Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
RSA 2014: News, analysis and video from RSA Conference 2014
Find out what's happening in the infosec industry with breaking news via reporting, video and tweets by the SearchSecurity team at RSA's 2014 conference in San Francisco. Continue Reading
Essential Guide: Security Analytics
It's tough to get reliable security data. This Security School explains how to use security analytics to safeguard your network system's health. Continue Reading
Use John the Ripper to test network devices against brute forcing
Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks. Continue Reading
-
The value of 2,048-bit encryption: Why encryption key length matters
Leading browsers are required to use 2,048-bit length keys by the end of the year, but what effect does this have on security? Continue Reading
Security Readers' Choice Awards 2013
We tallied more than 1,000 readers' votes in 19 categories to come up with the winners of the Information Security Readers' Choice Awards 2013. Continue Reading
How to define SIEM strategy, management and success in the enterprise
Enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Learn how to achieve success with SIEM in your organization.Continue Reading
Amazon S3 encryption overview: How to secure data in the Amazon cloud
Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.Continue Reading
Enterprise mobile device security 2012
SearchSecurity.com's editors surveyed nearly 500 enterprise security professionals on mobile device security in the enterprise.Continue Reading
Security School: Data breach prevention strategies
In this lesson, expert Nick Lewis establishes a baseline data breach prevention strategy every enterprise should have in place.Continue Reading
Technical Guide on SIM
Application security managers: learn four key steps to connect apps with SIMs to enable successful analysis, reporting and alerting.Continue Reading
-
RSA Conference 2012: Special Conference Coverage
Get news from RSA Conference 2012. Cloud computing, mobile threats and attack intelligence gathering are likely to be among this year's top themes.Continue Reading
RSA Conference 2012 to feature cloud computing, mobile threats
Get news from RSA Conference 2012. Cloud computing, mobile threats and attack intelligence gathering are likely to be among this year's top themes.Continue Reading
Common Weakness Enumeration (CWE)
Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)Continue Reading
BIOS rootkit attack
A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code. A BIOS rootkit is programming that enables remote administration.Continue Reading
BIOS rootkit
A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration. Because the rootkit lives in the computer’s BIOS (basic input/output system), it persists not only through attempts to reflash the BIOS ...Continue Reading
wildcard certificate
A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains.Continue Reading
user account provisioning
User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system. To be effective, an account provisioning process should ensure that the creation of accounts and provisioning of...Continue Reading
alternate data stream (ADS)
An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.Continue Reading
FAQ: An introduction to the ISO 31000 risk management standard
Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.Continue Reading
government Trojan
A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation. Government Trojans represent a step in turning the tables on cybercriminals ...Continue Reading
Class C2
Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.Continue Reading
honey monkey
A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system ...Continue Reading
LEAP (Lightweight Extensible Authentication Protocol)
LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. LEAP is designed to provide more secure authentication for 802.11 ...Continue Reading
anti-money laundering software (AML)
Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions... (Continued)Continue Reading
Open Source Hardening Project
The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal...Continue Reading
role mining
Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise... (Continued)Continue Reading