growing concern over BIOS threats, expert Mike Cobb discusses how organizations should manage BIOS patches and BIOS updates.Continue Reading

• Enterprise user de-provisioning best practices: How to efficiently revoke access

  Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.Continue Reading

• Talking with lawyers: How to manage information security legal issues

  Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.Continue Reading

• Privileged account policy: Securely managing privileged accounts

  Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information.Continue Reading

• Privileged user access management: How to avoid access creep

  One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check.Continue Reading

• PDF download: Information Security magazine December 2011

  This issue of Information Security features a firsthand account of the Windows Vista security review. Also learn about enterprise digital rights management best practices.Continue Reading

• Web server encryption: Enterprise website encryption best practices

  Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.Continue Reading

• The need for cloud computing security standards

  Cloud computing needs security standards and widely adopted security practices in order to become a viable choice for the enterprise.Continue Reading

• Alternatives to passwords: Replacing the ubiquitous authenticator

  As the relative security of passwords falters, are they destined for obscurity?Continue Reading

• Modern security management strategy requires security separation of duties

  Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.Continue Reading

• PDF download: Information Security magazine November 2011

  This issue of Information Security looks at the security provided by virtual desktop infrastructure, how cybercriminals are increasingly targeting SMBs, and factors that can skew risk analysis.Continue Reading

• Marcus Ranum chat: Information security monitoring

  Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.Continue Reading

• The lack of computer security: We’re all responsible

  We all have an explanation for weak security, but everyone needs to do their part to improve it.Continue Reading

• Overcoming obstacles in the security risk assessment process

  An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.Continue Reading

• VDI security supports active protection strategies

  ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.Continue Reading

• How to create a problem management process flow to minimize incidents

  Most organizations have an incident response team, but how many have a problem management team? Michael Cobb explains how problem management can prevent incidents.Continue Reading

• Managing toolbars and other third-party browser extensions

  Third-party browser extensions like toolbars can jeopardize client security. Expert Michael Cobb discusses what can be done to manage these risks.Continue Reading

• Information Security magazine online October 2011

  Learn who won this year's Security 7 Award.Continue Reading

• Managing application permissions through isolated storage

  Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files.Continue Reading

• Best practices for enterprise database compliance

  Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Get an understanding of key database compliance essentials.Continue Reading

• Zero-day vulnerabilities and the patch management process: To test or not to test?

  Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing.Continue Reading

• Vulnerability management program has unexpected benefits

  Security 7 Award winner, Brian Wishnousky of Rogers Communications explains how to get the best actionable data from a vulnerability management program to fill patching gaps and uncover rogue devices.Continue Reading

• Emergency tabletop exercises enable effective crisis planning

  Emergency tabletop exercises with real-world scenarios enable effective crisis planning, incident response and disaster recovery. Security 7 Award winner, Matthew Todd of Financial Engines explores the key components of effective tabletop disaster ...Continue Reading

• Secure online payment system requires end-to-end encryption

  The online payment ecosystem is a prime target for cybercriminals. Security 7 Award winner, Steven Elefant, formerly of Heartland Payment Systems, explains why end-to-end encryption is needed to maintain the integrity of transactions carried out ...Continue Reading

• Remediating IT vulnerabilities: Quick hits for risk prioritization

  There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization.Continue Reading

• Role-based access control for effective security management

  Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging.Continue Reading

• Information Security magazine online September 2011

  Learn who won this year's Readers' Choice Awards. Also read about the vulnerability management lifecycle and more.Continue Reading

• XACML tutorial: Using XACML as a foundation for entitlement management

  Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.Continue Reading

• Secure coding best practices: PHP and programming language security

  Michael Cobb explains how proper secure coding training is much more important than PHP programming language security.Continue Reading

• Framework for building a vulnerability management lifecycle, program

  A robust vulnerability management program requires the integration of inventory, change and configuration management.Continue Reading

• URL shortening security best practices

  Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly.Continue Reading

• Information Security magazine online July-August 2011

  This issue of Information Security looks at how organizations can build counter threat operations.Continue Reading

• Mitigating security risks of mobile location-based services technology

  What can enterprises do to mitigate the security risk of mobile location-based services technology and the like? Start by limiting smartphone apps.Continue Reading

• IT patch management best practices: Overcoming the challenges

  This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes.Continue Reading

• Understanding iPad security concerns for better iPad enterprise management

  Are iPad security concerns burdening your company’s adoption of the technology? Expert Michael Cobb discusses common security concerns and iPad enterprise management issues.Continue Reading

• Business partner security: Managing business risk

  Allowing outside business partner access to your systems and data always comes with some level of risk. Nick Lewis examines what those risks are and strategies for managing business risk.Continue Reading

• The threat landscape and Web 2.0 technologies

  The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Continue Reading

• Information Security magazine online June 2011

  This issue of Information Security examines how companies can securely manage user-owned mobile devices in the enterprise.Continue Reading

• Using an IAM maturity model to hone identity and access management strategy

  Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy.Continue Reading

• Information Security magazine online May 2011

  This issue of Information Security examines how enterprises can streamline compliance by building a robust data protection program.Continue Reading

• Maiffret: Configuration changes, attack mitigation can reduce attack surface

  A new report produced by noted security researcher Marc Maiffret outlines free steps companies can take to greatly reduce the attack surface.Continue Reading

• Gaining awareness to prevent social engineering techniques, attacks

  Cybercriminals are using social engineering fueled by social media to attack users and break into companies.Continue Reading