• Login
  • Become a member
  • RSS
  • Part of the TechTarget network
SearchSecurity.com
  • News
    • Latest Headlines
      • Brief: Microsoft out-of-band patch addresses IE zero-day
      • Dell SecureWorks adds vulnerability management services for cloud
      • Will TurkTrust incident raise certificate use to Chrome standard?
      • View All News
    • Featured

      • Information Security Magazine

        The information security pro’s resource for keeping corporate data, applications and devices secure

        Download Now!
  • Premium
    • E-Books
      • Technical guide to secure collaboration software
      • Technical guide on PCI: Global compliance trends
      • Technical guide to Web security gateways
      • View All E-Books
    • E-Zines
      • Information Security magazine
      • Information Security magazine archives
      • Information Security magazine subscription/renewal
      • Information Security magazine calendar
  • Multimedia
      • Videos
      • Podcasts
      • Screencasts
      • Webcasts
      • Slideshows
  • Security
    Topics
    • Topics
      • Enterprise Data Protection

        Data Loss Prevention, Data Analysis and Classification, Data Security and Cloud Computing, Identity Theft and Data Security Breaches, Enterprise Data Governance, Disk Encryption and File Encryption, Database Security Management

        Application and Platform Security

        Secure SaaS: Cloud services and systems, Operating System Security, Enterprise Vulnerability Management, Virtualization Security Issues and Threats, Securing Productivity Applications, Software Development Methodology, Web Security Tools and Best Practices, Application Firewall Security, Application Attacks (Buffer Overflows, Cross-Site Scripting), Database Security Management, Email Protection, Open Source Security Tools and Applications, Social media security

        Enterprise Identity and Access Management

        Web Authentication and Access Control, User Authentication Services, Identity Management Technology and Strategy

        Government IT Security Management
      • Information Security Threats

        Malware, Viruses, Trojans and Spyware, Smartphone and PDA Viruses and Threats, Emerging Information Security Threats, Information Security Incident Response, Hacker Tools and Techniques: Underground Sites and Hacking Groups, Denial of Service (DoS) Attack Prevention, Security Awareness Training and Internal Threats, Application Attacks -Information Security Threats , Web Server Threats and Countermeasures, Identity Theft and Data Security Breaches, Enterprise Vulnerability Management, Email and Messaging Threats, Web Application and Web 2.0 Threats

        Information Security Careers, Training and Certifications

        Security Industry Certifications, Information Security Jobs and Training, CISSP Certification

        Security Audit, Compliance and Standards

        ISO 17799, Gramm-Leach-Bliley Act (GLBA), PCI Data Security Standard, HIPAA, Sarbanes-Oxley Act, IT Security Audits, Data Privacy and Protection, FFIEC Regulations and Guidelines, COBIT

        Security for the Channel
      • Enterprise Network Security

        Network Security: Tools, Products, Software, Network Protocols and Security, Secure VPN Setup and Configuration, Network Intrusion Detection and Analysis, Wireless Network Security: Setup and Tools, NAC and Endpoint Security Management

        Information Security Management

        Security Industry Market Trends, Predictions and Forecasts, Enterprise Risk Management: Metrics and Assessments, Enterprise Compliance Tools, Business Management: Security Support and Executive Communications, Enterprise Compliance Management Strategy, Disaster Recovery and Business Continuity Planning, Information Security Policies, Procedures and Guidelines, Information Security Laws, Investigations and Ethics, Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions, Information Security Incident Response-Information, Security Awareness Training and Internal Threats, News and analysis from IT security conferences

    • Hot Topics
      • Security Management Strategies for the CIO
      • Security patch management and Windows Patch Tuesday news
      • PCI Data Security Standard
      • Disk Encryption and File Encryption
      • Malware
  • Tutorials
    • Advice & Tutorials
      • Security School Course Catalog from SearchSecurity.com
      • Information Security Learning Guides
      • Information security book excerpts and reviews
      • Wireless Security Lunchtime Learning with Lisa Phifer
      • Information security podcasts
      • Screencasts: On-screen demonstrations of security tools
    • Technology Dictionary
      • Find definitions and links to technical resources
      • Powered by WhatIs.com
  • Expert
    Advice
    • Tips
      • Adobe attack analysis: Addressing Adobe security certificate issues
      • Updated COPPA regulations add to child Internet protection guidelines
      • Top five free enterprise network intrusion-detection tools
      • View All Tips
    • Answers
      • What is 'big data'? Understanding big data security issues
      • How should NFC security risks affect a BYOD security policy?
      • Why a security conscience is key among CISO responsibilities
      • View All Answers
    • Ask a Question
      • Get help from our technical community
      • Powered By ITKnowledgeExchange.com
  • White
    Papers
    • Research Library
      • White Papers
      • Business Webcasts
      • Downloads
      • Powered by Bitpipe.com
    • Product Demos
      • Try out software demos
      • Powered By 2020Software.com
    • Resource Centers
      • View All Resource Centers
  • Blogs
    • Blogs
      • More Security Blogs
      • Security Corner with Ken Harthun
      • Security Wire Weekly
      • More Security Blogs
      • Powered By ITKnowledgeExchange.com
  • Certification
    Central
      • CISSP Practice Test
      • Earn CPE Credit
  • Home
  • Ask the Experts

  • Submit your questions about infosec threats

    Nick Lewis is standing by to give you free, unbiased advice on information security threats.

  • Submit your questions about IAM

    Randall Gamby is standing by to give you free, unbiased advice on identity and access management.

  • Submit your questions about application security

    Michael Cobb is standing by to give you free, unbiased advice on application security.

  • Meet All Experts

Submit a question to our experts

Expert Answers

  • Understanding 'big data' security issues

    In this Ask the Expert video, Ernie Hayden answers the question of what 'big data' is and outlines big data security issues in this video.

  • Should enterprises worry about NFC security risks?

    Security expert Nick Lewis explores the emerging security risks posed by NFC technology and discusses their effect on enterprise BYOD policy.

  • Video Ask the Expert: Why security conscience matters

    Every firm needs a security conscience, according to expert Ernie Hayden, who says it is critical among key CISO responsibilities.

  • How to clean booter shells from compromised servers

    Expert Nick Lewis discusses the importance of fully cleaning a compromised server and how to detect and remove booter shells and other remnants.

  • How to avoid the unseen danger of iFrame attacks

    How can enterprises and users protect themselves from malicious content embedded in iFrames? Expert Nick Lewis explores iFrame attack mitigations.

  • How to defend against cache poisoning attacks via HTML5

    Expert Nick Lewis explains how the HTML5 offline application cache exposes users to the threat of cache poisoning and provides mitigation options.

  • Performing APT detection amid hidden network traffic

    Is it possible to detect APT attacks when malicious traffic is hidden? Expert Nick Lewis details how the Elirks backdoor connection hides APT traffic.

  • How to engage employees in compliance best practices

    Mike Chapple offers four tips for improving employee collaboration and creativity with an enterprise's compliance program.

  • PCI compliance requirements for mobile payment networks

    Mike Chapple discusses what the PCI compliance requirements might look like for mobile payment networks such as Merchant Customer Exchange (MCX).

  • Is HITRUST C-TAS the new compliance mandate?

    Mike Chapple discusses the new HITRUST C-TAS information-sharing consortium and clarifies whether it relates to the HIPAA compliance mandate.

  • Reduce PCI scope with credit card tokenization

    It's possible to reduce PCI scope with credit card tokenization if it is implemented properly. Expert Mike Chapple explains in this Q&A.;

  • Validating the PCI DSS scope of compliance

    Expert Mike Chapple explains the four tests a QSA performs to validate that an organization has properly defined their PCI DSS scope of compliance.

  • How to outsource PCI compliance to a cloud provider

    Small business credit card processing from a PCI-compliant cloud provider can help reduce the burden of PCI compliance. Expert Mike Chapple explains.

  • iOS Security Guide: What is Apple's stance on security?

    Expert Michael Cobb digs into the Apple iOS Security Guide to see if any iOS security issues are revealed.

  • Skype security concerns: What are your options?

    A Web-based tool has exposed some serious Skype security concerns. Expert Michael Cobb discusses the options for organizations that rely on Skype.

  • Is gTLD security in question as applications rise?

    Expert Michael Cobb provides advice on addressing gTLD security as ICANN accepts more and more domain extension applications.

  • Aid, don't replace, secure coding practices with WAFs

    WAFs aren't a panacea for all Web security woes. Software development security best practices are still vital. Expert Michael Cobb discusses why.

  • Should screen timeouts be part of your BYOD strategy?

    Expert Michael Cobb provides advice on why and how enterprises should establish a screen timeout period as part of any BYOD security policy.

  • Secure corporate data when executives travel abroad

    Concerned about data theft when enterprise executives travel? Security expert Nick Lewis details how to protect sensitive data when execs go abroad.

  • Google shows why enterprises need to reassess Wi-Fi

    Expert Nick Lewis explains the Google Street View controversy and why enterprises should be anxious about their wireless network security, not Google.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
More from Related TechTarget Sites
  • Cloud Security
  • Security Channel
  • SMB Security
  • Financial Security
  • Security UK
  • Security AU
  • Security IN
  • Cloud Security
    • Understanding open source cloud infrastructure security

      Cloud security expert Ed Moyle discusses the pros and cons of an open source cloud, as well as running an open source cloud security infrastructure.

    • NIST cloud security spec addresses cloud geolocation, data security

      The new NIST cloud security proof-of-concept implementation details how to manage workloads based on cloud geolocation data.

    • Evaluating cloud-based disaster recovery service options

      What considerations should be made when adopting a cloud-based disaster recovery service? Expert Dave Shackleford provides guidance.

  • Security Channel
    • Biometric authentication methods: Comparing smartphone biometrics

      Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.

    • F5 Vault program embraces incentives for F5 firewall, security sales

      The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.

    • Using DMARC to improve DKIM and SPF email antispam effectiveness

      DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.

  • searchMidmarketSecurity
    • Windows Phone 7 security: Assessing WP7 security features

      Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.

    • Choosing the best security certifications for your career

      Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.

    • A step-by-step SMB IT security risk assessment process

      Assessing your organization's security threats and risks takes just five steps, says Robbie Higgins. Check out his quick guide to the SMB security risk assessment process.

  • searchFinancialSecurity
    • Cybergang plans to use Trojan against U.S. banks

      A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA.

    • Improved Shylock Trojan targets banking users

      The latest variant of the banking Trojan is causing numerous problems, Symantec said.

    • Tilon financial malware targets banks via MitB attack, Trusteer finds

      Tilon is related to the Silon malware detected in 2009. It uses a man-in-the-browser attack to capture form submissions and steal credentials.

  • Security UK
    • Infosecurity 2012: IPv6 challenges to network security

      In this video interview, Ian Kilpatrick of Wick Hill discusses the IPv6 challenges that small and medium businesses are just beginning to address.

    • Apache DDoS vulnerability requires immediate update to avoid threat

      Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.

    • Learn how to utilize a free spam-filtering service for your SMB

      Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.

  • searchSecurityAU
    • Will TurkTrust incident raise certificate use to Chrome standard?

      Enterprises can disrupt cybercriminals and deter future attacks, explained Dmitri Alperovitch, CTO of CrowdStrike Inc. The approach has its critics.

    • Windows Server 2012 security: Is it time to upgrade?

      Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release.

    • Evaluating cloud-based disaster recovery service options

      What considerations should be made when adopting a cloud-based disaster recovery service? Expert Dave Shackleford provides guidance.

  • Information Security
    • Audits and compliance requirements for cloud computing

      Even as India Inc experiments with the cloud, security concerns play spoilsport. These cloud computing audit and compliance tips will make your journey easier.

    • Patch Tuesday: Five critical bulletins, Exchange Server fix expected

      In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word.

    • Cutwail botnet spam campaign tied to Zeus banking Trojan

      The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials.

All Rights Reserved,Copyright 2000 - 2013, TechTarget
  • About Us
  • Contact Us
  • Site Index
  • Privacy policy
  • Advertisers
  • Business partners
  • Events
  • Media kit
  • TechTarget Corporate site
  • Reprints
  • Site map