Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
How can users protect mobile devices from SandJacking attacks?
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack. Continue Reading
Information security risk management: Understanding the components
An enterprise has to know what risks it is facing. Expert Peter Sullivan explains why an information security risk management plan is crucial for cybersecurity readiness. Continue Reading
Preventing privilege creep: How to keep access and roles aligned
Privilege creep can result in the abuse of user access and security incidents. Expert Michael Cobb explains how enterprises can keep user roles and privileges aligned. Continue Reading
-
Trusted? Certificate authority risks and how to manage them
Trusted certificate authorities are essential in today's business climate, but that doesn't mean they are easy to come by. Certificate authority risks are many, certainly, but this three-part technical guide is designed to make plain the challenges ... Continue Reading
Insider security threats: What CISOs can do to mitigate them
Dealing with insider security threats requires a combination of tactics. Expert Mike O. Villegas discusses the various aspects of insider threat mitigation strategies. Continue Reading
When to take a bug bounty program public -- and how to do it
Bug-finding programs are valuable to enterprises, but they require a lot of planning and effort to be effective. Sean Martin looks at what goes into taking a bug bounty program public.Continue Reading
Planning for an IPv6 attack: DDoS, neighbor discovery threats and more
An IPv6 DDoS attacks are imminent, and your network security tools may not be configured for it. Expert Michael Cobb explains how enterprises can prepare its defenses.Continue Reading
How to start building an enterprise application security program
Building an effective application security program can be daunting. Sean Martin talks with experts about the best first steps enterprises should take.Continue Reading
How tabletop exercises can help uncover hidden security risks
A regular tabletop exercise could help to identify security risks in scenarios relevant to your organization. Expert Bob Wood explains the steps in the process.Continue Reading
How can the AirDroid app phone hijacking be prevented?
A vulnerability in the AirDroid device manager app left users at risk of phone hijacking. Expert Michael Cobb explains how the exploit works, and what can be done to prevent it.Continue Reading
-
What new Asacub Trojan features should enterprises watch out for?
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for.Continue Reading
Strong authentication methods: Are you behind the curve?
Not sure who's really behind that username and password? Google, Facebook and others may finally give multifactor authentication technology the 'push' it needs.Continue Reading
Why signature-based detection isn't enough for enterprises
Signature-based detection and machine learning algorithms identify malicious code and threats. Expert Michael Cobb explains how both techniques defend networks and endpoints.Continue Reading
Proper network segments may prevent the next breach
Companies still fail to implement secure network segmentation and role-based access. Here's how to protect your sensitive data and stay out of the headlines.Continue Reading
RSA Conference 2016 draws big crowds, strong encryption
RSA Conference 2016 was a densely-packed affair, with discussions ranging from strong encryption to skills shortage in the industry. Expert Nick Lewis gives a recap.Continue Reading
Securing VoIP: Keeping Your VoIP Networks Safe
In this excerpt of Securing VoIP: Keeping your VoIP Network Safe, author Regis (Bud) Bates outlines different approaches to VoIP security and offers best practices to ensure infrastructure security is intact.Continue Reading
Cybersecurity products: When is it time to change them?
Enterprises should assess their cybersecurity products to make sure they're as effective as possible. Expert Mike O. Villegas discusses how to evaluate cybersecurity tools.Continue Reading
Breaking down the risks of VM escapes
The Xen hypervisor flaw highlighted the risks of VM escapes, but expert Ed Moyle explains why the flaw should serve as a warning for virtual containers as well.Continue Reading
Why relying on network perimeter security alone is a failure
A network perimeter security strategy alone can no longer protect enterprises. Expert Paul Henry explains why organizations must adapt.Continue Reading
'Going dark': Weighing the public safety costs of end-to-end encryption
'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.Continue Reading
Adjusting your network perimeter security
Expert Johna Till Johnson explains how the enterprise perimeter became obsolete, and how to replace network perimeter security with an approach to perimeterless security.Continue Reading
Life after the Safe Harbor agreement: How to stay compliant
Now that the Safe Harbor agreement is invalid, U.S. and EU organizations need to find new ways to securely handle data so they can stay in business.Continue Reading
How to manage system logs using the ELK stack tool
Centrally managing system logs is an important practice for enterprise security. Expert Dejan Lukan explains how to set up cloud servers, such as ELK stack, for this purpose.Continue Reading
Lessons in mobile data loss protection for enterprise IT pros
With mobile devices everywhere in the enterprise now, learning tactics for data loss protection must become an IT priority.Continue Reading
How should enterprises manage social media compliance incidents?
Social media compliance incidents in financial institutions are on the rise. Here are the most common violations and how to avoid them in the future.Continue Reading
The basics of network intrusion prevention systems
Expert Karen Scarfone explores intrusion prevention systems and their acquisition, deployment and management within the enterprise.Continue Reading
Getting to the bottom of the software vulnerability disclosure debate
The vulnerability disclosure debate rages on: Enterprises should know they are at risk, but vendors need time to patch flaws. Which side should prevail? Expert Michael Cobb discusses.Continue Reading
Emerging security threats you're up against now
Learn about the 'hacking as a service' and other emerging security threats.Continue Reading
How to perform a forensic acquisition of a virtual machine disk
Virtualization expert Paul Henry provides a step-by-step guide to imaging a virtual machine disk (*flat.vmdk) in a forensically sound manner.Continue Reading
Cyber Reconnaissance, Surveillance and Defense
In this excerpt of Cyber Reconnaissance, Surveillance and Defense, author Robert Shimonski describes commonly used mobile technology and how phone tracking works.Continue Reading
Managed security service providers: Weighing the pros and cons
Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading
Our AWS encryption keys were exposed accidentally -- now what?
Exposing encryption keys is never a good thing, but knowing the steps to take after such an incident can help limit damage to an enterprise. Expert Dan Sullivan explains.Continue Reading
How can I mitigate the risks of alternative Android browsers?
Expert Michael Cobb explains the security risks surrounding alternative Web browsers, as well as approaches enterprises can take to prevent BYOD employees from using them.Continue Reading
Certificate authorities are limited but new TLS versions can help
SSL/TLS, long the cornerstone of Web security, has become a security vulnerability due to problems with certificate authorities. Learn what solutions the industry is pursuing.Continue Reading
From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan
PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.Continue Reading
What do organizations need to know about privacy in a HIPAA audit?
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.Continue Reading
How to keep track of sensitive data with a data flow map
Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading
State of the Network study: How security tasks are dominating IT staff
The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading
Understanding and mitigating a FREAK vulnerability attack
After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it.Continue Reading
Six criteria for procuring security analytics software
Security analytics software can be beneficial to enterprises. Expert Dan Sullivan explains how to select the right product to fit your organization's needs.Continue Reading
Multifactor authentication: A buyer's guide to MFA products
In this SearchSecurity buyer's guide, learn how to evaluate and procure the right multifactor authentication product for your organization.Continue Reading
How should we hire for specialized information security roles?
A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals.Continue Reading
The CEO refuses cybersecurity best practices: Now what?
Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation.Continue Reading
AWS security groups vs. traditional firewalls: What's the difference?
AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.Continue Reading
New cyberthreats: Defending against the digital invasion
The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers.Continue Reading
Beyond the Page: New SIEM Battleground Unfolds with Advanced Analytics
Robert Lemos looks at next-generation security information and event management analytic tools and cloud-based systems.Continue Reading
SIEM systems: Using analytics to reduce false positives
Combining data from a variety of sources with better analytics can reduce workloads.Continue Reading
Final five considerations when evaluating intrusion detection tools
Before making an investment in an intrusion detection and prevention system, be sure to read this list of five final considerations to keep in mind during intrusion detection system evaluation.Continue Reading
Introduction to Web application firewalls in the enterprise
Expert Brad Causey takes a close look at Web application firewalls, explains how WAF technology can prevent Internet-based attacks from known and unknown applications threats, and offers advice on WAF management and deployment.Continue Reading
SSL/TLS security: Addressing WinShock, the Schannel vulnerability
Schannel is the latest cryptographic library to encounter SSL/TLS security issues. Expert Michael Cobb discusses the WinShock vulnerability and how to mitigate enterprise risks.Continue Reading
How emerging threat intelligence tools affect network security
Up and coming threat intelligence tools aim to improve data security and even standardize threat intelligence across the industry. Expert Kevin Beaver explains how.Continue Reading
A CISO's introduction to enterprise data governance strategy
Every enterprise must have a viable strategy for protecting high-value data. See if your plan aligns with Francoise Gilbert's advice on top priorities to consider when defining data governance plans.Continue Reading
How to increase the importance of information security in enterprises
Expert Mike Villegas explains how to use the Three C's to emphasize the importance of information security within an organization.Continue Reading
Targeted Cyber Attacks
In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets.Continue Reading
The Basics of Information Security
In this excerpt of The Basics of Information Security, author Jason Andress outlines methods for improving operating systems security.Continue Reading
Can setting a cache-control header improve application data security?
Application security expert Michael Cobb reviews the cache-control header codes that can help prevent a Web application from storing sensitive data.Continue Reading
The fundamentals of FDE: The business case for full disk encryption
Expert Karen Scarfone outlines the benefits of FDE to help businesses decide if the storage encryption technology is right for their organization.Continue Reading
The 10 questions to ask during a mobile risk assessment
To both embrace the benefits of BYOD and shore up the security gaps created by it, ask these 10 questions when conducting a mobile risk assessment.Continue Reading
SHA-2 algorithm: The how and why of the transition
Is it time to make the move to the SHA-2 algorithm? Application security expert Michael Cobb discusses and offers tips to ease the transition.Continue Reading
CISSP quiz: Cryptography CISSP certification practice test
Test your knowledge of the CISSP exam's Cryptography Domain by taking this practice quiz, which covers topics including public and private keys, encryption algorithms, digital certificates and more.Continue Reading
CISSP quiz: Access control models and components
Test your knowledge of the CISSP exam's Access Control Domain by taking this practice quiz, which covers topics including access control models, one-time passwords, IPS/IDS and more.Continue Reading
CISSP quiz: Information security governance and risk management
Test your knowledge of the Information Security Governance and Risk Management domain of the CISSP exam by taking this practice quiz.Continue Reading
The NoSQL challenge: What's in store for big data and security
Big data offers horizontal scalability, but how do you get your database security to scale along with it?Continue Reading
Are malicious mobile apps a mere inconvenience or a real threat?
How big a security threat are the malicious mobile apps riding into your enterprise on employees' mobile devices?Continue Reading
Threat intelligence versus risk: How much cybersecurity is enough?
Learn how threat intelligence plays into global risk assessment as more security officers are tasked with damage control.Continue Reading
Command-and-control servers: The puppet masters that govern malware
Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels.Continue Reading
Stop attackers hacking with Metasploit
Metasploit attacks may not be sexy, but they can stab through enterprise defenses. Learn how basic security controls can thwart Metasploit hacking.Continue Reading
When single sign-on fails, is a second SSO implementation worthwhile?
After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses.Continue Reading
How Cisco's 'Application Centric Infrastructure' differs from SDN
As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading
Linux Malware Incident Response
In this excerpt from Linux Malware Incident Response, authors Cameron Malin, Eoghan Casey and James Aquilina discuss volatile data collection methodology, steps and preservation.Continue Reading
Risk Management Framework
In this excerpt from chapter 3 of Risk Management Framework, author James Broad discusses the four components of risk management.Continue Reading
Why TCP traffic spikes with source port zero should sound an alarm
Are spikes in TCP traffic with source port zero warning signs that future attacks are imminent? Discover why enterprises should be concerned.Continue Reading
Tor networks: Stop employees from touring the deep Web
Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.Continue Reading
Preventing plaintext password problems in Google Chrome
Plaintext passwords are risky business. Michael Cobb discusses what Google says about the Chrome password vulnerability and potential exploits.Continue Reading
Femtocell security: Defending against a femtocell hack
The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack.Continue Reading
Locking the backdoor: Reducing the risk of unauthorized system access
Rampant backdoors in enterprise IT products too often provide unauthorized access to attackers and governments. Learn how to defend against the risks.Continue Reading
Return on security investment: The risky business of probability
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.Continue Reading
Inside the BREACH attack: How to avoid HTTPS traffic exploits
Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk.Continue Reading
Security incident response procedures: When to do a system shutdown
At times, security incident response procedures require drastic measures. Expert Nick Lewis explains when and how to perform a system shutdown.Continue Reading
Third-party risk management: Horror stories? You are not alone
The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading
How to define SIEM strategy, management and success in the enterprise
Enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Learn how to achieve success with SIEM in your organization.Continue Reading
Are FedRAMP security controls enough?
Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far.Continue Reading
Amazon S3 encryption overview: How to secure data in the Amazon cloud
Learn details for employing Amazon S3 encryption features. Expert Dave Shackleford compares S3 encryption to other cloud provider offerings.Continue Reading
Improving security management processes with SIEM
In our newest Security School lesson, Mike Rothman covers how to get the best data to improve incident response.Continue Reading
Quiz: Using SIEM technology to improve security management processes
In this five question quiz, test your knowledge of our Security School lesson on using SIEM technology to improve security management processes.Continue Reading
How to configure a VLAN to achieve the benefits of VLAN security
Expert Brad Casey explains how to configure a VLAN in order to achieve the benefits of VLAN security, including protection against insider attacks.Continue Reading
Managing big data privacy concerns: Tactics for proactive enterprises
The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading
Antivirus evasion techniques show ease in avoiding antivirus detection
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading
Outsourcing security services in the enterprise: Where to begin
Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading
Quiz: Managing BYOD endpoint security
In this six question quiz, test your knowledge of our Security School lesson on managing BYOD endpoint security.Continue Reading
How to implement firewall policy management with a 5-tuple firewall
Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons.Continue Reading
The Huawei security risk: Factors to consider before buying Chinese IT
Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading
Thirteen principles to ensure enterprise system security
Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading
Metasploit Review: Ten Years Later, Are We Any More Secure?
Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.Continue Reading
Security incident management in the cloud: Tackling the challenges
Identifying security incidents in cloud environments isn't easy, but there are steps companies can take to ease the process.Continue Reading
Information Security Magazine: FEBRUARY 2012
Learn about the latest malware threats targeting enterprises and what you can do to reduce the risk of infection.Continue Reading
Identity and access management concepts and predictions to watch in 2011
Forrester's Andras Cser discusses the emerging identity and access management concepts and market predictions enterprises should be prepared for in 2011.Continue Reading
Virtualization 101: Best practices for securing virtual machines
VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.Continue Reading
Cloud security standards provide assessment guidelines
The Cloud Security Alliance Cloud Controls Matrix helps cloud providers and customers to evaluate security controls.Continue Reading