Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
DoS attack responses demand better business continuity plans
Expert Nick Lewis says an effective DoS attack responses demand better business continuity plans, including pre-negotiating with providers. Continue Reading
Security School: Cloud app security best practices
In this Security School lesson, expert Diana Kelley examines what enterprises need to know about application security in the cloud. Continue Reading
PDF download: Information Security magazine April 2012
In this issue, read about enterprise requirements for unified threat management systems. Also read about tokenization and AMI security issues. Continue Reading
-
UTM for the enterprise
Unified threat management isn’t just for the SMB market anymore. Continue Reading
Secure remote access? Security-related remote access problems abound
Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore. Continue Reading
Understanding tokenization: What is tokenization and when to use it
Tokenization protects sensitive data to reduce the compliance burden.Continue Reading
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Continue Reading
Dynamic authorization vs. other access management technologies
Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.Continue Reading
SaaS access management: Finding the best single sign-on technology
Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.Continue Reading
Managing remote employees: How to secure remote network access
This SearchSecurity.com mini learning guide is a compilation of tips from our experts on how to secure remote network access. The guide offers best practices for managing remote employees and helping them set up a secure home network, as well as ...Continue Reading
-
Secure network architecture best practices: DMZ and VLAN security
This mini learning guide will cover best practices for achieving and maintaining a secure network architecture, discussing several aspects of DMZ security and VLAN security.Continue Reading
The RSA breach: One year later
The attack on RSA shook the security industry to its core: A look at the breach’s far reaching impact.Continue Reading
NGFW: Getting clarity on next-gen firewall features
There’s a lot of hype about next-generation firewalls. Here’s what you need to know.Continue Reading
A framework for big data security
Organizations are entranced with big data but need to acknowledge the security risks and plan accordingly.Continue Reading
Book chapter: Social media security policy best practices
The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.Continue Reading
Mobile device protection: Tackling mobile device security risks
Managing mobile device risks tops the list of priorities for security pros this year.Continue Reading
Tackling SSL vulnerabilities for secure online transactions
A rash of CA breaches shows up weaknesses in the SSL infrastructure. Take action to protect your customers and employees.Continue Reading
BIOS management best practices: BIOS patches and BIOS updates
Amid growing concern over BIOS threats, expert Mike Cobb discusses how organizations should manage BIOS patches and BIOS updates.Continue Reading
Enterprise user de-provisioning best practices: How to efficiently revoke access
Misplaced or stagnant employee access can be dangerous; Randall Gamby details user provisioning best practices for setting up a system to combat this risk.Continue Reading
Talking with lawyers: How to manage information security legal issues
Dealing with lawyers is often a challenge. Ernie Hayden offers advice for CISOs dealing with enterprise information security legal issues.Continue Reading
Privileged account policy: Securely managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information.Continue Reading
Privileged user access management: How to avoid access creep
One of the most difficult areas of privileged user access management is avoiding access creep. John Burke covers how to keep privileged users in check.Continue Reading
PDF download: Information Security magazine December 2011
This issue of Information Security features a firsthand account of the Windows Vista security review. Also learn about enterprise digital rights management best practices.Continue Reading
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.Continue Reading
The need for cloud computing security standards
Cloud computing needs security standards and widely adopted security practices in order to become a viable choice for the enterprise.Continue Reading
Alternatives to passwords: Replacing the ubiquitous authenticator
As the relative security of passwords falters, are they destined for obscurity?Continue Reading
Modern security management strategy requires security separation of duties
Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy.Continue Reading
PDF download: Information Security magazine November 2011
This issue of Information Security looks at the security provided by virtual desktop infrastructure, how cybercriminals are increasingly targeting SMBs, and factors that can skew risk analysis.Continue Reading
Marcus Ranum chat: Information security monitoring
Security expert and Information Security magazine columnist Marcus Ranum talks to Richard Bejtlich, CSO and vice president, Mandiant Computer Incident Response Team (MCIRT) at security firm Mandiant.Continue Reading
The lack of computer security: We’re all responsible
We all have an explanation for weak security, but everyone needs to do their part to improve it.Continue Reading
Overcoming obstacles in the security risk assessment process
An effective risk assessment process is essential, but many factors can skew the process and get in the way of security.Continue Reading
VDI security supports active protection strategies
ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.Continue Reading
How to create a problem management process flow to minimize incidents
Most organizations have an incident response team, but how many have a problem management team? Michael Cobb explains how problem management can prevent incidents.Continue Reading
Managing toolbars and other third-party browser extensions
Third-party browser extensions like toolbars can jeopardize client security. Expert Michael Cobb discusses what can be done to manage these risks.Continue Reading
Managing application permissions through isolated storage
Application permissions are essential in securing application data. Learn how isolated storage allows secure, controlled access to application files.Continue Reading
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Get an understanding of key database compliance essentials.Continue Reading
Zero-day vulnerabilities and the patch management process: To test or not to test?
Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing.Continue Reading
Vulnerability management program has unexpected benefits
Security 7 Award winner, Brian Wishnousky of Rogers Communications explains how to get the best actionable data from a vulnerability management program to fill patching gaps and uncover rogue devices.Continue Reading
Emergency tabletop exercises enable effective crisis planning
Emergency tabletop exercises with real-world scenarios enable effective crisis planning, incident response and disaster recovery. Security 7 Award winner, Matthew Todd of Financial Engines explores the key components of effective tabletop disaster ...Continue Reading
Secure online payment system requires end-to-end encryption
The online payment ecosystem is a prime target for cybercriminals. Security 7 Award winner, Steven Elefant, formerly of Heartland Payment Systems, explains why end-to-end encryption is needed to maintain the integrity of transactions carried out ...Continue Reading
Remediating IT vulnerabilities: Quick hits for risk prioritization
There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization.Continue Reading
Role-based access control for effective security management
Effective role-based access control is vital for properly managing user access rights and enforcing access policies, but avoiding role sprawl can be challenging.Continue Reading
XACML tutorial: Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.Continue Reading
Secure coding best practices: PHP and programming language security
Michael Cobb explains how proper secure coding training is much more important than PHP programming language security.Continue Reading
Framework for building a vulnerability management lifecycle, program
A robust vulnerability management program requires the integration of inventory, change and configuration management.Continue Reading
URL shortening security best practices
Expert Michael Cobb weighs in on risks you may not know about with shortened URLs from TinyURL or Bit.ly.Continue Reading
Mitigating security risks of mobile location-based services technology
What can enterprises do to mitigate the security risk of mobile location-based services technology and the like? Start by limiting smartphone apps.Continue Reading
IT patch management best practices: Overcoming the challenges
This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes.Continue Reading
Understanding iPad security concerns for better iPad enterprise management
Are iPad security concerns burdening your company’s adoption of the technology? Expert Michael Cobb discusses common security concerns and iPad enterprise management issues.Continue Reading
Business partner security: Managing business risk
Allowing outside business partner access to your systems and data always comes with some level of risk. Nick Lewis examines what those risks are and strategies for managing business risk.Continue Reading
The threat landscape and Web 2.0 technologies
The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.Continue Reading
Using an IAM maturity model to hone identity and access management strategy
Forrester Research’s Andras Cser discusses how to use an IAM maturity model to assess your identity and access management strategy.Continue Reading
Information Security magazine online May 2011
This issue of Information Security examines how enterprises can streamline compliance by building a robust data protection program.Continue Reading
Maiffret: Configuration changes, attack mitigation can reduce attack surface
A new report produced by noted security researcher Marc Maiffret outlines free steps companies can take to greatly reduce the attack surface.Continue Reading
Gaining awareness to prevent social engineering techniques, attacks
Cybercriminals are using social engineering fueled by social media to attack users and break into companies.Continue Reading
Information security job titles: Irrelevant to your career
Remember, potential new security roles are doled out based on experience and accomplishments, not some fancy title.Continue Reading
Top 5 mobile data protection best practices
In this tip, we highlight five essential best practices for protecting business data stored on mobile devices and tablets, and identify readily available technologies that can be used to implement them.Continue Reading
Key steps for security incident response planning
Security incidents are going to happen. Don't get caught flat footed.Continue Reading
Antivirus vendors go beyond signature-based antivirus
Security vendors are adding new capabilities into their products to keep up with the surge in malware.Continue Reading
Application whitelisting: an extra layer of malware defense
Application whitelisting was hyped as an antivirus killer. Its real role is serving as an added weapon in the battle against malware.Continue Reading
Information Security magazine - March 2011 issue
Download the entire March 2011 issue of Information Security magazine here in PDF format.Continue Reading
Database monitoring best practices: Using DAM tools
To effectively use DAM tools, admins must prioritize which transactions are important, learn how to collect events, and write and implement database security policies.Continue Reading
Identity and access management concepts and predictions to watch in 2011
Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.Continue Reading
Best practices for securing virtual machines
This month’s Information Security magazine explores the need for sound security and risk management strategies around virtualization technology. You'll also get expert advice and learn about the latest best practices for securing virtual machines. ...Continue Reading
Virtualization 101: Best practices for securing virtual machines
VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.Continue Reading
Managing client-side security with patch management best practices
Attacks on applications like Adobe Reader and Java require effective and timely patching of user systems.Continue Reading
Choosing the right information security risk assessment framework
There are a lot of risk assessment frameworks out there. Here's what you need to know in order to pick the right one.Continue Reading
Social networking best practices for preventing social network malware
Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.Continue Reading
Schneier-Ranum Face-Off on whitelisting and blacklisting
Security experts Bruce Schneier and Marcus Ranum debate whether network security should be based on whitelisting or blacklisting.Continue Reading
Enforcing endpoint security
Enforcing endpoint security requires careful planning and deployment.Continue Reading
The state of critical infrastructure security
Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late?Continue Reading
Best practices for information security reward incentive programs
While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance.Continue Reading
Linux security best practices for Linux server systems
Linux servers are used throughout many enterprises, and their security posture shouldn't be overlooked. In this tip, King Ables discusses risk assessment pointers for Linux server systems.Continue Reading
Identity management maturity model
Learn about identity management and its capabilities in a detailed maturity model that highlights people, process and technology.Continue Reading
Secure VoIP tutorial: Understanding VoIP security best practices
More organizations are choosing to implement VoIP telephony in the enterprise for its cost savings. However, securing the technology comes with its own price tag. This secure VoIP tutorial is a compilation of resources that review VoIP security best...Continue Reading
Guide to managing identities and access control
SearchSecurity.com presents a comprehensive guide to managing user identities and access control within the enterprise. Our experts cover all the angles with technical advice on: centralized identity management; the importance of uniting IAM and ...Continue Reading
Understanding the Data Accountability and Trust Act
The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.Continue Reading
Disaster recovery and contingency planning security considerations
Security must be included in disaster recovery planning to ensure sensitive data is protected.Continue Reading
Vendor risk management and the CISO
The CISO has a key role in reducing the risk of sharing sensitive corporate data with third parties.Continue Reading
Career advantages of security professional certifications and advanced degrees
Choose wisely when pursuing industry certifications and advanced degrees to gain the best competitive advantage.Continue Reading
Security management plan reveals essential business security upgrades
As companies create their security management plan for the coming year, they should look to upgrades in Linux and Windows operating systems, Adobe applications and Internet browsers to improve their overall security position.Continue Reading
User provisioning best practices: Access recertification
User access recertification is the process of continually auditing users' permissions to make sure they have access only to what they need. Implementing recertification, however, can be challenging. Get best practices on creating a recertification ...Continue Reading
Outsourcing data center services: SMB security best practices
Learn best practices for outsourcing data center services and about the security and compliance considerations that influence whether an SMB should outsource data center services.Continue Reading
Due diligence processes for cloud computing compliance
Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.Continue Reading
How to use an automated user provisioning system for access control
Re-architect your provisioning system into a first line of defense for access management.Continue Reading
Holistic fraud reduction through customer security management
Monitoring customer behavior across multiple channels would help banks fight fraud, but today's fraud detection technology isn't there yet. In this tip, financial services expert Jerry Silva explains how banks could benefit from the concept of "...Continue Reading
Merger management: How to handle potential merger threats to security
During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.Continue Reading
Database security best practices: Tuning database audit tools
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip.Continue Reading
Microsoft IIS 7 security best practices
Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable.Continue Reading
Data classification best practices in financial services
Data classification is critical in the highly regulated financial industry. Learn key steps for data classification.Continue Reading
Information security risk tolerance
Has regulatory and other guidance missed the most important aspect of information security?Continue Reading
Learn about database security auditing tools
Database administrators are overcoming their distaste for database auditing tools; compliance and security are turning the tide.Continue Reading
How to build an effective information security awareness program
The "people problem" continues to hamper information security efforts; what can be done about it?Continue Reading
Validating ERP system security and ERP best practices
Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.Continue Reading
IBM to acquire OpenPages for GRC, operational risk management
OpenPages will be integrated with IBM's business analytics software portfolio.Continue Reading
Web 2.0 security threats and how to defend against them
The collaborative nature of Web 2.0 introduces myriad threats to data that must be proactively countered.Continue Reading
Self-service user identity management: Pitfalls and processes
While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues.Continue Reading
Identity management federation best practices
Outsourcing is necessary in the financial industry, but establishing secure partner communications can be difficult. Learn some best practices for implementing identity management federation.Continue Reading
Opinion: Security information sharing is a shared responsibility
Senior Site Editor Eric B. Parizo says infosec pros need to participate in the public dialog for the good of the industry and offers harsh words for companies who silence their own security talent.Continue Reading
How to use NeXpose: Free enterprise vulnerability management tools
Learn how to use NeXpose Community Edition, a free collection of vulnerability management tools that offers pre-defined scan templates, and the ability to scan networks, OSes, desktops and databases.Continue Reading