Features

Features

• Microsoft BitLocker: Full disk encryption software overview

  Expert Karen Scarfone examines the features of BitLocker, Microsoft's native full disk encryption software for Windows laptops, desktops and servers.  Continue Reading

• McAfee Complete Data Protection: Full disk encryption product overview

  Expert Karen Scarfone examines the features of McAfee Complete Data Protection, a full disk encryption product for securing client-side computers and servers.  Continue Reading

• Dell Data Protection | Encryption: Full disk encryption product overview

  Expert Karen Scarfone examines the features of Dell Data Protection | Encryption, a full disk encryption product for securing client-side devices.  Continue Reading

• Check Point Full Disk Encryption product overview

  Expert Karen Scarfone examines the features of Check Point Full Disk Encryption, an FDE product for securing client devices such as laptops and desktops.  Continue Reading

• Apple FileVault 2: Full disk encryption software overview

  Expert Karen Scarfone examines the features of Apple's bundled full disk encryption software for Mac OS X, FileVault 2.  Continue Reading

• The top full disk encryption products on the market today

  Full disk encryption can be a key component of an enterprise's desktop and laptop security strategy. Here's a look at some of the top FDE products in the industry.  Continue Reading

• Social engineering: You got nailed!

  Move beyond prevention to fast detection to combat a stealthy social engineering attack.  Continue Reading

• New cyberthreats: Defending against the digital invasion

  The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers.  Continue Reading

• Introduction to security analytics tools in the enterprise

  Expert Dan Sullivan explains how security analysis and analytics tools work, and how they provide enterprises with valuable information about impending attacks or threats.  Continue Reading

• Four questions to ask before buying a Web application firewall

  Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.  Continue Reading

• Six ways to use wireless intrusion prevention systems in the enterprise

  Expert George V. Hulme presents six real-world use cases for the deployment of WIPS to beef up wireless network security in the enterprise.  Continue Reading

• Introduction to wireless intrusion prevention systems in the enterprise

  Expert contributor George V. Hulme explains how wireless intrusion prevention systems (WIPS) protect enterprise networks from attacks and prying eyes.  Continue Reading

• Beyond the Page: New SIEM Battleground Unfolds with Advanced Analytics

  Robert Lemos looks at next-generation security information and event management analytic tools and cloud-based systems.  Continue Reading

• Business-use scenarios for a Web application firewall deployment

  Web application firewalls can be a critical security layer for many companies. Expert Brad Causey explains when and how to deploy a WAF in the enterprise.  Continue Reading

• Introduction to Web application firewalls in the enterprise

  Expert Brad Causey takes a close look at Web application firewalls, explains how WAF technology can prevent Internet-based attacks from known and unknown applications threats, and offers advice on WAF management and deployment.  Continue Reading

• The top multifactor authentication products

  Multifactor authentication can be a critical component of an enterprise security strategy. Here's a look at the top MFA products in the industry.  Continue Reading

• The importance of email encryption software in the enterprise

  Expert Karen Scarfone explains how email encryption software protects messages and attachments from malfeasance.  Continue Reading

• Targeted Cyber Attacks

  In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets.  Continue Reading

• The Basics of Information Security

  In this excerpt of The Basics of Information Security, author Jason Andress outlines methods for improving operating systems security.  Continue Reading

• The fundamentals of FDE: Comparing the top full disk encryption products

  Expert Karen Scarfone examines the top full disk encryption products to determine which one may be best for your organization.  Continue Reading

• The fundamentals of FDE: Procuring full-disk encryption software

  Expert Karen Scarfone examines the most important criteria for evaluating full disk encryption options for deployment within an enterprise.  Continue Reading

• The fundamentals of FDE: The business case for full disk encryption

  Expert Karen Scarfone outlines the benefits of FDE to help businesses decide if the storage encryption technology is right for their organization.  Continue Reading

• The fundamentals of FDE: Full disk encryption in the enterprise

  Expert Karen Scarfone examines full disk encryption, or FDE, tools and describes how the security technology protects data at rest on a laptop or desktop computer.  Continue Reading

• CISSP Essentials Security School

  SearchSecurity's CISSP Essentials Security School offers free training for CISSP certification, featuring videos, tutorials and sample exam questions.  Continue Reading

• CISSP cryptography training: Components, protocols and authentication

  Spotlight article: Shon Harris outlines the main topics in the CISSP domain on cryptography -- background information, cryptography components, digital authentication, protocols and more.  Continue Reading

• Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides

  In this excerpt of Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides, the authors explain how to discover and extract malware from a Linux system.  Continue Reading

• CISSP online training: Inside the access control domain

  Spotlight article: Shon Harris discusses the main topics covered in the CISSP domain on access control, including authorization, authentication, identity management and more.  Continue Reading

• Introduction to Information Security: A Strategic-Based Approach

  In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention.  Continue Reading

• The NoSQL challenge: What's in store for big data and security

  Big data offers horizontal scalability, but how do you get your database security to scale along with it?  Continue Reading

• Product review: Juniper Networks SRX Series UTM appliances

  The market-leading Juniper Networks SRX Series of UTM boxes are feature-rich products that may cause implementation headaches.  Continue Reading

• Threat intelligence versus risk: How much cybersecurity is enough?

  Learn how threat intelligence plays into global risk assessment as more security officers are tasked with damage control.  Continue Reading

• Command-and-control servers: The puppet masters that govern malware

  Are there shadow networks within your enterprise? Stop malware by shutting down command-and-control communication channels.  Continue Reading

• Digital Forensics Processing and Procedures

  In this excerpt from Digital Forensics Processing and Procedures, the authors provide insight on areas that will need to be considered when setting up a forensic laboratory.  Continue Reading

• Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace

  This is an excerpt from the book Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace by Todd G. Shipley and Art Bowker.  Continue Reading

• FISMA Compliance Handbook

  In this excerpt from chapter 3 of the FISMA Compliance Handbook, author Laura P. Taylor discusses the five methodologies that agencies use as a basis to carry out FISMA compliance.  Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?  Continue Reading

• Linux Malware Incident Response

  In this excerpt from Linux Malware Incident Response, authors Cameron Malin, Eoghan Casey and James Aquilina discuss volatile data collection methodology, steps and preservation.  Continue Reading

• Social Media Security

  In this excerpt from Social Media Security, author Michael Cross offers a number of strategies to help ensure social media security.  Continue Reading

• Risk Management Framework

  In this excerpt from chapter 3 of Risk Management Framework, author James Broad discusses the four components of risk management.  Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.  Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.  Continue Reading

• Are FedRAMP security controls enough?

  Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far.  Continue Reading

• Managing big data privacy concerns: Tactics for proactive enterprises

  The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.  Continue Reading

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.  Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.  Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.  Continue Reading

• Understanding IDaaS: The benefits and risks of Identity as a Service

  Are identities safe in the cloud? Experts say enterprises must carefully weigh the risks vs. rewards of identity management as a service.  Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.  Continue Reading

• FAQ: An introduction to the ISO 31000 risk management standard

  Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.  Continue Reading

• Rogue AP containment methods

  Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these ...  Continue Reading

• How to prevent wireless DoS attacks

  Despite recent 802.11 security advances, WLANs remain very vulnerable to Denial of Service attacks. While you may not be able to prevent DoS attacks, a WIDS can help you detect when DoS attacks occur and where they come from, so that you can track ...  Continue Reading

• How to compartmentalize WiFi traffic with a VLAN

  Virtual LANs have long been used within enterprise networks to create logical workgroups, independent of physical location or LAN topology. This tip describes how to use these same VLAN capabilities, found in both wired and wireless devices, to tag ...  Continue Reading

• Spotlight article: Domain 8, Laws, Investigations and Ethics

  Get a detailed introduction to the concepts of CISSP exam Domain 8, Laws, Investigations and Ethics.  Continue Reading

• Results Chain for Information Security and Assurance

   Continue Reading

• Information Security Blueprint

   Continue Reading

• Network-based attacks

  The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published ...  Continue Reading

• Balancing the cost and benefits of countermeasures

  The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by...  Continue Reading

• E-mail policies -- A defense against phishing attacks

  In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks.  Continue Reading

• IT security auditing: Best practices for conducting audits

  Even if you hate security audits, it's in your best interest to make sure they're done right.  Continue Reading