Manage

Manage

Learn to apply best practices and optimize your operations.

• The state of critical infrastructure security

  Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late? Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance. Continue Reading

• Linux security best practices for Linux server systems

  Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems. Continue Reading

• Identity management maturity model

  Learn about identity management and its capabilities in a detailed maturity model that highlights people, process and technology. Continue Reading

• Secure VoIP tutorial: Understanding VoIP security best practices

  More organizations are choosing to implement VoIP telephony in the enterprise for its cost savings. However, securing the technology comes with its own price tag. This secure VoIP tutorial is a compilation of resources that review VoIP security best... Continue Reading

• Guide to managing identities and access control

  SearchSecurity.com presents a comprehensive guide to managing user identities and access control within the enterprise. Our experts cover all the angles with technical advice on: centralized identity management; the importance of uniting IAM and ...Continue Reading

• Understanding the Data Accountability and Trust Act

  The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.Continue Reading

• Disaster recovery and contingency planning security considerations

  Security must be included in disaster recovery planning to ensure sensitive data is protected.Continue Reading

• Vendor risk management and the CISO

  The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.Continue Reading

• Career advantages of security professional certifications and advanced degrees

  Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.Continue Reading

• Security management plan reveals essential business security upgrades

  As companies create their security management plan for the coming year, they should look to upgrades in Linux and Windows operating systems, Adobe applications and Internet browsers to improve their overall security position.Continue Reading

• User provisioning best practices: Access recertification

  User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification ...Continue Reading

• Outsourcing data center services: SMB security best practices

  Learn best practices for outsourcing data center services and about the security and compliance considerations that influence whether an SMB should outsource data center services.Continue Reading

• Due diligence processes for cloud computing compliance

  Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.Continue Reading

• How to use an automated user provisioning system for access control

  Re-architect your provisioning system into a first line of defense for access management.Continue Reading

• Holistic fraud reduction through customer security management

  Monitoring customer behavior across multiple channels would help banks fight fraud, but today's fraud detection technology isn't there yet. In this tip, financial services expert Jerry Silva explains how banks could benefit from the concept of "...Continue Reading

• Merger management: How to handle potential merger threats to security

  During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.Continue Reading

• Database security best practices: Tuning database audit tools

  Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip.Continue Reading

• Microsoft IIS 7 security best practices

  Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.Continue Reading

• Data classification best practices in financial services

  Data classification is critical in the highly regulated financial industry. Learn key steps for data classification.Continue Reading

• Information security risk tolerance

  Has regulatory and other guidance missed the most important aspect of information security?Continue Reading

• Learn about database security auditing tools

  Database administrators are overcoming their distaste for database auditing tools; compliance and security are turning the tide.Continue Reading

• How to build an effective information security awareness program

  The "people problem" continues to hamper information security efforts; what can be done about it?Continue Reading

• Validating ERP system security and ERP best practices

  Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.Continue Reading

• IBM to acquire OpenPages for GRC, operational risk management

  OpenPages will be integrated with IBM's business analytics software portfolio.Continue Reading

• Web 2.0 security threats and how to defend against them

  The collaborative nature of Web 2.0 introduces myriad threats to data that must be proactively countered.Continue Reading

• Self-service user identity management: Pitfalls and processes

  While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues.Continue Reading

• Identity management federation best practices

  Outsourcing is necessary in the financial industry, but establishing secure partner communications can be difficult. Learn some best practices for implementing identity management federation.Continue Reading

• Opinion: Security information sharing is a shared responsibility

  Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.Continue Reading

• Windows 7 security guide: Best practices on security for Windows 7

  Are you preparing for a Windows 7 upgrade? Our latest learning guide reviews the new and improved security features of the new and improved operating system.Continue Reading

• Unmasking data masking techniques in the enterprise

  Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros should endorse its use in order to keep production ...Continue Reading

• Fake antivirus pop-up scams: Forming a security awareness training plan

  Rogue antimalware programs have been around for a while, and, according to a recent Google report, are more prominent and more difficult to detect than ever before. In this expert tip, Michael Cobb explains how to train employees to deal with these ...Continue Reading

• Data masking best practices for protecting sensitive information

  Protection of customer data is critical for financial services firms but encryption isn't the only option. Learn key considerations for data masking.Continue Reading

• FTP security best practices for the enterprise

  FTP is easy and commonly used in the enterprise, but is it secure? Anand Sastry discusses its security shortcomings, best practices for securing FTP in the enterprise and FTP alternatives that may be even more secure.Continue Reading

• Managing remote workers: Musts for setting up a secure home network

  Is it the enterprise's responsibility to ensure that remote workers' home networks are secure? And, if so, how should they do it? Get expert advice from Nick Lewis.Continue Reading

• Quiz: Application and network log management program planning

  Find out how much you've retained from the Application and log management program planning Security School lesson.Continue Reading

• How to use a PDF redaction tool with a redacted document policy

  It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microsoft "Track Changes" data -- can potentially lead to ...Continue Reading

• Insecure software: A never-ending saga

  Insecure software has been a long-standing issue in the industry. Progress on secure software development is critical.Continue Reading

• Building an information security skills matrix

  Your information security skills matrix – that connection between your tangible skills and personal qualities – is what separates you from your peers.Continue Reading

• Understanding the advanced persistent threat

  Think you know all you need to know about the advanced persistent threat? We'll define APT and dispel a few myths.Continue Reading

• The pros and cons of security software-as-a-service

  Security software-as-a-service can help organizations reduce security headaches but also can present challenges.Continue Reading

• Utilizing a hash function algorithm to help secure data

  Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code.Continue Reading

• Why it's important to turn on DEP and ASLR Windows security features

  In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on.Continue Reading

• USB thumb drive security best practices spelled out by NIST

  The National Institute of Standards and Technology's own policies and technical requirements on USB thumb drive security furnish other federal agencies with a de facto set of best practices.Continue Reading

• Your USB port management options

  When it comes to managing USB ports, the choice is yours. Mike Chapple reviews your three best options.Continue Reading

• Weighing the risk of hiring hackers

  Bruce Schneier and Marcus Ranum debate the risks associated with hiring hackers.Continue Reading

• Use full disk or file/folder encryption for laptop data security

  Learn about the options for protecting laptop data, including full disk encryption and file/folder encryption, and their associated deployment and management challenges.Continue Reading

• Cloud computing risks and how to manage them

  Cloud computing alters enterprise risk. Here's what you need to know in order to safely navigate the cloud.Continue Reading

• Demystifying governance, risk and compliance

  GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.Continue Reading

• Enterprise PDF attack prevention best practices

  Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.Continue Reading

• Identity management SSO security: Hardening single sign-on systems

  Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby.Continue Reading

• Static source code analysis tools: Pros and cons

  Static source code analysis tools can greatly improve application security, but it takes knowledge and expertise to use them correctly. Expert Michael Cobb explains why.Continue Reading

• Creating a security risk management plan format

  Enterprises without a codified risk management plan are much more susceptible to threats. In this expert response from Ernie Hayden, learn how to create a risk management plan that covers all the bases.Continue Reading

• MD5 security: Time to migrate to SHA-1 hash algorithm?

  Many organizations have been replacing the MD5 hash algorithm with the SHA-1 hash function, but can the MD5 hash algorithm still be used securely?Continue Reading

• FFIEC security requirements: Physical security management and logging

  In this expert response from Ernie Hayden, learn about FFIEC security requirements for creating physical security logs.Continue Reading

• How to manage compliance as Chief Information Security Officer (CISO)

  When it comes to IT compliance management, creating an effective compliance program is one of many jobs of a Chief Information Security Officer (CISO). In this tip from security management expert Ernie Hayden, learn how to create such a program.Continue Reading

• Using fuzzing for internal application security testing

  Superstar security researchers often use fuzzing to find flaws in major vendors' applications, and you can use fuzzers to find vulnerabilities during internal software development. Expert Michael Cobb explains how.Continue Reading

• Choosing an identity and access management architecture

  As most identity management products on the market tend to provide user-centric identity management or provider-centric identity management, which is more secure? In this expert response, Randall Gamby explains how to choose an identity and access ...Continue Reading

• Aite Group: Take action now to manage remote deposit capture risks

  Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.Continue Reading

• Create a data breach response plan in 10 easy steps

  Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan.Continue Reading

• The real information security risk equation

  A simplified information security risk equation helps translate information security risk to users.Continue Reading

• Four steps toward a plan for a career in information security

  Having a long-term goal for a career in information security isn't enough. Here are four key steps for planning for a career in information security.Continue Reading

• Database activity monitoring keeps watch over your data

  Database activity monitoring can help with security and compliance by tracking everything going on in the database.Continue Reading

• Microsoft Windows 7 security features

  Microsoft Windows 7 security aims to improve security without the headaches of Vista.Continue Reading

• Creating a user account management policy to delete old accounts

  If you're not deleting orphaned accounts, you may be leaving the door wide open to attackers. In this expert response from Randall Gamby, learn how to create an effective user account management policy for getting rid of old accounts.Continue Reading

• How to configure IIS authorization and manager permissions

  David Shackleford reviews authorization rules that will help you secure your IIS 7 Web server.Continue Reading

• Removable storage device endpoint security and control

  Endpoint security and control for devices like thumb drives, SIM cards and mobile devices can no longer be ignored.Continue Reading

• Cloud computing legal issues

  Lawyers have a lot of concerns about cloud computing services. Learn about cloud computing legal issuesContinue Reading

• Creating a proactive enterprise security incident response program

  Every organization should develop a proactive security incident response program to ensure that when an incident does occur, it can be handled quickly and efficiently. Contributor Marcos Christodonte II explains how.Continue Reading

• SANS Top 25 programming errors: Application security best practices

  Learn the SANS Top 25 programming errors and the best practices for application security.Continue Reading

• DBMS security: Data warehouse advantages

  Are there data warehouse advantages in regard to security? Without question. Michael Cobb explains.Continue Reading

• OpenOffice security: Concerns when moving from Microsoft Office

  What are the major OpenOffice security concerns when transitioning from Microsoft Office? Security expert Michael Cobb explains the potential vulnerabilities between open source and commercial software.Continue Reading

• IT security policy management: Effective polices to mitigate threats

  In this mini guide, you will gain a better understanding of IT security policy management and learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and...Continue Reading

• How risk management standards can work for enterprise IT

  Every organization should be able to articulate how IT threats can harm a business. Forrester Research Analyst Chris McClean explains how a five-step risk management strategy, based on a risk management standard like ISO 31000, makes it easier to ...Continue Reading

• The benefits of application proxy firewalls

  Michael Cobb explains the benefits of application proxy firewalls as compared to other firewall technologies including packet filtering firewalls and stateful inspection firewalls or circuit-level gateways.Continue Reading

• Advanced Encryption Standard and AES ciphers: Can they be cracked?

  No encryption standard is unbreakable, but Advanced Encryption Standard may come close. Michael Cobb discusses why AES ciphers are so tough to beat.Continue Reading

• Develop an effective information security career plan

  A successful career in information security requires an effective information security career planContinue Reading

• HITECH Act increases HIPAA security requirements

  HIPAA security compliance has been a mixed bag but HITECH ups the anteContinue Reading

• Creating meaningful information security metrics

  Learn how to develop an effective information security metrics program and pitfalls to avoid.Continue Reading

• Preventing iPhone spying and other mobile management tips

  So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question.Continue Reading

• How secure is an email with a .pdf attachment?

  Sending sensitive information in an email or as an attachment is unsafe, and depending on your organization's security policies, could land you in a lot of trouble. Michael Cobb explains why.Continue Reading

• Can secure FTP services protect sensitive data from hackers?

  Does secure FTP services protect against hackers and attacks? In this expert response, Michael Cobb explains why using a secure FTP service is vital for handling sensitive data transfers.Continue Reading

• Best practices: Separation of duties for security administrators

  In this Q&A, expert Michael Cobb explores separation of duties for security administrators with access to domain controllers and servers running Windows, UNIX and Linux.Continue Reading

• Improving software with the Building Security in Maturity Model (BSIMM)

  Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)?Continue Reading

• Tips for writing secure SQL database code

  Writing secure code is always a challenge, but it is particularly necessary for SQL databases that would otherwise be vulnerable to SQL injection attacks. Get tips on how to write secure SQL database code in this expert response.Continue Reading

• Endpoint DLP fills data protection gap

  Learn how endpoint data loss prevention technology complements network DLP and secures data that users interact with on laptops, mobile and portable storage devices.Continue Reading

• Considerations for buying and implementing DLP solutions

  Financial institutions are looking to data loss prevention solutions to prevent costly data security breaches. In this tip, Dave Shackleford explains key issues to weigh before buying and installing a DLP product.Continue Reading

• PuTTY configuration tips: How to connect to remote network systems

  Peter Giannoulis reviews PuTTY and explains how to use the Windows-based program as an SSH, telnet and rlogin client.Continue Reading

• How to prevent memory dump attacks

  Because databases are often encrypted, some attackers have switched to memory dump attacks. Michael Cobb explains how to protect your unencrypted transactions.Continue Reading

• Manage access to social networking sites with an acceptable use policy

  Social networking sites can cause security issues, but sites like Twitter and Facebook can also open up significant business opportunities. Learn how to manage employee access to social networking sites to make sure only those employees who need ...Continue Reading

• Weighing the pros and cons of end-to-end encryption and tokenization

  With PCI DSS and other compliance requirements, organizations are looking for surefire solutions to protect payment card and other sensitive data. Tokenization and end-to-end encryption have emerged as promising technologies, but as Dave Shackleford...Continue Reading

• Writing security policies using a taxonomy-based approach

  Forget structure-driven policy architecture; we'll show you how to build information security policy artifacts using a taxonomy approach that will help you build global policies in a snap.Continue Reading

• Carefully evaluate providers' SaaS security model

  Enterprises need to make sure a SaaS provider has the proper security controls to protect sensitive data before a contract is signedContinue Reading

• Basic Database Security: Step by Step

  Use this checklist to ensure you're following the basics for securing database systems.Continue Reading

• Risk-based multifactor authentication implementation best practices

  A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. In this tip, learn four key strategies to ensure that both groups understand and support the project.Continue Reading

• How do hackers bypass a code signing procedure to inject malware

  In this expert Q&A, Michael Cobb reveals how malicious applications can actually be approved by Symbian's Express Signing procedure.Continue Reading

• Quiz: Compliance-driven role management

  Use this five-question quiz to test your knowledge of role and entitlement management.Continue Reading

• Identity lifecycle management for security and compliance

  Enterprise identities and their associated roles need to be provisioned for access to a variety of services and systems around the organization. In many cases, the entitlements provided to these various entities have a significant effect on ...Continue Reading

• Multifactor authentication options to secure online banking

  Banks are required to deploy multifactor authentication to secure online banking and meet FFIEC requirements. In this tip, Dave Shackleford describes some of the pros and cons associated with traditional forms of multifactor authentication as well ...Continue Reading

• How to use single sign-on (SSO) for a server configuration

  Using SSO for a server configuration can be done a few different ways. Learn more in this expert response from Randall Gamby.Continue Reading