Features

Features

• Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides

  In this excerpt of Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides, the authors explain how to discover and extract malware from a Linux system.  Continue Reading

• CISSP online training: Inside the access control domain

  Spotlight article: Shon Harris discusses the main topics covered in the CISSP domain on access control, including authorization, authentication, identity management and more.  Continue Reading

• Introduction to Information Security: A Strategic-Based Approach

  In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention.  Continue Reading

• The NoSQL challenge: What's in store for big data and security

  Big data offers horizontal scalability, but how do you get your database security to scale along with it?  Continue Reading

• Product review: Juniper Networks SRX Series UTM appliances

  The market-leading Juniper Networks SRX Series of UTM boxes are feature-rich products that may cause implementation headaches.  Continue Reading

• Threat intelligence versus risk: How much cybersecurity is enough?

  Learn how threat intelligence plays into global risk assessment as more security officers are tasked with damage control.  Continue Reading

• Command-and-control servers: The puppet masters that govern malware

  Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels.  Continue Reading

• Digital Forensics Processing and Procedures

  In this excerpt from Digital Forensics Processing and Procedures, the authors provide insight on areas that will need to be considered when setting up a forensic laboratory.  Continue Reading

• Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace

  This is an excerpt from the book Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace by Todd G. Shipley and Art Bowker.  Continue Reading

• FISMA Compliance Handbook

  In this excerpt from chapter 3 of the FISMA Compliance Handbook, author Laura P. Taylor discusses the five methodologies that agencies use as a basis to carry out FISMA compliance.  Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?  Continue Reading

• Linux Malware Incident Response

  In this excerpt from Linux Malware Incident Response, authors Cameron Malin, Eoghan Casey and James Aquilina discuss volatile data collection methodology, steps and preservation.  Continue Reading

• Social Media Security

  In this excerpt from Social Media Security, author Michael Cross offers a number of strategies to help ensure social media security.  Continue Reading

• Risk Management Framework

  In this excerpt from chapter 3 of Risk Management Framework, author James Broad discusses the four components of risk management.  Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.  Continue Reading

• The history of the PCI DSS standard: A visual timeline

  The origins of the PCI Data Security Standard date back to the late 1990s. Explore key events in the history of PCI DSS, from Y2K to PCI DSS 3.0.  Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.  Continue Reading

• Are FedRAMP security controls enough?

  Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far.  Continue Reading

• Managing big data privacy concerns: Tactics for proactive enterprises

  The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.  Continue Reading

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.  Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.  Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.  Continue Reading

• Understanding IDaaS: The benefits and risks of Identity as a Service

  Are identities safe in the cloud? Experts say enterprises must carefully weigh the risks vs. rewards of identity management as a service.  Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.  Continue Reading

• FAQ: An introduction to the ISO 31000 risk management standard

  Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.  Continue Reading

• Rogue AP containment methods

  Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these ...  Continue Reading

• How to prevent wireless DoS attacks

  Despite recent 802.11 security advances, WLANs remain very vulnerable to Denial of Service attacks. While you may not be able to prevent DoS attacks, a WIDS can help you detect when DoS attacks occur and where they come from, so that you can track ...  Continue Reading

• Wireless AP placement basics

  Many installers make the mistake of treating 802.11 WLANs just like Ethernet, placing access points (APs) in locations that facilitate outsider access to corporate networks. But, from a security perspective, WLANs should be treated like the Internet...  Continue Reading

• How to compartmentalize WiFi traffic with a VLAN

  Virtual LANs have long been used within enterprise networks to create logical workgroups, independent of physical location or LAN topology. This tip describes how to use these same VLAN capabilities, found in both wired and wireless devices, to tag ...  Continue Reading

• Spotlight article: Domain 8, Laws, Investigations and Ethics

  Get a detailed introduction to the concepts of CISSP exam Domain 8, Laws, Investigations and Ethics.  Continue Reading

• Information Security Blueprint

   Continue Reading

• Results Chain for Information Security and Assurance

   Continue Reading

• Network-based attacks

  The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published ...  Continue Reading

• Balancing the cost and benefits of countermeasures

  The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by...  Continue Reading

• E-mail policies -- A defense against phishing attacks

  In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks.  Continue Reading

• IT security auditing: Best practices for conducting audits

  Even if you hate security audits, it's in your best interest to make sure they're done right.  Continue Reading