Manage

Manage

Learn to apply best practices and optimize your operations.

• DoS attack responses demand better business continuity plans

  Expert Nick Lewis says an effective DoS attack responses demand better business continuity plans, including pre-negotiating with providers. Continue Reading

• Security School: Cloud app security best practices

  In this Security School lesson, expert Diana Kelley examines what enterprises need to know about application security in the cloud. Continue Reading

• PDF download: Information Security magazine April 2012

  In this issue, read about enterprise requirements for unified threat management systems. Also read about tokenization and AMI security issues. Continue Reading

• UTM for the enterprise

  Unified threat management isn’t just for the SMB market anymore. Continue Reading

• Secure remote access? Security-related remote access problems abound

  Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore. Continue Reading

• Understanding tokenization: What is tokenization and when to use it

  Tokenization protects sensitive data to reduce the compliance burden.Continue Reading

• Security event log management, analysis needs effective ways to search log files

  Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Continue Reading

• Dynamic authorization vs. other access management technologies

  Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.Continue Reading

• SaaS access management: Finding the best single sign-on technology

  Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.Continue Reading

• Managing remote employees: How to secure remote network access

  This SearchSecurity.com mini learning guide is a compilation of tips from our experts on how to secure remote network access. The guide offers best practices for managing remote employees and helping them set up a secure home network, as well as ...Continue Reading

• Secure network architecture best practices: DMZ and VLAN security

  This mini learning guide will cover best practices for achieving and maintaining a secure network architecture, discussing several aspects of DMZ security and VLAN security.Continue Reading

• The RSA breach: One year later

  The attack on RSA shook the security industry to its core: A look at the breach’s far reaching impact.Continue Reading

• NGFW: Getting clarity on next-gen firewall features

  There’s a lot of hype about next-generation firewalls. Here’s what you need to know.Continue Reading

• A framework for big data security

  Organizations are entranced with big data but need to acknowledge the security risks and plan accordingly.Continue Reading

• Book chapter: Social media security policy best practices

  The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.Continue Reading

• Mobile device protection: Tackling mobile device security risks

  Managing mobile device risks tops the list of priorities for security pros this year.Continue Reading

• Tackling SSL vulnerabilities for secure online transactions

  A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Continue Reading

• BIOS management best practices: BIOS patches and BIOS updates

  Amid growing concern over BIOS threats, expert Mike Cobb discusses how organizations should manage BIOS patches and BIOS updates.Continue Reading

• Enterprise user de-provisioning best practices: How to efficiently revoke access

  Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.Continue Reading

• Talking with lawyers: How to manage information security legal issues

  Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.Continue Reading

• Privileged account policy: Securely managing privileged accounts

  Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information.Continue Reading

• Privileged user access management: How to avoid access creep

  One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check.Continue Reading

• PDF download: Information Security magazine December 2011

  This issue of Information Security features a firsthand account of the Windows Vista security review. Also learn about enterprise digital rights management best practices.Continue Reading

• Web server encryption: Enterprise website encryption best practices

  Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.Continue Reading

• The need for cloud computing security standards

  Cloud computing needs security standards and widely adopted security practices in order to become a viable choice for the enterprise.Continue Reading

• Alternatives to passwords: Replacing the ubiquitous authenticator

  As the relative security of passwords falters, are they destined for obscurity?Continue Reading

• Modern security management strategy requires security separation of duties

  Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.Continue Reading

• PDF download: Information Security magazine November 2011

  This issue of Information Security looks at the security provided by virtual desktop infrastructure, how cybercriminals are increasingly targeting SMBs, and factors that can skew risk analysis.Continue Reading

• Marcus Ranum chat: Information security monitoring

  Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.Continue Reading

• The lack of computer security: We’re all responsible

  We all have an explanation for weak security, but everyone needs to do their part to improve it.Continue Reading

• Overcoming obstacles in the security risk assessment process

  An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.Continue Reading

• VDI security supports active protection strategies

  ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.Continue Reading

• How to create a problem management process flow to minimize incidents

  Most organizations have an incident response team, but how many have a problem management team? Michael Cobb explains how problem management can prevent incidents.Continue Reading

• Managing toolbars and other third-party browser extensions

  Third-party browser extensions like toolbars can jeopardize client security. Expert Michael Cobb discusses what can be done to manage these risks.Continue Reading

• Managing application permissions through isolated storage

  Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files.Continue Reading

• Best practices for enterprise database compliance

  Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Get an understanding of key database compliance essentials.Continue Reading

• Zero-day vulnerabilities and the patch management process: To test or not to test?

  Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing.Continue Reading

• Vulnerability management program has unexpected benefits

  Security 7 Award winner, Brian Wishnousky of Rogers Communications explains how to get the best actionable data from a vulnerability management program to fill patching gaps and uncover rogue devices.Continue Reading

• Emergency tabletop exercises enable effective crisis planning

  Emergency tabletop exercises with real-world scenarios enable effective crisis planning, incident response and disaster recovery. Security 7 Award winner, Matthew Todd of Financial Engines explores the key components of effective tabletop disaster ...Continue Reading

• Secure online payment system requires end-to-end encryption

  The online payment ecosystem is a prime target for cybercriminals. Security 7 Award winner, Steven Elefant, formerly of Heartland Payment Systems, explains why end-to-end encryption is needed to maintain the integrity of transactions carried out ...Continue Reading

• Remediating IT vulnerabilities: Quick hits for risk prioritization

  There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization.Continue Reading

• Role-based access control for effective security management

  Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging.Continue Reading

• XACML tutorial: Using XACML as a foundation for entitlement management

  Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.Continue Reading

• Secure coding best practices: PHP and programming language security

  Michael Cobb explains how proper secure coding training is much more important than PHP programming language security.Continue Reading

• Framework for building a vulnerability management lifecycle, program

  A robust vulnerability management program requires the integration of inventory, change and configuration management.Continue Reading

• URL shortening security best practices

  Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly.Continue Reading

• Mitigating security risks of mobile location-based services technology

  What can enterprises do to mitigate the security risk of mobile location-based services technology and the like? Start by limiting smartphone apps.Continue Reading

• IT patch management best practices: Overcoming the challenges

  This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes.Continue Reading

• Understanding iPad security concerns for better iPad enterprise management

  Are iPad security concerns burdening your company’s adoption of the technology? Expert Michael Cobb discusses common security concerns and iPad enterprise management issues.Continue Reading

• Business partner security: Managing business risk

  Allowing outside business partner access to your systems and data always comes with some level of risk. Nick Lewis examines what those risks are and strategies for managing business risk.Continue Reading

• The threat landscape and Web 2.0 technologies

  The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Continue Reading

• Using an IAM maturity model to hone identity and access management strategy

  Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy.Continue Reading

• Information Security magazine online May 2011

  This issue of Information Security examines how enterprises can streamline compliance by building a robust data protection program.Continue Reading

• Maiffret: Configuration changes, attack mitigation can reduce attack surface

  A new report produced by noted security researcher Marc Maiffret outlines free steps companies can take to greatly reduce the attack surface.Continue Reading

• Gaining awareness to prevent social engineering techniques, attacks

  Cybercriminals are using social engineering fueled by social media to attack users and break into companies.Continue Reading

• Information security job titles: Irrelevant to your career

  Remember, potential new security roles are doled out based on experience and accomplishments, not some fancy title.Continue Reading

• Top 5 mobile data protection best practices

  In this tip, we highlight five essential best practices for protecting business data stored on mobile devices and tablets, and identify readily available technologies that can be used to implement them.Continue Reading

• Key steps for security incident response planning

  Security incidents are going to happen. Don't get caught flat footed.Continue Reading

• Antivirus vendors go beyond signature-based antivirus

  Security vendors are adding new capabilities into their products to keep up with the surge in malware.Continue Reading

• Application whitelisting: an extra layer of malware defense

  Application whitelisting was hyped as an antivirus killer. Its real role is serving as an added weapon in the battle against malware.Continue Reading

• Information Security magazine - March 2011 issue

  Download the entire March 2011 issue of Information Security magazine here in PDF format.Continue Reading

• Database monitoring best practices: Using DAM tools

  To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.Continue Reading

• Identity and access management concepts and predictions to watch in 2011

  Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.Continue Reading

• Best practices for securing virtual machines

  This month’s Information Security magazine explores the need for sound security and risk management strategies around virtualization technology. You'll also get expert advice and learn about the latest best practices for securing virtual machines. ...Continue Reading

• Virtualization 101: Best practices for securing virtual machines

  VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.Continue Reading

• Managing client-side security with patch management best practices

  Attacks on applications like Adobe Reader and Java require effective and timely patching of user systems.Continue Reading

• Choosing the right information security risk assessment framework

  There are a lot of risk assessment frameworks out there. Here's what you need to know in order to pick the right one.Continue Reading

• Social networking best practices for preventing social network malware

  Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.Continue Reading

• Schneier-Ranum Face-Off on whitelisting and blacklisting

  Security experts Bruce Schneier and Marcus Ranum debate whether network security should be based on whitelisting or blacklisting.Continue Reading

• Enforcing endpoint security

  Enforcing endpoint security requires careful planning and deployment.Continue Reading

• The state of critical infrastructure security

  Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late?Continue Reading

• Best practices for information security reward incentive programs

  While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.Continue Reading

• Linux security best practices for Linux server systems

  Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems.Continue Reading

• Identity management maturity model

  Learn about identity management and its capabilities in a detailed maturity model that highlights people, process and technology.Continue Reading

• Secure VoIP tutorial: Understanding VoIP security best practices

  More organizations are choosing to implement VoIP telephony in the enterprise for its cost savings. However, securing the technology comes with its own price tag. This secure VoIP tutorial is a compilation of resources that review VoIP security best...Continue Reading

• Guide to managing identities and access control

  SearchSecurity.com presents a comprehensive guide to managing user identities and access control within the enterprise. Our experts cover all the angles with technical advice on: centralized identity management; the importance of uniting IAM and ...Continue Reading

• Understanding the Data Accountability and Trust Act

  The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.Continue Reading

• Disaster recovery and contingency planning security considerations

  Security must be included in disaster recovery planning to ensure sensitive data is protected.Continue Reading

• Vendor risk management and the CISO

  The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.Continue Reading

• Career advantages of security professional certifications and advanced degrees

  Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.Continue Reading

• Security management plan reveals essential business security upgrades

  As companies create their security management plan for the coming year, they should look to upgrades in Linux and Windows operating systems, Adobe applications and Internet browsers to improve their overall security position.Continue Reading

• User provisioning best practices: Access recertification

  User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification ...Continue Reading

• Outsourcing data center services: SMB security best practices

  Learn best practices for outsourcing data center services and about the security and compliance considerations that influence whether an SMB should outsource data center services.Continue Reading

• Due diligence processes for cloud computing compliance

  Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.Continue Reading

• How to use an automated user provisioning system for access control

  Re-architect your provisioning system into a first line of defense for access management.Continue Reading

• Holistic fraud reduction through customer security management

  Monitoring customer behavior across multiple channels would help banks fight fraud, but today's fraud detection technology isn't there yet. In this tip, financial services expert Jerry Silva explains how banks could benefit from the concept of "...Continue Reading

• Merger management: How to handle potential merger threats to security

  During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.Continue Reading

• Database security best practices: Tuning database audit tools

  Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip.Continue Reading

• Microsoft IIS 7 security best practices

  Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.Continue Reading

• Data classification best practices in financial services

  Data classification is critical in the highly regulated financial industry. Learn key steps for data classification.Continue Reading

• Information security risk tolerance

  Has regulatory and other guidance missed the most important aspect of information security?Continue Reading

• Learn about database security auditing tools

  Database administrators are overcoming their distaste for database auditing tools; compliance and security are turning the tide.Continue Reading

• How to build an effective information security awareness program

  The "people problem" continues to hamper information security efforts; what can be done about it?Continue Reading

• Validating ERP system security and ERP best practices

  Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.Continue Reading

• IBM to acquire OpenPages for GRC, operational risk management

  OpenPages will be integrated with IBM's business analytics software portfolio.Continue Reading

• Web 2.0 security threats and how to defend against them

  The collaborative nature of Web 2.0 introduces myriad threats to data that must be proactively countered.Continue Reading

• Self-service user identity management: Pitfalls and processes

  While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues.Continue Reading

• Identity management federation best practices

  Outsourcing is necessary in the financial industry, but establishing secure partner communications can be difficult. Learn some best practices for implementing identity management federation.Continue Reading

• Opinion: Security information sharing is a shared responsibility

  Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.Continue Reading

• How to use NeXpose: Free enterprise vulnerability management tools

  Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases.Continue Reading