Security Management Strategies for the CIO- Data Loss Prevention
- Data Analysis and Classification
- Data Security and Cloud Computing
- Identity Theft and Data Security Breaches
- Enterprise Data Governance
- Disk Encryption and File Encryption
- Database Security Management
Email Alerts
-
Holistic security for database-centric applications
In this exclusive video presentation, Nemertes Research Senior Vice President and Founding Partner Andreas Antonopoulos provides an executive overview of the security issues of securing database-centric applications and the key tactics essential to success.Video
-
PDF download: Information Security magazine May 2012
In this issue, security expert Lisa Phifer examines mobile device management technology.Magazine
-
Deploying DP systems: Four DLP best practices for success
Plan your data loss prevention project carefully to avoid missteps.Magazine
-
PDF download: Information Security magazine April 2012
In this issue, read about enterprise requirements for unified threat management systems. Also read about tokenization and AMI security issues.Magazine
-
Security visibility: Honestly assessing security posture
In this security school, you’ll learn how to gain the clearest visibility into the state of your company’s information security efforts. You’ll learn strategically how to make the most of your SIM, log management, network monitoring, GRC and penetration testing tools and services to provide a centralized collection of intelligence you can use to evaluate your company’s state of security.partOfGuideSeries
-
Quiz: Data breach prevention strategies
Test your knowledge of data breach prevention strategies in this five-question quiz.Quiz
-
Data breach prevention strategies
This Security School lesson will establish a baseline data breach prevention strategy every enterprise should have in place. You learn about the importance of a risk assessment and defining and prioritizing potential threats based on your organization's unique criteria; what access controls and audit capabilities that must be in place; what essential technologies you need to secure data; and the key security program elements that can prevent a security lapse from becoming a security breach.partOfGuideSeries
-
A framework for big data security
Organizations are entranced with big data but need to acknowledge the security risks and plan accordingly.Magazine
-
Adopt Zero Trust to help secure the extended enterprise
Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
-
Quiz: Network content monitoring must-haves
See if you know the essentials of network content monitoring in this SearchSecurity.com Security School quiz.Quiz
- VIEW MORE ON : Data Loss Prevention
-
Intro: How big data benefits enterprise information security posture
Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape.Tip
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Video
-
Securing big data: Architecture tips for building security in
Expert Matt Pascucci advises a reader on securing big data with tips for building security into enterprise big data architectures.Answer
-
Gartner: Big data security will be a struggle, but necessary
The research firm says big data security analysis will be critical to fighting off advanced attacks, but few easy technology options exist today.News | 12 Jun 2012
-
Does reducing data storage improve PCI credit card compliance?
Mike Chapple discusses whether reducing customer credit card data storage is better, worse or ineffective for improving PCI credit card compliance.Answer
-
Information security intelligence demands network traffic visibility
Use the network and host data at your disposal to create business-focused information security intelligence policies and strategies.Tip
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Tip
-
Quiz: Security log analysis for actionable security information
Test your knowledge of security log analysis in this five-question quiz.Quiz
-
RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year.News | 28 Feb 2012
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.Feature
- VIEW MORE ON : Data Analysis and Classification
-
FFIEC statement on cloud risk misses the mark
Bank regulators provide few details on managing cloud risks.News | 26 Jul 2012
-
Do you need virtual firewalls? What to consider first
With virtual firewalls, you can avoid routing traffic out of the virtual environment to pass through a physical firewall. But there are challenges to consider in going virtual.Tip
-
Cloud endpoint security: Considerations for cloud security services
Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security.Answer
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.Answer
-
DHS cloud computing: Homeland Security’s model private cloud strategy
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings.News | 05 Oct 2011
-
Breach fears push federal cloud computing initiative to private cloud
Trapped between budget constraints and security fears, government agencies are increasingly opting for private clouds.News | 20 Sep 2011
-
XACML tutorial: Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.Tip
-
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Homomorphic encryptions allow complex mathematical operations to be performed on encrypted data without compromising the encryption.Definition
-
Cloud failures, privacy issues and data breach woes
Eric Holmquist of Holmquist Advisory joins the editorial team to talk about the Verizon DBIR, the recent Apple privacy debacle and the Amazon cloud failure.Podcast
-
Information Security magazine online April 2011
This issue of Information Security looks at what enterprises need to do before moving to the cloud.Magazine
- VIEW MORE ON : Data Security and Cloud Computing
-
Verizon DBIR 2012: On Web app security, basics still lacking
Expert Michael Cobb analyzes takeaways from the Verizon DBIR 2012 report regarding Web app security and the need for more basic security measures.Answer
-
Scope of Dropbox security breach is undetermined
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses.News | 01 Aug 2012
-
FBI undercover operation leads to huge online credit card fraud sting
Twenty-four people arrested across eight countries in international cybercrime takedown.News | 26 Jun 2012
-
Password database inventory required following LinkedIn breach
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert.News | 25 Jun 2012
-
Diagram outside firm role early in security incident response process
Expert Nick Lewis provides criteria for selecting outside incident response firms and how to define security incident response process needs early on.Tip
-
Global Payments processor breach expands, merchant data exposed
The processor said its breach did not exceed 1.5 million cards, but added that the personal data provided by merchant applications was also exposed.News | 14 Jun 2012
-
Holistic security for database-centric applications
In this exclusive video presentation, Nemertes Research Senior Vice President and Founding Partner Andreas Antonopoulos provides an executive overview of the security issues of securing database-centric applications and the key tactics essential to success.Video
-
GlobalPayments breach update explains scope of lapse
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customersNews | 02 May 2012
-
Verizon DBIR: Organizations are forgetting computer security basics
Verizon data breach report illustrates need to get back to basics.Magazine
-
Anonymous hacking group member pleads ‘not guilty’ in police website attack
An Ohio man reportedly associated with Anonymous pleaded not guilty on Monday to charges of hacking two Utah police websites.News | 18 Apr 2012
- VIEW MORE ON : Identity Theft and Data Security Breaches
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration.Tip
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Video
-
Organizations have poor digital document security, survey reveals
At study by the Ponemon Institute shows 63% of organizations do not fully secure confidential documents.News | 03 Aug 2012
-
Comparing enterprise data anonymization techniques
Compare data anonymization techniques including encryption, substitution, shuffing, number and data variance and nulling out data.Tip
-
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites.Video
-
How to ensure data security by spotting enterprise security weaknesses
How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security.Tip
-
Data breach prevention strategies
This Security School lesson will establish a baseline data breach prevention strategy every enterprise should have in place. You learn about the importance of a risk assessment and defining and prioritizing potential threats based on your organization's unique criteria; what access controls and audit capabilities that must be in place; what essential technologies you need to secure data; and the key security program elements that can prevent a security lapse from becoming a security breach.partOfGuideSeries
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy.Feature
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.Tip
-
Quiz: Network content monitoring must-haves
See if you know the essentials of network content monitoring in this SearchSecurity.com Security School quiz.Quiz
- VIEW MORE ON : Enterprise Data Governance
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration.Tip
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server.News | 30 Jul 2012
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration.News | 02 May 2012
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems.Answer
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect.Answer
-
P2P encryption: Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.Tip
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.Answer
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications.News | 25 Oct 2011
-
Symmetric key encryption algorithms and hash function cryptography united
Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques.Answer
-
Analysis: PCI Tokenization Guidelines offer clarity, but questions remain
Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear.Tip
- VIEW MORE ON : Disk Encryption and File Encryption
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Video
-
Preventing Web database access with a triple-homed firewall
Mike Chapple discusses database security best practices and how to protect against unauthorized Web access by using a triple-homed firewall.Answer
-
Data breach prevention strategies
This Security School lesson will establish a baseline data breach prevention strategy every enterprise should have in place. You learn about the importance of a risk assessment and defining and prioritizing potential threats based on your organization's unique criteria; what access controls and audit capabilities that must be in place; what essential technologies you need to secure data; and the key security program elements that can prevent a security lapse from becoming a security breach.partOfGuideSeries
-
Security School: Network content monitoring must-haves
In this new lesson, expert Mike Chapple explores how to best prioritize and strategize for data protection investments to protect key content.Guide
-
Adopt Zero Trust to help secure the extended enterprise
Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
-
Symantec acquires LiveOffice for online data archiving
Symantec said the $115 million-dollar deal boosts its e-discovery business and offer security and antispam capabilities for on-premise and hosted email.News | 16 Jan 2012
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.Tip
-
Network Content Monitoring
Technologies that monitor how data moves in and out of organizations are rapidly intersecting. Data loss prevention, digital rights management and database activity monitoring, just to mention a few, all have overlapping functions and purposes not only to secure data but to help organizations with their compliance mandates. In this security school, you’ll learn about these intersections and how to best prioritize and strategize for your data protection investments.guide
-
EDRM-DLP combination could soon bolster document security management
The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management.Tip
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised.Answer
- VIEW MORE ON : Database Security Management