Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• The fundamentals of FDE: Comparing the top full disk encryption products

  Expert Karen Scarfone examines the top full disk encryption products to determine which one may be best for your organization. Continue Reading

• Can setting a cache-control header improve application data security?

  Application security expert Michael Cobb reviews the cache-control header codes that can help prevent a Web application from storing sensitive data. Continue Reading

• Are LibreSSL and BoringSSL safe OpenSSL alternatives?

  Since the revelation of the Heartbleed flaw, OpenSSL security has been put into question. Expert Michael Cobb discusses whether LibreSSL and BoringSSL could serve as OpenSSL alternatives. Continue Reading

• The fundamentals of FDE: Procuring full-disk encryption software

  Expert Karen Scarfone examines the most important criteria for evaluating full disk encryption options for deployment within an enterprise. Continue Reading

• The fundamentals of FDE: The business case for full disk encryption

  Expert Karen Scarfone outlines the benefits of FDE to help businesses decide if the storage encryption technology is right for their organization. Continue Reading

• How can vishing attacks be prevented?

  Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.Continue Reading

• How vulnerable is Silverlight security?

  Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it.Continue Reading

• Inside the four main elements of DLP tools

  Security expert Rich Mogull outlines the four elements of a DLP tool: the central management server, network monitoring, storage and endpoint DLP.Continue Reading

• CISSP quiz: System architecture, security models, system evaluation

  Test your knowledge of the CISSP exam's Security Architecture and Design domain by taking this practice quiz that covers topics including system architecture, security models and more.Continue Reading

• SHA-2 algorithm: The how and why of the transition

  Is it time to make the move to the SHA-2 algorithm? Application security expert Michael Cobb discusses and offers tips to ease the transition.Continue Reading

• Evaluating next-gen firewall vendors: Top 11 must-ask questions

  Evaluating potential firewall vendors and choosing the one that best aligns with your enterprise's needs can be a tricky task. This tip offers 11 questions any organization should ask vendors prior to making a firewall purchase.Continue Reading

• FAQ: Were executives held accountable after the Target data breach?

  Target Corp. has made major executive changes in the months following its massive 2013 data breach as the company strives to reassure customers and rework digital information security processes.Continue Reading

• The NoSQL challenge: What's in store for big data and security

  Big data offers horizontal scalability, but how do you get your database security to scale along with it?Continue Reading

• Product review: Juniper Networks SRX Series UTM appliances

  The market-leading Juniper Networks SRX Series of UTM boxes are feature-rich products that may cause implementation headaches.Continue Reading

• NIST cybersecurity framework: Assessing the strengths and weaknesses

  Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved.Continue Reading

• NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading

• Authentication caching: How it reduces enterprise network congestion

  Michael Cobb explores the pros and cons of authentication caching and whether the practice can truly calm network strain.Continue Reading

• Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.Continue Reading

• Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.Continue Reading

• PCI DSS version 3.0: The five most important changes for merchants

  PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later.Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading

• Managing big data privacy concerns: Tactics for proactive enterprises

  The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading

• Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading

• Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.Continue Reading

• Information Security Magazine: FEBRUARY 2012

  Learn about the latest malware threats targeting enterprises and what you can do to reduce the risk of infection.Continue Reading

• P2P encryption: Pros and cons of point-to-point encryption

  P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.Continue Reading

• OAuth 2.0: Pros and cons of using the federation protocol

  Learn the advantages and disadvantages of using Open Authorization for Web application authentication.Continue Reading

• Virtualization 101: Best practices for securing virtual machines

  VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.Continue Reading

• Outsourcing data center services: SMB security best practices

  Learn best practices for outsourcing data center services and about the security and compliance considerations that influence whether an SMB should outsource data center services.Continue Reading

• Data classification best practices in financial services

  Data classification is critical in the highly regulated financial industry. Learn key steps for data classification.Continue Reading

• FAQ: An introduction to the ISO 31000 risk management standard

  Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.Continue Reading

• Do you need an IDS or IPS, or both?

  Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.Continue Reading

• Results Chain for Information Security and Assurance

  Continue Reading

• Information Security Blueprint

  Continue Reading

• What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

  Password managment tools other than Active Directory are available, though they may not be the best access control coordinators.Continue Reading

• IT security auditing: Best practices for conducting audits

  Even if you hate security audits, it's in your best interest to make sure they're done right.Continue Reading