Security Management Strategies for the CIOEmail Alerts
-
Quiz: Demystifying data encryption
A five-question multiple-choice quiz to test your understanding of the data encryption content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Data Protection Security School. Quiz
-
Locking down database applications
In this lesson, learn how to secure database apps by building roles and privileges and monitoring access to prevent insider abuse, plus satisfy regulators by properly segregating duties and limiting application access to sensitive database data. partOfGuideSeries
-
Data encryption demystified
Five years ago, security professionals needed a deep understanding of cryptography to make encryption work. Today, thanks to advancements in "practical" cryptography, data encryption is more user-friendly, and easier to implement and manage across mu... partOfGuideSeries
-
Quiz: Storage security
Regulations like SOX and the recently approved Personal Data Privacy and Security Act are bringing the importance of data protection to light. Loss of data – be it inadvertent or surreptitious -- can result in fines, loss of revenue and loss of... Security Quiz
-
PING with Karen Worstell
The Microsoft CISO discusses how she keeps Redmond and its products secure. Information Security maga
-
Life at the edge part 3: Resistance to failure
Learn how architecture, protocol and application-level protections work together to safeguard a Web infrastructure. Security School
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server. News | 30 Jul 2012
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration. News | 02 May 2012
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications. News | 25 Oct 2011
-
PCI Council issues point-to-point encryption validation requirements
A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules. News | 16 Sep 2011
-
Auditors choose encryption over tokenization for data security, survey finds
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data. Article | 15 Mar 2011
-
PCI encryption requirements driving widespread adoption, survey finds
Encryption has become generally accepted in the industry, said Larry Ponemon, founder of the Ponemon Institute LLC. Article | 16 Nov 2010
-
PCI encryption: PCI Council calls point-to-point encryption immature
The PCI Council's latest guidance document for point-to-point encryption calls the market for the technology too immature and warns merchants that vendor lock-in could be a problem. Article | 13 Oct 2010
-
Tokens vs encryption: RSA touts tokens
Encryption expert Robert Griffin, technical director at RSA, the security division of EMC Corp., explains why RSA is pushing card-based tokens over format preserving encryption in the payment process. News | 24 Jun 2010
-
Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain
Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit cre... Interview | 23 Jun 2010
-
NuBridges update enables simultaneous data center tokenization
The software update helps enterprises coordinate the issuing of tokens among multiple data centers, and apply the technology to PII and PHI. Article | 21 Jun 2010
- See More: News on Disk Encryption and File Encryption
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
-
P2P encryption: Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons. Tip
-
Analysis: PCI Tokenization Guidelines offer clarity, but questions remain
Expert Diana Kelley says the new PCI Tokenization Guidelines pave the way for CDE tokenization, but some technical specifications remain unclear. Tip
-
PCI encryption requirements: Limiting PCI scope with P2P encryption
P2P encryption, or encryption of data in transit, has long been a point of confusion for PCI DSS-bound merchants. In this tip, expert Ed Moyle explains the PCI SSC's recent guidance on P2P encryption. Tip
-
Unmasking data masking techniques in the enterprise
Patch-testing and development environments can't use live data and keep it secure. That's where data masking comes in. Michael Cobb examines the principles behind data masking and why security pros should endorse its use in order to keep production d... Tip
-
Choosing smartphone encryption software for mobile smartphone security
If your enterprise users have smartphones, then your enterprise may need smartphone encryption. In this tip, expert Dave Shackleford describes what to look for in smartphone encryption software, from cost to management capabilities. Tip
-
How to change from WEP to WPA for PCI DSS compliance
The deadline to change from WEP to WPA wireless encryption standard for PCI DSS compliance is quickly approaching. Learn how to change from WEP to WPA and how to ensure that WEP is completely eradicated from your network. Tip
-
Portable USB thumb drive encryption: Software and security policy
If you allow USB flash drives at your enterprise, encryption software and policy are a must. In this tip, learn about the best USB encryption options and how to choose one for your organization. Tip
-
Data encryption methods: Securing emerging endpoints
Enterprises face a new challenge in the form of endpoint encryption for emerging devices. In this tip, Mike Chapple explains how companies can go about evaluating and choosing data encryption methods for emerging endpoints such as iPads, netbooks and... Tip
-
How to prevent iPhone spying: Mobile phone management tips
So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question. Tip
- See More: Tips on Disk Encryption and File Encryption
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint. Answer
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems. Answer
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Symmetric key encryption algorithms and hash function cryptography united
Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques. Answer
-
How MAC and HMAC use hash function encryption for authentication
Hash function encryption is the key for MAC and HMAC message authentication. See how this differs from other message authentication tools from expert Michael Cobb. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
-
Rating Windows 7 mobile device encryption
Is it true that Windows 7 mobile device encryption isn’t on-board? How does that affect the phones’ security? Expert Michael Cobb looks at how mobile encryption is vital to enterprise security. Answer
-
How does DNA cryptography relate to company information security?
What is DNA cryptography, and would it be an effective method for us in enterprise information security? IAM expert Randall Gamby discusses how DNA cryptography works and how to use it. Ask the Expert
-
Utilizing a hash function algorithm to help secure data
Learn how a hash function algorithm -- specifically a one-way hash function of the Dynamic SHA-2 algorithm -- can help protect important documents using a variety of hashes to confuse malicious code. Ask the Expert
- See More: Expert Advice on Disk Encryption and File Encryption
-
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Homomorphic encryptions allow complex mathematical operations to be performed on encrypted data without c... Definition
-
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies and, as a likely consequence, may eventually become the de facto encryption standard for commercial transac... Definition
-
Twofish
Twofish is an encryption algorithm based on an earlier algorithm, Blowfish, and was a finalist for a NIST Advanced Encryption Standard (AES) algorithm to replace the DES algorithm. Definition
-
network encryption (network layer or network level encryption)
Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer - above the data link level, but below the application level. Definition
-
Escrowed Encryption Standard (EES)
The Escrowed Encryption Standard (EES) is a standard for encrypted communications that was approved by the U.S. Department of Commerce in 1994 and is better known by the name of an implementation called the Clipper chip. Definition
-
Encrypting File System (EFS)
The Encrypting File System (EFS) is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent. Definition
-
data key
In cryptography, a data key is a key (a variable value that is applied to a string or block of text to encrypt or decrypt it) that is used to encrypt or decrypt data only and is not used to encrypt or decrypt other keys, as some encryption formulas c... Definition
-
Rijndael
Rijndael (pronounced rain-dahl) is the algorithm that has been selected by the U.S. National Institute of Standards and Technology (NIST) as the candidate for the Advanced Encryption Standard (AES). Definition
-
Data Encryption Standard (DES)
Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. Definition
-
encryption
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. Definition
- See More: Definitions on Disk Encryption and File Encryption
-
PCI encryption, virtualization standards: Interpreting PCI guidelines
Get expert advice on understanding the PCI encryption requirements and virtualization guidance in this video. Video
-
Enterprise encryption strategy: The path to simple data encryption
This primer on enterprise encryption strategy covers use cases for various devices and data types, and offers strategies for simple data encryption. Video
-
Realign your data protection strategy efforts
In this video, learn what you need to do to realign your strategic focus to counter new threats by first understanding what’s important to your business. Video
-
Bruce Schneier on cryptography and government information security
Author and leading security expertBruce Schneier digs into the topics of the current state of cryptography and whether or not companies should care about the U.S. government's release of portions of the CNCI. Video
-
Curveball: Endpoint encryption strategies
When a laptop turns up stolen, it's reassuring to know that the contents of the device were encrypted, transforming a potentially disastrous data breach into a simple case of missing hardware. In this podcast we look at the issues surrounding the use... Podcast
-
Cryptography for the rest of us
In this video, learn cryptography techniques for your enterprise that comply with regulatory and legal requirements, as well as what you need to understand before buying or building cryptography solutions. Video
-
Fact or fiction: Pros and cons of database encryption
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ne... Podcast
-
Video: Data encryption techniques and methods for protecting data
In this screencast, which is a part of our SearchSecurity.com Data Protection Security School lesson, you will about the different data encryption techniques and methods for protecting data as well as how to implement data encryption at your enterpri... Video
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint. Answer
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration. Tip
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server. News
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration. News
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems. Answer
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect. Answer
-
P2P encryption: Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons. Tip
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications. News
-
Symmetric key encryption algorithms and hash function cryptography united
Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques. Answer
- See More: All on Disk Encryption and File Encryption
About Disk Encryption and File Encryption
Encrypting data at rest, whether at the file level or the disk level, can be a valuable tactic in the fight against hackers. Get advice on how to secure your organization's data with full, hard and whole disk encryption, and how to encrypt files with file encryption tools and software.