Manage

Manage

Learn to apply best practices and optimize your operations.

• Outsourcing data center services: SMB security best practices

  Learn best practices for outsourcing data center services and about the security and compliance considerations that influence whether an SMB should outsource data center services. Continue Reading

• Are you in compliance with the ISO 31000 risk management standard?

  The ISO 31000 risk management standard is becoming an important development tool for shaping existing and new programs. Learn if your programs are in compliance with the standard. Continue Reading

• Data classification best practices in financial services

  Data classification is critical in the highly regulated financial industry. Learn key steps for data classification. Continue Reading

• Self-service user identity management: Pitfalls and processes

  While it might seem that self-service user identity management can save time and money, as well as keep information more current, there are a number of potential pitfalls. In this expert tip, Randall Gamby explains how to avoid these issues. Continue Reading

• Why it's important to turn on DEP and ASLR Windows security features

  In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on. Continue Reading

• Your USB port management options

  When it comes to managing USB ports, the choice is yours. Mike Chapple reviews your three best options.Continue Reading

• Enterprise PDF attack prevention best practices

  Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics.Continue Reading

• MD5 security: Time to migrate to SHA-1 hash algorithm?

  Many organizations have been replacing the MD5 hash algorithm with the SHA-1 hash function, but can the MD5 hash algorithm still be used securely?Continue Reading

• Applying the ISO 27005 risk management standard

  The ISO 27005 risk management methodology standard has weaknesses when it comes to risk measurement. "Fuzzy math" theory can help fill the gaps.Continue Reading

• Best practices and requirements for GLBA compliance

  GLBA requirements to protect personal information have become more relevant than ever. In this tip, Paul Rohmeyer examines best practices for GLBA compliance.Continue Reading

• Lack of incident response plan leaves hole in compliance strategy

  Without an incident response plan, businesses can tend to be reactive rather than proactive when data breaches occur. Here are some steps to follow.Continue Reading

• What is an encryption collision?

  Michael Cobb reviews how encryption collision attacks on cryptographic hash functions could compromise the security of all kinds of digital systems.Continue Reading

• Determine your Microsoft Windows patch level

  A handful of patch management tools from Microsoft and third -parties can help your organization determine your Windows patch level and identify missing security patches.Continue Reading

• How to prevent ActiveX security risks

  Application expert Michael Cobb explains why ActiveX security relies entirely on human judgment.Continue Reading

• Does using ISO 27000 to comply with PCI DSS make for better security?

  PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security.Continue Reading

• What are new and commonly used public-key cryptography algorithms?

  Expert Michael Cobb breaks down a variety of encryption algorithms and reviews the use cases for several types of cryptography.Continue Reading

• What are the export limitations for AES data encryption?

  Although AES is free for any use public or private, commercial or non-commercial programs that provide encryption capabilities are subject to U.S. export controls. Expert Michael Cobb reviews the limitations.Continue Reading

• PCI DSS compliance requires new vendor management strategy

  Requirement 12.8 requires a better vendor management strategy for PCI DSS compliance.Continue Reading

• Port scan attack prevention best practices

  While it's impossible to prevent against all port scanning attacks, there are best practices for port scanning security (such as a port scanning firewall) that can keep your network secure. Expert Mike Chapple weighs in.Continue Reading

• Business model risk is a key part of your risk management strategy

  Management consultants Amit Sen and John Vaughan discuss business model risk, a way to apply risk management policies to new or changed business processes.Continue Reading

• How to mitigate operational, compliance risk of outsourcing services

  Companies must have an approach to evaluating partner risk, the level of risk of both the service and the provider, and the adequacy of the security practices of the provider.Continue Reading

• How does a Web server model differ from an application server model?

  A Web server model and an application server model share many similarities but require different defense methods. Each model, for example, calls for distinct placement of application servers.Continue Reading

• PCI DSS 3.1 requirement best practices

  Requirement 3.1 of the PCI Data Security Standard requires minimum cardholder data storage. In this tip, learn how to determine how much data your organization should store.Continue Reading

• ID and password authentication: Keeping data safe with management and policies

  Learn how to improve authentication and avoid password hacking with management policies that enforce password expiration, length and complexity requirements.Continue Reading

• Is it impossible to successfully remove a rootkit?

  In this expert Q&A, Michael Cobb takes a closer a look at the nature of rootkits to see why they can be so difficult to remove.Continue Reading

• How to lay the foundation for role entitlement management

  Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps.Continue Reading

• Key management challenges and best practices

  Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them.Continue Reading

• Results Chain for Information Security and Assurance

  Continue Reading

• Information Security Blueprint

  Continue Reading

• Is Triple DES a more secure encryption scheme than DUKPT?

  Both DES and TDES use a symmetric key, but Michael Cobb explains their separate and distinct roles in protecting financial transactions.Continue Reading

• Developing a patch management policy for third-party applications

  Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from ...Continue Reading

• Preparing for uniform resource identifier (URI) exploits

  URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web ...Continue Reading

• Enterprise risk management frameworks: Controls for people, processes, technology

  Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ...Continue Reading

• How does SSL 'sit' between the network layer and application layer?

  SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.Continue Reading

• How secure is the Windows registry?

  In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains the weaknesses of the Windows registry and explores other OS alternatives.Continue Reading

• What are the drawbacks to application firewalls?

  Application-layer firewalls examine ingoing and outgoing traffic more carefully than traditional packet-filtering firewalls, so why are some holding back on deployment? In this SearchSecurity.com Q&A, Michael Cobb reveals some cost and performance ...Continue Reading

• What should be done with a RAID-5 array's failed drives?

  Even one failed drive in a RAID-5 array can present an enterprise with serious data protection concerns. In this SearchSecurity.com Q&A, expert Michael Cobb explains which policies can protect and recover RAID-5 data.Continue Reading

• How secure are document scanners and other 'scan to email' appliances?

  Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices.Continue Reading

• How can header information track down an email spoofer?

  Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from.Continue Reading

• How should security and networking groups manage the firewall?

  When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should these responsibilities be split? In this expert Q&A, security management pro Shon Harris reveals how ...Continue Reading

• Will two different operating systems cause administrative problems?

  Using two different operating systems can often boost a company's security, but there are practical limitations to the enterprise practice. In this expert Q&A, Michael Cobb reveals how separate platforms can lead to deployment issues and higher ...Continue Reading

• IT security auditing: Best practices for conducting audits

  Even if you hate security audits, it's in your best interest to make sure they're done right.Continue Reading