Security Management Strategies for the CIO- Data Loss Prevention
- Data Analysis and Classification
- Data Security and Cloud Computing
- Identity Theft and Data Security Breaches
- Enterprise Data Governance
- Disk Encryption and File Encryption
- Database Security Management
Email Alerts
-
Readers' Choice Awards 2012
For the seventh consecutive year, Information Security readers voted to determine the best security products. More than 2,000 voters participated this year, rating products in 14 different categories.guideSeries
-
Avoiding a breach by a third-party data recovery services provider
Expert Nick Lewis discusses the security requirements enterprises should establish when selecting a third-party data recovery services provider.Answer
-
Organizations have poor digital document security, survey reveals
At study by the Ponemon Institute shows 63% of organizations do not fully secure confidential documents.News | 03 Aug 2012
-
DLP use cases: When to use network storage and endpoint DLP
In this video, our expert will explain how different types of DLP work, such as network and endpoint DLP, and how it secures data at rest.Video
-
Use data loss prevention software to secure endpoints from malicious insiders
Mobile devices make it easier than ever for malicious insiders to take sensitive data from the enterprise. Data loss prevention software can help with endpoint security management.Tip
-
Holistic security for database-centric applications
In this exclusive video presentation, Nemertes Research Senior Vice President and Founding Partner Andreas Antonopoulos provides an executive overview of the security issues of securing database-centric applications and the key tactics essential to success.Video
-
PDF download: Information Security magazine May 2012
In this issue, security expert Lisa Phifer examines mobile device management technology.Magazine
-
Deploying DP systems: Four DLP best practices for success
Plan your data loss prevention project carefully to avoid missteps.Magazine
-
PDF download: Information Security magazine April 2012
In this issue, read about enterprise requirements for unified threat management systems. Also read about tokenization and AMI security issues.Magazine
-
Security visibility: Honestly assessing security posture
In this security school, you’ll learn how to gain the clearest visibility into the state of your company’s information security efforts. You’ll learn strategically how to make the most of your SIM, log management, network monitoring, GRC and penetration testing tools and services to provide a centralized collection of intelligence you can use to evaluate your company’s state of security.partOfGuideSeries
- VIEW MORE ON : Data Loss Prevention
-
Verizon DBIR: Identify insider threat warning signs, safeguard IP
Trusted insiders often play a role in IP theft, according to a new report. Spot the warning signs and apply the right data protection, say experts.News | 24 Oct 2012
-
Security big data: Preparing for a big data collection implementation
Learn how security big data initiatives support enterprise information security and how to prepare for a big data collection implementation.Tip
-
Intro: How big data benefits enterprise information security posture
Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape.Tip
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Video
-
Securing big data: Architecture tips for building security in
Expert Matt Pascucci advises a reader on securing big data with tips for building security into enterprise big data architectures.Answer
-
Gartner: Big data security will be a struggle, but necessary
The research firm says big data security analysis will be critical to fighting off advanced attacks, but few easy technology options exist today.News | 12 Jun 2012
-
Does reducing data storage improve PCI credit card compliance?
Mike Chapple discusses whether reducing customer credit card data storage is better, worse or ineffective for improving PCI credit card compliance.Answer
-
Information security intelligence demands network traffic visibility
Use the network and host data at your disposal to create business-focused information security intelligence policies and strategies.Tip
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Tip
-
Quiz: Security log analysis for actionable security information
Test your knowledge of security log analysis in this five-question quiz.Quiz
- VIEW MORE ON : Data Analysis and Classification
-
Readers' Choice Awards 2012
For the seventh consecutive year, Information Security readers voted to determine the best security products. More than 2,000 voters participated this year, rating products in 14 different categories.guideSeries
-
FFIEC statement on cloud risk misses the mark
Bank regulators provide few details on managing cloud risks.News | 26 Jul 2012
-
Do you need virtual firewalls? What to consider first
With virtual firewalls, you can avoid routing traffic out of the virtual environment to pass through a physical firewall. But there are challenges to consider in going virtual.Tip
-
Cloud endpoint security: Considerations for cloud security services
Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security.Answer
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.Answer
-
DHS cloud computing: Homeland Security’s model private cloud strategy
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings.News | 05 Oct 2011
-
Breach fears push federal cloud computing initiative to private cloud
Trapped between budget constraints and security fears, government agencies are increasingly opting for private clouds.News | 20 Sep 2011
-
XACML tutorial: Using XACML as a foundation for entitlement management
Learn how to use XACML to externalize fine-grained authorization from application logic and support cloud-based IAM initiatives.Tip
-
homomorphic encryption
Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Homomorphic encryptions allow complex mathematical operations to be performed on encrypted data without compromising the encryption.Definition
-
Cloud failures, privacy issues and data breach woes
Eric Holmquist of Holmquist Advisory joins the editorial team to talk about the Verizon DBIR, the recent Apple privacy debacle and the Amazon cloud failure.Podcast
- VIEW MORE ON : Data Security and Cloud Computing
-
Study finds firms lagging in health care privacy, data security protections
Inadequate security controls, a heavy use of cloud-based services, and employee negligence are resulting in multiple breaches at the same firms.News | 06 Dec 2012
-
Phishing attack, stolen credentials sparked South Carolina breach
A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.News | 21 Nov 2012
-
Identity fraud rings in the U.S. target wireless companies, banks
A new study by ID Analytics found that more than 10,000 identity fraud rings exist in the U.S., many in the rural Southeast.News | 15 Nov 2012
-
NASA to deploy whole-disk encryption following breach
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.News | 15 Nov 2012
-
Adobe investigates scope of customer forum breach
Names, email addresses and encrypted passwords of thousands of customers may have been exposed in a breach of the software maker's customer forum.News | 14 Nov 2012
-
offensive security
Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.Definition
-
CrowdStrike advocates offensive security, proactive defense approach
Enterprises can disrupt cybercriminals and deter future attacks, explains Dmitri Alperovitch, CTO of CrowdStrike Inc. The approach has its critics.News | 01 Nov 2012
-
South Carolina breach affects millions
Millions of Social Security numbers and thousands of credit and debit cards were exposed after an attacker penetrated a state agency server.News | 29 Oct 2012
-
Debating international cyberespionage, poor secure coding practices
Corey Schou explains why cyberespionage and corporate intelligence are linked; also, why attackers aren't to blame for insecure coding practices.Video
-
Report details insider threats, but enterprises can respond, says expert
Scott Crawford, a research director at Enterprise Management Associates, explains how some enterprises address the risk of a trusted insider turned rogue.News | 24 Oct 2012
- VIEW MORE ON : Identity Theft and Data Security Breaches
-
enhanced driver's license (EDL)
An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license, includes an RFID tag that allows officials to pull up the owner's biographical and biometric data.Definition
-
Logging in the cloud: Assessing the options and key considerations
Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises.Tip
-
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Column
-
Data privacy issues present new data governance challenges
Data privacy issues are new territory for infosec pros, who face managing new data analysis methods vs. customers' concern with unintended data usage.News | 17 Sep 2012
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration.Tip
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Video
-
Organizations have poor digital document security, survey reveals
At study by the Ponemon Institute shows 63% of organizations do not fully secure confidential documents.News | 03 Aug 2012
-
Comparing enterprise data anonymization techniques
Compare data anonymization techniques including encryption, substitution, shuffing, number and data variance and nulling out data.Tip
-
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites.Video
-
How to ensure data security by spotting enterprise security weaknesses
How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security.Tip
- VIEW MORE ON : Enterprise Data Governance
-
NASA to deploy whole-disk encryption following breach
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.News | 15 Nov 2012
-
Regulatory compliance requirements of a cryptographic system
Mike Chapple discusses what to look for in a cryptographic system from a legal and regulatory compliance standpoint.Answer
-
Information security controls for data exfiltration prevention
Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration.Tip
-
Black Hat 2012: SSL handling weakness leads to remote wipe hack
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server.News | 30 Jul 2012
-
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration.News | 02 May 2012
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems.Answer
-
HIPAA encryption requirements: How to avoid a breach disclosure
Charles Denyer explains the necessity of encrypting customer data with respect to HIPAA encryption requirements and squares out what enterprises should expect.Answer
-
P2P encryption: Pros and cons of point-to-point encryption
P2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.Tip
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices.Answer
-
Researchers break W3C XML encryption algorithm, push for new standard
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications.News | 25 Oct 2011
- VIEW MORE ON : Disk Encryption and File Encryption
-
Readers' Choice Awards 2012
For the seventh consecutive year, Information Security readers voted to determine the best security products. More than 2,000 voters participated this year, rating products in 14 different categories.guideSeries
-
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Video
-
Preventing Web database access with a triple-homed firewall
Mike Chapple discusses database security best practices and how to protect against unauthorized Web access by using a triple-homed firewall.Answer
-
Data breach prevention strategies
This Security School lesson will establish a baseline data breach prevention strategy every enterprise should have in place. You learn about the importance of a risk assessment and defining and prioritizing potential threats based on your organization's unique criteria; what access controls and audit capabilities that must be in place; what essential technologies you need to secure data; and the key security program elements that can prevent a security lapse from becoming a security breach.partOfGuideSeries
-
Security School: Network content monitoring must-haves
In this new lesson, expert Mike Chapple explores how to best prioritize and strategize for data protection investments to protect key content.Guide
-
Adopt Zero Trust to help secure the extended enterprise
Forrester Analyst John Kindervag explains Zero Trust Model and how it can be applied to protect data in today’s extended enterprise.Tip
-
Symantec acquires LiveOffice for online data archiving
Symantec said the $115 million-dollar deal boosts its e-discovery business and offer security and antispam capabilities for on-premise and hosted email.News | 16 Jan 2012
-
Metadata security and preventing leakage of sensitive information
Without accounting for metadata security, sensitive document data can easily be extracted. Mike Chapple explores technologies to support metadata security.Tip
-
Network Content Monitoring
Technologies that monitor how data moves in and out of organizations are rapidly intersecting. Data loss prevention, digital rights management and database activity monitoring, just to mention a few, all have overlapping functions and purposes not only to secure data but to help organizations with their compliance mandates. In this security school, you’ll learn about these intersections and how to best prioritize and strategize for your data protection investments.guide
-
EDRM-DLP combination could soon bolster document security management
The integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management.Tip
- VIEW MORE ON : Database Security Management