Manage

Manage

Learn to apply best practices and optimize your operations.

• Vulnerability testing with Open Vulnerability Assessment Language

  Learn how the Open Vulnerability Assessment Language (OVAL) can help organizations improve vulnerability testing processes. Continue Reading

• Simplify with SIM: Evaluating security information management systems

  Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses. Continue Reading

• Password security issues: How enterprise single sign-on can help

  Learn how the U.S. Postal Service has reduced password security issues and improved productivity by leveraging enterprise single sign-on. Continue Reading

• Benefits of encryption: Improving your enterprise IT security structure

  Learn the benefits of encryption and how it can be one of the only true secure ways to protect your enterprise. Continue Reading

• The downside of cybercrime investigation and prosecution

  Prosecuting cybercrime puts your organization -- and your security -- on the hot seat. Continue Reading

• Preventing spyware and third-party attacks

  Is your IT infrastructure prepared for spyware? In this feature, learn how to prepare your enterprise for spyware and how best to avoid these third-party attacks.Continue Reading

• The self-defending network: Is it real technology or market speak?

  Cisco and other security vendors are touting the "self-defending" network. Is it real technology or market-speak?Continue Reading

• Best practices for choosing an outside IT auditor

  Learn six points for choosing the right outside auditor.Continue Reading

• Outsourcing best practices: Identifying offshoring risks

  Offshoring is good for business, but lax security practices can torpedo your investment.Continue Reading

• Service-level agreement management: Defining security policy roles

  Does your security plan include expectations or incentives for SLAs? Lawrence Walsh explains why setting standards for your enterprise is essential.Continue Reading

• Best practices for writing an information classification policy

  When developing your organization's information classification policy, there are three best practices that you should keep in mind.Continue Reading

• Firewall responsibilities and firewall timeout features

  Continue Reading

• NAC best practices and technologies to meet corporate security policy

  New solutions help you secure endpointsContinue Reading

• Week 28: New technical manager challenges and pitfalls

  In this column, Shelley Bard offers up some tips for the new technical manager.Continue Reading

• Six Sigma and CMM models offer security best practices

  Security can learn a lot from Six Sigma, CMM and other established business methodologies.Continue Reading

• Tier-1 policy overview: Procurement and contracts, records management

  In the fourth and last installment of this tier-1 policy overview series, Thomas Peltier looks at Procurement and Contracts, Records Management and Asset Classification Policies.Continue Reading

• Laws of security: 10 security best practices

  Learn the laws of security and 10 security best practices.Continue Reading

• The future of software security vulnerabilities

  The evolution of software security vulnerabilities opens new vistas for business... and the bad guys.Continue Reading

• Audit failure: How one lab raised IT security awareness and its audit grade

  Learn how Argonne National Lab raised IT security awareness and its audit grade from 'F' to 'A'.Continue Reading

• Database security tools for preventing SQL injection attacks

  An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.Continue Reading

• Managing change in information security policies

  In this tip, security expert Mike Chapple will highlight a five-step process designed to help your organization approach necessary changes to its IT security policies in a formal, yet flexible fashion. He will also provide several questions that ...Continue Reading

• Implementing a better operational risk management framework

  Hackers don't impact long-term stock prices; rogue traders and lousy products do.Continue Reading

• A step-by-step network incident response plan

  We need automated response tools that go beyond fledging IPSes. In this tip you will learn how to create an IT incident response plan, step-by-step.Continue Reading

• Best practices for security report writing

  Concise, targeted security reports command the attention of the executives who need to act on them. Learn best practices for security report writing.Continue Reading

• A Patch in Time: Considering automated patch management

  Vulnerabilities are followed by patches, followed by exploits, followed by misery. Automated patch management solutions ease the pain and cut costs.Continue Reading

• Keys to an effective virus incident-response team

  How you recover from a malicious code attack depends on how quickly you respond. Learn how to coordinate a virus incident-response team to help minimize malware damage.Continue Reading

• Business continuity roles improve security incident management

  IT personnel may be front-line responders, but if they "own" incident management, your enterprise is at risk. Here's a business blueprint for an effective security incident management program with business continuity roles.Continue Reading

• Review: RSA ClearTrust 5.5 secure federated identity management system

  RSA ClearTrust 5.5 eases the administration of securing Web services identity management across business partners' systems.Continue Reading

• Week 1: The security manager's daily checklist

  Here's a daily checklist for security managers.Continue Reading

• Using control change management to improve attack resistance

  Learn how control change management can free your enterprise from the "widget mentality" -- and ensure better attack resistance.Continue Reading

• Four steps to ensure security deployment success

  Security deployment will go smoother if enterprises step back, ask questions, involve everyone and lower expectations.Continue Reading

• Computer Associates' Sanjay Kumar on the once-troubled firm's comeback

  Can Computer Associates' Sanjay Kumar convince the world that the once-troubled tech giant has changed?Continue Reading

• Vendor liability: Should we be suing for security?

  The latest lawsuit against Microsoft revives the legal debate of how much of security is the responsibility of the consumer, and how much is vendor liability.Continue Reading

• The security costs of outsourcing software development

  Before outsourcing software development, enterprises should make sure they perform due diligence and understand the associated security costs.Continue Reading

• Home office security: Seven ways to secure remote employees

  Fred Avolio outlines seven strategies enterprises should use to ensure their remote employees participate in good home office security.Continue Reading

• Fear factor: Malicious code and why the worst is yet to come

  As bad as the malicious code landscape may seem with Code Red, Nimda, and Sobig, Ed Skoudis says you ain't seen nothin' yet.Continue Reading

• Controlling Linux root privilege in a Linux environment

  If your enterprise has multiple sysadmins, giving them separate accounts is advisable. Su and Sudo can aid in keeping Linux root privilege rooted in safety.Continue Reading

• Employee privacy rights: When is it OK to spy on employees?

  Having a sound enterprise policy is everything if your organization wants to "spy" on employees -- otherwise it'll find itself violating employee privacy rights.Continue Reading

• Frank Abagnale preaches the dangers of hacking

  A penitent Frank Abagnale Jr. shuns white-collar crime and fraud, and helps others understand how to guard against the dangers of hacking.Continue Reading

• Proactive security: Make offense your best defense

  Information Security editorial director Andrew Briney outlines three measures that will help enterprises turn their reactive security into proactive security.Continue Reading

• Security survey results: Six information security myths dispelled

  A rose is a rose is a rose, but Information Security magazine and SearchSecurity surveys bust six security myths, proving infosec is maturing as a profession and a practice.Continue Reading

• Chain of command: Inside Prudential's security management program

  Information Security's October 2003 issue examines the security management program at Prudential Financial and why it's processes and people are a rock of information security stability. Also in this issue: how to reduce insider risk, how the ...Continue Reading

• Defending the rock: Prudential's security culture and change control management

  Cover story: Prudential's ingrained security culture and change control management makes it a security program worth emulating.Continue Reading

• Incident response policies and procedures

  Learn how policies and procedures fit in incident response.Continue Reading

• Cybersecurity and boards of directors: Understanding corporate risk

  Learn how corporate risk can be capitalized on in order to maintain a high profile for cybersecurity among enterprise board of directors.Continue Reading

• Dorothy Denning: Leading authority on cybercrime, information warfare

  The longtime computer science professor is one of the world's top authorities on encryption and cyberterrorism.Continue Reading

• Women of vision: Honoring 25 outstanding women of IT security

  Cover story: Profiling 25 outstanding technologists, researchers and executives who are reshaping information security.Continue Reading

• History of IPSec, SSL VPN products: How will the market change?

  Today's SSL VPNs address a single problem: secure remote access. Will that be enough to sustain the vendors in this market? History offers some clues.Continue Reading

• Examining device-based authentication

  Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.Continue Reading

• Working with Linux: Disable service to improve network security

  Linux security expert Jay Beale offers a code-by-code instructional walk-through to help system administrators disable Linux services.Continue Reading

• Web services security best practices: Presentation and application architectures

  Splitting the presentation and application architecture layers allows for checking each SOAP packet request and is a necessary Web service security best practice.Continue Reading

• Beyond network perimeter defense: A 'submarine warfare' strategy

  Today's attacker can be anywhere, meaning network perimeter defense alone is futile. Change your thinking, and your tactics.Continue Reading

• Case study: SSL VPN enables secure remote email access

  A global minerals firm seeking secure remote email tested other systems before choosing an SSL VPN.Continue Reading

• Virus protection: Prevention, detection, response

  How to prevent, detect and respond.Continue Reading

• Firewall checkup: Testing your firewall's health

  Uncover six important steps for testing your firewall to make sure it is running safely and smoothly.Continue Reading

• How to address SAN architecture security weaknesses

  SAN technology has burst out of the data center, exposing the world to SAN architecture security weaknesses.Continue Reading

• IPSec best practices to secure IP-based storage systems

  Learn the security challenges associated with IP-based storage systems and uncover IPSec best practices to help ensure system safety without sacrificing performance.Continue Reading

• How to avoid federal Wiretap Act issues with a honeypot network security system

  Hackers have rights, too. How can you deploy honeypots without running afoul of the law?Continue Reading

• Using decision-tree modeling to determine paths of attack

  Learn how one startup leverages decision-tree modeling to identify unwanted outcomes.Continue Reading

• Honeypot technology: How honeypots work in the enterprise

  The founder of the Honeynet Project explains how honeypots work and how they complement other technologies.Continue Reading

• IT risk assessment: Using security resource planning products to improve

  Enterprise risk management is a delicate balancing act. A look at three "security resource planning" products that seek to bring order to the process.Continue Reading

• Establishing a Metrics Management System

  This chapter is designed to provide basic guidance necessary for the development of a metrics methodology to understand what, why, when and how infosec can be measured.Continue Reading

• How to learn IT security in your spare time

  When considering how to learn IT security, never underestimate the power of a few minutes of downtime.Continue Reading

• Keeping security initiatives on track through executive, management turnover

  How to keep enterprise security initiatives on track...even when there are cracks in the corporate ladder.Continue Reading

• The security risk management lifecycle framework

  Learn about the seven steps in the enterprise information security risk management lifecycle framework.Continue Reading

• Test center: CORE IMPACT 3.1 automated pen testing tool

  Numerous mistakes tarnish the benefits of CORE Security's CORE IMPACT 3.1 automated pen testing tool.Continue Reading

• Top challenges facing defense-in-depth firewall technology

  Defense-in-depth firewall technology may offer value, but there are six barriers thwarting firewall technology on the port level.Continue Reading

• Designing a defense-in-depth network security model

  We challenged networking and firewall vendors to provide defense-in-depth security from the perimeter to the core. Their responses give us a glimpse into the future of enterprise network security.Continue Reading

• CISSP study plan: CISSP prep books, guides and resources

  Check out Andrew Briney's CISSP study plan recommendations on the best CISSP prep books, guides and websites.Continue Reading

• Preparing for CISSP exam questions: What to expect

  Anybody who says the CISSP exam is easy isn't telling the whole story. There are plenty of difficult questions--some legitimate, some goofy.Continue Reading

• VoIP network security protocols: Is VoIP secure?

  Is your network equal to the task? Are you willing to risk exposing data and voice on the Internet?Continue Reading

• WLAN security: Best practices for wireless network security

  WEP and war drivers scaring you away? Try these wireless network security basics and best practices to protect your enterprise.Continue Reading

• Merging firewalls: Making your enterprise more secure with Sidewinder

  Review: Secure Computing creates an impressive product by merging two leading firewalls into the Sidewinder G2.Continue Reading

• Network packet analyzers enable enterprise 'packet peeking'

  Marcus Ranum explains how network packet analyzers offer a worm's-eye view of what's traversing an enterprise network.Continue Reading

• Examining Windows Server 2003 operating system security

  Microsoft promised Windows Server 2003 would be "secure by design, secure by default and secure in deployment." We took the wrapper off this new OS to see if it lives up to expectations.Continue Reading

• Exposing and addressing wireless security concerns

  Campus IT managers' emphasis on wireless security puts them at the head of the class.Continue Reading

• Keeping WLANs safe with WLAN security tools

  Check out a variety of seurity managers tools to help keep WLANs safe.Continue Reading

• Protect Active Directory traffic with a VPN

  Active Directory network traffic is mission critical and highly sensitive, and must be protected by a VPN.Continue Reading

• Six steps for security patch management best practices

  Six steps to help decide when you must patch...and when it's OK to wait.Continue Reading

• Security audit tools: Vendors every auditor should use

  Sidebar: An auditor should be familiar with a variety of tools and utilities, not just a single packaged scanner. They include utilities and power tools, both open source and commercial.Continue Reading

• Egress filtering

  A look at some policies for egress filtering that can help limit your liability in DDoS attacks.Continue Reading

• Roundtable: Advice on IT security budget management

  Four CISOs discuss practical strategies for getting the security budget you need, and spending it wisely.Continue Reading

• IT security auditing: Best practices for conducting audits

  Even if you hate security audits, it's in your best interest to make sure they're done right.Continue Reading

• Tips and tricks for IDS deployment best practices

  Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.Continue Reading

• Best practices for securing remote-access solutions

  Continue Reading

• Using HoneyD configurations to build honeypot systems

  Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.Continue Reading

• Is it best to focus on the technical or business side for a management position?

  Continue Reading

• 4- Virus Management

  Top issuesContinue Reading

• Firewall best practices

  Kevin Beaver lists suggested best practices for managing your firewall in this Network Security Tip.Continue Reading

• Retrofitting virtual private network security

  The demand for better virtual private network security is driving the VPN market, but they aren't the best solution in all scenarios.Continue Reading

• Pitfalls of security layers (and how to avoid them)

  Overtaxed and mismatched security layers can affect many aspects of the enterprise, which can have long-lasting negative effects.Continue Reading

• CISSP requirements: Can (ISC)2 verify its applicants?

  While CISSP requirements are extensive, some unqualified applicants are slipping through. The way in which potential candidates are evaluated for the CISSP is going to change.Continue Reading

• What the virtual perimeter means for firewall technology

  Firewall technology makes it easier for businesses to recognize potential threats. With a virtual perimeter, enterprises can modify and adjust certain firewalls to their benefit.Continue Reading

• An inside look at types of Microsoft security patches

  Expert Russ Cooper explains the various Microsoft security patches and updates, detailing how they range from fixing specific problems to enhancing customer experience.Continue Reading

• Twelve ways to reduce PGP-based file transfer security risks

  Learn why PGP systems, which are designed for file transfer security, are a good alternative to using VPNs.Continue Reading

• Fighting viruses: Seven things you should know about antivirus tools

  Learn what you should and shouldn't do when it comes to fighting viruses as Rob Rosenberger debunks myths about AV software, updates, reports and unexploited vulnerabilities.Continue Reading

• Centralized antivirus management: Get a bird's-eye view of AV defenses

  Centralized antivirus management technologies provide enterprises a bird's-eye view of AV defenses and establish applications that protect against unwanted malware and viruses.Continue Reading

• Predicting the future of malware and tomorrow's malicious code

  The future of malware will grow exponentially. David Harley presents his predictions on blended threats, e-mail exploits, social engineering and more.Continue Reading

• Thirteen website attacks that damage an enterprise's Web presence

  Many website attacks are potentially dangerous and can damage an organization's Web presence. Learn about the most common attacks and how they function.Continue Reading

• CRM privacy management: How you can help

  In this edition of Scheier's Security Roundup, Robert Scheier explains the security admin's role in customer privacy.Continue Reading