Manage

Manage

Learn to apply best practices and optimize your operations.

• 5 PCI DSS best practices to improve compliance

  Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here. Continue Reading

• How IAM systems support compliance

  IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise. Continue Reading

• Invest in new security talent with cybersecurity mentorships

  Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must. Continue Reading

• 6 key identity and access management benefits

  Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework. Continue Reading

• How to protect workloads using a zero-trust security model

  Never trust, always verify. Learn how to implement a zero-trust security model to help manage risk and protect IT workloads at your organization. Continue Reading

• 3 key identity management tips to streamline workflows

  Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started.Continue Reading

• VPC security best practices and how to implement them in AWS

  To best secure network access, AWS administrators need to create rules for network resources. Learn how to implement Amazon VPC security best practices in this book excerpt.Continue Reading

• Overcome AWS security vulnerabilities with VPCs, IAM

  Securing network access in AWS requires the right rules to be in place. Learn more about Virtual Private Clouds and how implementing them can prevent common cloud security attacks.Continue Reading

• How to ensure security for 3 types of digital identity

  Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how.Continue Reading

• A case for both cybersecurity detection and prevention tools

  Companies need both detection and prevention cybersecurity tools to effectively keep data and employees safe from attackers. Just one or the other isn't enough.Continue Reading

• How to build an effective IAM architecture

  Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization.Continue Reading

• 4 essential identity and access management best practices

  Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program.Continue Reading

• How to fortify IoT access control to improve cybersecurity

  Security technology is still playing catch-up with the new risks and attack vectors associated with IoT. Learn how to improve IoT access control and identity management here.Continue Reading

• 12 Microsoft 365 security best practices to secure the suite

  Migrating to or operating cloud-based Microsoft 365 can bring with it a host of problems and misconfigurations. Check out 12 best practices to tighten Microsoft 365 security.Continue Reading

• How security testing could change after COVID-19

  As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT.Continue Reading

• 5 steps to determine residual risk during the assessment process

  Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment.Continue Reading

• How to get actionable threat intelligence from tech tools

  Even advanced threat intelligence tools can't do it all alone. Learn what it takes to parse actionable insights from the information that threat intelligence feeds gather.Continue Reading

• AI threat intelligence is the future, and the future is now

  Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works.Continue Reading

• Uncover and overcome cloud threat hunting obstacles

  You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them.Continue Reading

• IT and security teams collide as companies work from home

  The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security.Continue Reading

• Advance your security operations center with AI

  Powering a security operations center with AI systems not only automates tasks, but also complements admins' efforts to more effectively combat threats and transform processes.Continue Reading

• Identifying common Microsoft 365 security misconfigurations

  Microsoft 365 security problems can double the time it takes to contain a breach, according to a new survey. Check out best practices and operational strategies to fix them.Continue Reading

• Why nation-state cyberattacks must be top of mind for CISOs

  Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why.Continue Reading

• One security framework may be key to cyber effectiveness

  The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations.Continue Reading

• CISO stress and burnout cause high churn rate

  The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work.Continue Reading

• The state of cybersecurity risk: Detection and mitigation

  Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring?Continue Reading

• Why CISOs need advanced network security strategies now

  Continue Reading

• SSL certificate best practices for 2020 and beyond

  SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more.Continue Reading

• Zero-trust management challenges outweighed by benefits

  The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises.Continue Reading

• Use an IoT security architecture to protect networks end to end

  Organizations can reap benefits from IoT technology but only if it is properly secured. Learn the components of IoT network architecture and the unique security considerations of each.Continue Reading

• Skill building is key to furthering gender diversity in tech

  Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent.Continue Reading

• Employ AI for cybersecurity, reap strong defenses faster

  The cyber arms race is never-ending. Learn how to prevail over advanced attacks by putting the latest intelligent technology to service in your cybersecurity program.Continue Reading

• Using AIOps for cybersecurity and better threat response

  AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways.Continue Reading

• Best practices for threat modeling service mesh, microservices

  In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods.Continue Reading

• How to implement a strong COVID-19 cybersecurity plan

  Cybercriminals aren't slowing down during the coronavirus pandemic, and neither can your security. Learn what are the biggest threats and how to stop them cold.Continue Reading

• 4 tips to ensure secure remote working during COVID-19 pandemic

  Don't let teleworkers compromise your enterprise's security. Follow these tips to ensure secure remote working in the event of a teleworker boom during a pandemic.Continue Reading

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden.Continue Reading

• ITOps security requires attention to training

  Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security.Continue Reading

• Updating the data discovery process in the age of CCPA

  Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR.Continue Reading

• Use this CCPA compliance checklist to get up to speed

  California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist.Continue Reading

• Tips for cybersecurity pandemic planning in the workplace

  Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event.Continue Reading

• Balance fraud compliance and prevention with these tips

  IT leaders must be vigilant against cyberfraud. Use this list of fraud compliance statutes and prevention tips to protect IT resources, customers and your company's reputation.Continue Reading

• How to use TODO comments for secure software development

  Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production.Continue Reading

• Privacy controls to meet CCPA compliance requirements

  Existing risk management programs are a solid foundation for CCPA compliance requirements. Learn the privacy controls needed to remain CCPA-compliant and improve IT security.Continue Reading

• Windows IIS server hardening checklist

  Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use.Continue Reading

• Boost security with a multi-cloud workload placement process

  IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud security and cloud operations.Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.Continue Reading

• Tackle identity management in the cloud with AaaS or IDaaS

  Has your organization considered outsourcing cloud identity management? Learn more about the benefits of AaaS, aka IDaaS, and what to consider before settling on a particular service.Continue Reading

• AI-driven cybersecurity teams are all about human augmentation

  AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them.Continue Reading

• Zero-trust model case study: One CISO's experience

  Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises.Continue Reading

• Data breach costs hit hard; where are you most vulnerable?

  Breaking down the cost of a data breach isn't for the faint of heart. But with millions of dollars on the line for a single event, companies also need to have their eyes wide open.Continue Reading

• CISOs face a range of cybersecurity challenges in 2020

  Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020.Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.Continue Reading

• Fresh thinking on cybersecurity threats for 2020

  It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses.Continue Reading

• Getting the most from cyberthreat intelligence services

  Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy.Continue Reading

• Improve data security in the modern enterprise

  From growing attack surfaces to new regulations, these data security considerations must be on every company's radar.Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified.Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.Continue Reading

• 5 steps to a secure cloud control plane

  A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are five steps to a secure cloud control plane.Continue Reading

• 3 steps to prepare IT operations for multi-cloud

  Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team with the right people and processes to adapt smoothly.Continue Reading

• NIST CSF provides guidelines for risk-based cybersecurity

  Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection.Continue Reading

• IT vs. OT security -- and how to get them to work together

  While IT and OT security have historically been separate, the advent of IoT is forcing the two together. Cross-pollinating IT with OT is critical to ensuring IoT security.Continue Reading

• Data breach risk factors, response model, reporting and more

  Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner.Continue Reading

• Perimeterless security still has borders -- and APIs need it

  Many people believe perimeterless security means borders are a thing of the past. But virtual borders secure APIs needed by mobile users and cloud workloads. Check out how to manage them.Continue Reading

• Ideal DevSecOps strategy requires the right staff and tools

  Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy.Continue Reading

• Use a data privacy framework to keep your information secure

  Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats.Continue Reading

• Best practices to help CISOs prepare for CCPA

  With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations.Continue Reading

• How to prevent port scan attacks

  The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks.Continue Reading

• What are best practices for a modern threat management strategy?

  Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both.Continue Reading

• IT security threat management tools, services to combat new risks

  Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk.Continue Reading

• The network security tools to combat modern threats

  Incorporating new network security tools and methods into your enterprise's infosec program may mean the difference between staying safe or falling victim to an attack.Continue Reading

• What are the top network security techniques for modern companies?

  Protecting the enterprise network remains integral to overall IT security. Here are the top network security techniques enterprises are using to protect data.Continue Reading

• How to use and manage BitLocker encryption

  Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it.Continue Reading

• Raise enterprise network visibility, and security rises too

  The need to improve network visibility has bedeviled IT teams for years. Better tools offer hope but there are privacy and ethical concerns that come with responsible use.Continue Reading

• Boost network security visibility with these 4 technologies

  The network is where it's at if you want to stop malicious actors. But first you need to up your network visibility. Learn about four technologies that can help.Continue Reading

• Build new and old strategies into insider threat management

  The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture.Continue Reading

• Use Azure Security Center to conduct a security posture assessment

  In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture.Continue Reading

• A fresh look at enterprise firewall management

  Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization.Continue Reading

• Zero-trust framework creates challenges for app dev

  Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers.Continue Reading

• 3 security and ethics considerations for modern-day CISOs

  Many conversations today revolve around security and ethics. A strong CISO voice is crucial to keeping enterprises safe while embracing this critical cultural awakening.Continue Reading

• Creating and managing a zero-trust security framework

  IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face.Continue Reading

• When cyberthreats are nebulous, how can you plan?

  Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.Continue Reading

• AI threats, understaffed defenses and other cyber nightmares

  Continue Reading

• CISOs, does your incident response plan cover all the bases?

  Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?Continue Reading

• Report shows CISOs, IT unprepared for privacy regulations

  Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.Continue Reading

• Understand the top 4 use cases for AI in cybersecurity

  AI applications in security offers organizations four unique benefits. Learn how machine learning advances can change industry approaches to threat detection and prevention.Continue Reading

• DevSecOps model requires security get out of its comfort zone

  Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge.Continue Reading

• Choosing between an SSL/TLS VPN vs. IPsec VPN

  Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here.Continue Reading

• To secure DevOps, break culture and tooling barriers

  The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved.Continue Reading

• How to beef up S3 bucket security to prevent a breach

  Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe.Continue Reading

• Virtual network security measures to thwart access threats

  Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues.Continue Reading

• Your third-party risk management best practices need updating

  Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips.Continue Reading

• How PCI DSS compliance milestones can be a GDPR measuring stick

  Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates.Continue Reading

• Top tips for using the Kali Linux pen testing distribution

  It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman.Continue Reading

• When should I use breach and attack simulation tools?

  Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure.Continue Reading

• Build an agile cybersecurity program with Scrum

  Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams.Continue Reading

• How to use SOAR tools to simplify enterprise infosec programs

  SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users.Continue Reading

• Using DNS RPZ to pump up cybersecurity awareness

  Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites.Continue Reading