Manage

Manage

Learn to apply best practices and optimize your operations.

• Gaining awareness to prevent social engineering techniques, attacks

  Cybercriminals are using social engineering fueled by social media to attack users and break into companies. Continue Reading

• Top 5 mobile data protection best practices

  In this tip, we highlight five essential best practices for protecting business data stored on mobile devices and tablets, and identify readily available technologies that can be used to implement them. Continue Reading

• Application whitelisting: an extra layer of malware defense

  Application whitelisting was hyped as an antivirus killer. Its real role is serving as an added weapon in the battle against malware. Continue Reading

• Key steps for security incident response planning

  Security incidents are going to happen. Don't get caught flat footed. Continue Reading

• Antivirus vendors go beyond signature-based antivirus

  Security vendors are adding new capabilities into their products to keep up with the surge in malware. Continue Reading

• Database monitoring best practices: Using DAM tools

  To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.Continue Reading

• Identity and access management concepts and predictions to watch in 2011

  Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.Continue Reading

• Best practices for securing virtual machines

  This month’s Information Security magazine explores the need for sound security and risk management strategies around virtualization technology. You'll also get expert advice and learn about the latest best practices for securing virtual machines. ...Continue Reading

• Managing client-side security with patch management best practices

  Attacks on applications like Adobe Reader and Java require effective and timely patching of user systems.Continue Reading

• Virtualization 101: Best practices for securing virtual machines

  VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.Continue Reading

• Choosing the right information security risk assessment framework

  There are a lot of risk assessment frameworks out there. Here's what you need to know in order to pick the right one.Continue Reading

• Social networking best practices for preventing social network malware

  Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.Continue Reading

• The state of critical infrastructure security

  Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late?Continue Reading

• Schneier-Ranum Face-Off on whitelisting and blacklisting

  Security experts Bruce Schneier and Marcus Ranum debate whether network security should be based on whitelisting or blacklisting.Continue Reading

• Enforcing endpoint security

  Enforcing endpoint security requires careful planning and deployment.Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.Continue Reading

• Linux security best practices for Linux server systems

  Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems.Continue Reading

• Understanding the Data Accountability and Trust Act

  The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.Continue Reading

• Career advantages of security professional certifications and advanced degrees

  Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.Continue Reading

• Disaster recovery and contingency planning security considerations

  Security must be included in disaster recovery planning to ensure sensitive data is protected.Continue Reading

• Security management plan reveals essential business security upgrades

  As companies create their security management plan for the coming year, they should look to upgrades in Linux and Windows operating systems, Adobe applications and Internet browsers to improve their overall security position.Continue Reading

• User provisioning best practices: Access recertification

  User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification ...Continue Reading

• Outsourcing data center services: SMB security best practices

  Learn best practices for outsourcing data center services and about the security and compliance considerations that influence whether an SMB should outsource data center services.Continue Reading

• Due diligence processes for cloud computing compliance

  Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.Continue Reading

• How to use an automated user provisioning system for access control

  Re-architect your provisioning system into a first line of defense for access management.Continue Reading

• Holistic fraud reduction through customer security management

  Monitoring customer behavior across multiple channels would help banks fight fraud, but today's fraud detection technology isn't there yet. In this tip, financial services expert Jerry Silva explains how banks could benefit from the concept of "...Continue Reading

• Merger management: How to handle potential merger threats to security

  During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.Continue Reading

• Database security best practices: Tuning database audit tools

  Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip.Continue Reading

• Data classification best practices in financial services

  Data classification is critical in the highly regulated financial industry. Learn key steps for data classification.Continue Reading

• Microsoft IIS 7 security best practices

  Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.Continue Reading

• Learn about database security auditing tools

  Database administrators are overcoming their distaste for database auditing tools; compliance and security are turning the tide.Continue Reading

• How to build an effective information security awareness program

  The "people problem" continues to hamper information security efforts; what can be done about it?Continue Reading

• Validating ERP system security and ERP best practices

  Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.Continue Reading

• IBM to acquire OpenPages for GRC, operational risk management

  OpenPages will be integrated with IBM's business analytics software portfolio.Continue Reading

• Web 2.0 security threats and how to defend against them

  The collaborative nature of Web 2.0 introduces myriad threats to data that must be proactively countered.Continue Reading

• Self-service user identity management: Pitfalls and processes

  While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues.Continue Reading

• Identity management federation best practices

  Outsourcing is necessary in the financial industry, but establishing secure partner communications can be difficult. Learn some best practices for implementing identity management federation.Continue Reading

• How to use NeXpose: Free enterprise vulnerability management tools

  Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases.Continue Reading

• Opinion: Security information sharing is a shared responsibility

  Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.Continue Reading

• Windows 7 security guide: Best practices on security for Windows 7

  Are you preparing for a Windows 7 upgrade? Our latest learning guide reviews the new and improved security features of the new and improved operating system.Continue Reading

• Unmasking data masking techniques in the enterprise

  Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros should endorse its use in order to keep production ...Continue Reading

• Fake antivirus pop-up scams: Forming a security awareness training plan

  Rogue antimalware programs have been around for a while, and, according to a recent Google report, are more prominent and more difficult to detect than ever before. In this expert tip, Michael Cobb explains how to train employees to deal with these ...Continue Reading

• Data masking best practices for protecting sensitive information

  Protection of customer data is critical for financial services firms but encryption isn't the only option. Learn key considerations for data masking.Continue Reading

• FTP security best practices for the enterprise

  FTP is easy and commonly used in the enterprise, but is it secure? Anand Sastry discusses its security shortcomings, best practices for securing FTP in the enterprise and FTP alternatives that may be even more secure.Continue Reading

• Quiz: Application and network log management program planning

  Find out how much you've retained from the Application and log management program planning Security School lesson.Continue Reading

• How to use a PDF redaction tool with a redacted document policy

  It may seem rudimentary, but sensitive data commonly leaks out of corporate networks in plain sight in the form of un-redacted documents. Such files -- those still containing hidden data or Microsoft "Track Changes" data -- can potentially lead to ...Continue Reading

• Understanding the advanced persistent threat

  Think you know all you need to know about the advanced persistent threat? We'll define APT and dispel a few myths.Continue Reading

• Building an information security skills matrix

  Your information security skills matrix – that connection between your tangible skills and personal qualities – is what separates you from your peers.Continue Reading

• Insecure software: A never-ending saga

  Insecure software has been a long-standing issue in the industry. Progress on secure software development is critical.Continue Reading

• The pros and cons of security software-as-a-service

  Security software-as-a-service can help organizations reduce security headaches but also can present challenges.Continue Reading

• Utilizing a hash function algorithm to help secure data

  Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code.Continue Reading

• Why it's important to turn on DEP and ASLR Windows security features

  In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on.Continue Reading

• USB thumb drive security best practices spelled out by NIST

  The National Institute of Standards and Technology's own policies and technical requirements on USB thumb drive security furnish other federal agencies with a de facto set of best practices.Continue Reading

• Your USB port management options

  When it comes to managing USB ports, the choice is yours. Mike Chapple reviews your three best options.Continue Reading

• Weighing the risk of hiring hackers

  Bruce Schneier and Marcus Ranum debate the risks associated with hiring hackers.Continue Reading

• Use full disk or file/folder encryption for laptop data security

  Learn about the options for protecting laptop data, including full disk encryption and file/folder encryption, and their associated deployment and management challenges.Continue Reading

• Enterprise PDF attack prevention best practices

  Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.Continue Reading

• Identity management SSO security: Hardening single sign-on systems

  Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby.Continue Reading

• Static source code analysis tools: Pros and cons

  Static source code analysis tools can greatly improve application security, but it takes knowledge and expertise to use them correctly. Expert Michael Cobb explains why.Continue Reading

• Creating a security risk management plan format

  Enterprises without a codified risk management plan are much more susceptible to threats. In this expert response from Ernie Hayden, learn how to create a risk management plan that covers all the bases.Continue Reading

• MD5 security: Time to migrate to SHA-1 hash algorithm?

  Many organizations have been replacing the MD5 hash algorithm with the SHA-1 hash function, but can the MD5 hash algorithm still be used securely?Continue Reading

• How to manage compliance as Chief Information Security Officer (CISO)

  When it comes to IT compliance management, creating an effective compliance program is one of many jobs of a Chief Information Security Officer (CISO). In this tip from security management expert Ernie Hayden, learn how to create such a program.Continue Reading

• FFIEC security requirements: Physical security management and logging

  In this expert response from Ernie Hayden, learn about FFIEC security requirements for creating physical security logs.Continue Reading

• Using fuzzing for internal application security testing

  Superstar security researchers often use fuzzing to find flaws in major vendors' applications, and you can use fuzzers to find vulnerabilities during internal software development. Expert Michael Cobb explains how.Continue Reading

• Aite Group: Take action now to manage remote deposit capture risks

  Fraud losses involving RDC technology have the potential to skyrocket if banks don't work proactively to deal with the risks, research firm says.Continue Reading

• Create a data breach response plan in 10 easy steps

  Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan.Continue Reading

• Microsoft Windows 7 security features

  Microsoft Windows 7 security aims to improve security without the headaches of Vista.Continue Reading

• Database activity monitoring keeps watch over your data

  Database activity monitoring can help with security and compliance by tracking everything going on in the database.Continue Reading

• The real information security risk equation

  A simplified information security risk equation helps translate information security risk to users.Continue Reading

• Four steps toward a plan for a career in information security

  Having a long-term goal for a career in information security isn't enough. Here are four key steps for planning for a career in information security.Continue Reading

• Creating a user account management policy to delete old accounts

  If you're not deleting orphaned accounts, you may be leaving the door wide open to attackers. In this expert response from Randall Gamby, learn how to create an effective user account management policy for getting rid of old accounts.Continue Reading

• How to configure IIS authorization and manager permissions

  David Shackleford reviews authorization rules that will help you secure your IIS 7 Web server.Continue Reading

• Removable storage device endpoint security and control

  Endpoint security and control for devices like thumb drives, SIM cards and mobile devices can no longer be ignored.Continue Reading

• SANS Top 25 programming errors: Application security best practices

  Learn the SANS Top 25 programming errors and the best practices for application security.Continue Reading

• Creating a proactive enterprise security incident response program

  Every organization should develop a proactive security incident response program to ensure that when an incident does occur, it can be handled quickly and efficiently. Contributor Marcos Christodonte II explains how.Continue Reading

• DBMS security: Data warehouse advantages

  Are there data warehouse advantages in regard to security? Without question. Michael Cobb explains.Continue Reading

• OpenOffice security: Concerns when moving from Microsoft Office

  What are the major OpenOffice security concerns when transitioning from Microsoft Office? Security expert Michael Cobb explains the potential vulnerabilities between open source and commercial software.Continue Reading

• IT security policy management: Effective polices to mitigate threats

  In this mini guide, you will gain a better understanding of IT security policy management and learn how to create an effective IT security policy, how to ensure security polices are managed appropriately, best practices for policy implementation and...Continue Reading

• How risk management standards can work for enterprise IT

  Every organization should be able to articulate how IT threats can harm a business. Forrester Research Analyst Chris McClean explains how a five-step risk management strategy, based on a risk management standard like ISO 31000, makes it easier to ...Continue Reading

• The benefits of application proxy firewalls

  Michael Cobb explains the benefits of application proxy firewalls as compared to other firewall technologies including packet filtering firewalls and stateful inspection firewalls or circuit-level gateways.Continue Reading

• Advanced Encryption Standard and AES ciphers: Can they be cracked?

  No encryption standard is unbreakable, but Advanced Encryption Standard may come close. Michael Cobb discusses why AES ciphers are so tough to beat.Continue Reading

• Creating meaningful information security metrics

  Learn how to develop an effective information security metrics program and pitfalls to avoid.Continue Reading

• Preventing iPhone spying and other mobile management tips

  So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question.Continue Reading

• Can secure FTP services protect sensitive data from hackers?

  Does secure FTP services protect against hackers and attacks? In this expert response, Michael Cobb explains why using a secure FTP service is vital for handling sensitive data transfers.Continue Reading

• Best practices: Separation of duties for security administrators

  In this Q&A, expert Michael Cobb explores separation of duties for security administrators with access to domain controllers and servers running Windows, UNIX and Linux.Continue Reading

• Improving software with the Building Security in Maturity Model (BSIMM)

  Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)?Continue Reading

• Tips for writing secure SQL database code

  Writing secure code is always a challenge, but it is particularly necessary for SQL databases that would otherwise be vulnerable to SQL injection attacks. Get tips on how to write secure SQL database code in this expert response.Continue Reading

• Endpoint DLP fills data protection gap

  Learn how endpoint data loss prevention technology complements network DLP and secures data that users interact with on laptops, mobile and portable storage devices.Continue Reading

• Considerations for buying and implementing DLP solutions

  Financial institutions are looking to data loss prevention solutions to prevent costly data security breaches. In this tip, Dave Shackleford explains key issues to weigh before buying and installing a DLP product.Continue Reading

• PuTTY configuration tips: How to connect to remote network systems

  Peter Giannoulis reviews PuTTY and explains how to use the Windows-based program as an SSH, telnet and rlogin client.Continue Reading

• How to prevent memory dump attacks

  Because databases are often encrypted, some attackers have switched to memory dump attacks. Michael Cobb explains how to protect your unencrypted transactions.Continue Reading

• Manage access to social networking sites with an acceptable use policy

  Social networking sites can cause security issues, but sites like Twitter and Facebook can also open up significant business opportunities. Learn how to manage employee access to social networking sites to make sure only those employees who need ...Continue Reading

• Weighing the pros and cons of end-to-end encryption and tokenization

  With PCI DSS and other compliance requirements, organizations are looking for surefire solutions to protect payment card and other sensitive data. Tokenization and end-to-end encryption have emerged as promising technologies, but as Dave Shackleford...Continue Reading

• Carefully evaluate providers' SaaS security model

  Enterprises need to make sure a SaaS provider has the proper security controls to protect sensitive data before a contract is signedContinue Reading

• Writing security policies using a taxonomy-based approach

  Forget structure-driven policy architecture; we'll show you how to build information security policy artifacts using a taxonomy approach that will help you build global policies in a snap.Continue Reading

• Basic Database Security: Step by Step

  Use this checklist to ensure you're following the basics for securing database systems.Continue Reading

• Risk-based multifactor authentication implementation best practices

  A multifactor authentication implementation can be a hard sell to enterprise executives and users alike. In this tip, learn four key strategies to ensure that both groups understand and support the project.Continue Reading

• How do hackers bypass a code signing procedure to inject malware

  In this expert Q&A, Michael Cobb reveals how malicious applications can actually be approved by Symbian's Express Signing procedure.Continue Reading

• Quiz: Compliance-driven role management

  Use this five-question quiz to test your knowledge of role and entitlement management.Continue Reading

• Identity lifecycle management for security and compliance

  Enterprise identities and their associated roles need to be provisioned for access to a variety of services and systems around the organization. In many cases, the entitlements provided to these various entities have a significant effect on ...Continue Reading