Get started

Get started

Bring yourself up to speed with our introductory content.

• Introduction to Social Media Investigation: A Hands-on Approach

  In this excerpt from chapter four of Introduction to Social Media Investigation: A Hands-on Approach, author Jennifer Golbeck discusses privacy controls on social media. Continue Reading

• Is your IAM policy a roadmap to security or leading you off a cliff?

  Identity and access management, or IAM, has long been a crucial consideration in the formulation of corporate security strategy. IAM policy today must contend with a variety of major changes sweeping the world of IT. One of the latest is the spread ... Continue Reading

• Start redrawing your identity and access management roadmap

  Securing enterprise systems and information requires an IAM roadmap that helps you identify effective policy, technology and tools. Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations. Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations. Continue Reading

• Definitions to Get Started

  • security analytics
  • NICE Framework (National Initiative for Cybersecurity Education Cybersecurity Workforce Framework)
  • application blacklisting (application blocklisting)
  • juice jacking

  • hypervisor security
  • claims-based identity
  • Certified Cloud Security Professional (CCSP)
  • password manager

  View All Definitions

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading

• How to deal with Identity and access management systems

  An identity and access management system is increasingly essential to corporate security, but technological advances have made managing an IAM more complex than ever.Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading

• SecureWorks threat intelligence and what it can do for your enterprise

  Expert Ed Tittel examines the features and capabilities of SecureWorks, which gathers its intelligence from thousands of SecureWorks global customers.Continue Reading

• Why security in DevOps is essential to software development

  DevSecOps: It's not just a cool new buzzword; it's the future of software development. Learn why as well as how to achieve better security in the development process.Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading

• Chenxi Wang discusses DEF CON hacking conference, 'Equal Respect'

  Grassroots efforts to shift cultural thinking in information security have had a positive effect, the former professor of computer engineering says.Continue Reading

• In her new role of CISO, Annalea Ilg is curious, driven and paranoid

  The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure.Continue Reading

• Outsourcing security services rises as MSSPs focus on industries

  Despite increasing levels of specialization, managed security service providers often don't understand the business you're in. That may be changing.Continue Reading

• The managed security provider comes knocking

  A constantly evolving threat landscape and a deepening skills crisis has more enterprises looking to a managed security service provider for help handling some of their security requirements. The trend is expected to drive strong demand for MSSPs ...Continue Reading

• PCI DSS compliance (Payment Card Industry Data Security Standard compliance)

  Payment Card Industry Data Security Standard (PCI DSS) compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information.Continue Reading

• Get smart about threat intel tools and services

  Threat intelligence tools are a phenomenal addition to your security posture; they just can't be your security posture. Learn where they fit into your securityContinue Reading

• Single sign-on service requires a cloud-era update

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading

• The best SSO for enterprises must be cloud and mobile capable

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading

• Enterprise SSO: The promise and the challenges ahead

  It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well.Continue Reading

• Securing big data is a growing infosec responsibility

  Learn the ins and out of securing big data, from the key risks facing big data environments to the skills infosec pros need to master to handle this growing responsibility.Continue Reading

• AI or not, machine learning in cybersecurity advances

  As more companies promote machine learning and artificial intelligence technologies, chief information security officers need to ask some tough questions to get past the hype.Continue Reading

• Q&A: IBM's Diana Kelley got an early start in IT, security came later

  How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor.Continue Reading

• Security looks to machine learning technology for a cognitive leg up

  Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next?Continue Reading

• Top three steps to ensure security in big data environments

  Ensuring security in big data implementations remains a problem for most enterprises. Learn about the reasons why this is, and how your company can protect sensitive data.Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading

• supercookie

  A supercookie is a type of tracking cookie inserted into an HTTP header by an internet service provider to collect data about a user's internet browsing history and habits.Continue Reading

• Who should be on an enterprise cybersecurity advisory board?

  What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.Continue Reading

• In 2017, cybersecurity attacks will follow your data

  Thanks to a polarizing election, the potential ramifications of cybersecurity attacks are front and center. Your friends and relatives probably have some concept of what it is that you actually do and its importance. But the daily challenges of ...Continue Reading

• Uncharted path to IT and compliance with Digital River's Dyann Bradbury

  Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider.Continue Reading

• Big data frameworks: Making their use in enterprises more secure

  Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading

• How to buy digital certificates for your enterprise

  In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.Continue Reading

• Hacking Web Intelligence

  In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy.Continue Reading

• Test your privileged user management knowledge

  Test your proficiency in privileged user management. Take this quiz to determine your ability to keep privileged access secure across your organization.Continue Reading

• Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations

  In this excerpt from chapter five of Google Earth Forensics, authors Michael Harrington and Michael Cross discuss the process of digital forensics.Continue Reading

• PCI assessment

  A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard.Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading

• Are new cybersecurity products the best investment for enterprises?

  Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.Continue Reading

• When to take a bug bounty program public -- and how to do it

  Bug-finding programs are valuable to enterprises, but they require a lot of planning and effort to be effective. Sean Martin looks at what goes into taking a bug bounty program public.Continue Reading

• Achieving cybersecurity readiness: What enterprises should know

  Enterprises need to be ready to act in the face of security incidents and cyberattacks. Expert Peter Sullivan outlines seven elements of proper cybersecurity readiness.Continue Reading

• Automated Security Analysis of Android and iOS Applications

  In this excerpt of Automated Security Analysis of Android and iOS Applications with Mobile Security Framework, authors Ajin Abraham and Henry Dalziel discuss mobile application penetration testing.Continue Reading

• How infosec professionals can improve their careers through writing

  Writing can be one of the best ways to establish your reputation as an infosec professional. Expert Joshua Wright of the SANS Institute explains the best ways to do it.Continue Reading

• timing attack

  A timing attack looks at how long it takes a system to do something and allows the attacker, through statistical analysis, to learn enough about the system to find the decryption key needed to gain access to it.Continue Reading

• Best practices for an information security assessment

  Information security assessments can be effective for identifying and fixing issues in your enterprise's policies. Expert Kevin Beaver explains the key components of the process.Continue Reading

• How can the AirDroid app phone hijacking be prevented?

  A vulnerability in the AirDroid device manager app left users at risk of phone hijacking. Expert Michael Cobb explains how the exploit works, and what can be done to prevent it.Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.Continue Reading

• Check Point Next Generation Firewall: Product overview

  Check Point Next Generation Firewall family combines firewalls with unified threat management technology, VPNs and more. Expert Mike O. Villegas takes a closer look.Continue Reading

• Cisco ASA with FirePOWER: NGFW product overview

  Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.Continue Reading

• The best email encryption products: A comprehensive buyer's guide

  Email encryption is a critical component of enterprise security. In this buyer's guide, expert Karen Scarfone breaks down what you need to know to find the best email encryption software for your organization.Continue Reading

• Breaking down the DROWN attack and SSLv2 vulnerability

  A DROWN attack can occur through more than a third of all HTTPS connections. Expert Michael Cobb explains how DROWN enables man-in-the-middle attacks and mitigation steps to take.Continue Reading

• Voltage SecureMail encryption tool: Product overview

  Expert contributor Karen Scarfone takes a look at Voltage SecureMail for encrypting email messages in the enterprise.Continue Reading

• Information Governance and Security: Protecting and Managing Your Company's Proprietary

  In this excerpt of Information Governance and Security, authors John G. Iannarelli and Michael O'Shaughnessy offer tips for establishing guidelines for all departments or sectors of a business.Continue Reading

• Integrated Security Systems Design

  In this excerpt of Integrated Security Systems Design, author Thomas L. Norman explains the tools of security system design, the place of electronics in the process, how to establish electronic security program objectives and the types of design ...Continue Reading

• Designing and Building Security Operations center

  In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security.Continue Reading

• Introduction to big data security analytics in the enterprise

  Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection.Continue Reading

• Indicators of Compromise (IOC)

  Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.Continue Reading

• Comparing the best data loss prevention products

  Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading

• How to perform a forensic acquisition of a virtual machine disk

  Virtualization expert Paul Henry provides a step-by-step guide to imaging a virtual machine disk (*flat.vmdk) in a forensically sound manner.Continue Reading

• STIX (Structured Threat Information eXpression)

  STIX (Structured Threat Information eXpression) is an XML programming language that allows cybersecurity threat data to be shared.Continue Reading

• Comparing the best Web application firewalls in the industry

  Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading

• Improve corporate data protection with foresight, action

  Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack.Continue Reading

• CSSLP (certified secure software lifecycle professional)

  The CSSLP (certified secure software lifecycle professional) is a certification for security professionals who wish to strengthen and demonstrate their knowledge about application security.Continue Reading

• Introduction to Web fraud detection systems

  Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.Continue Reading

• Comparing the top database security tools

  Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision.Continue Reading

• Comparing the top wireless intrusion prevention systems

  Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading

• Comparing the best UTM products in the industry

  Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading

• Six criteria for purchasing unified threat management appliances

  Expert Ed Tittel explores key criteria for evaluating unified threat management (UTM) appliances to determine the best choice for your organization.Continue Reading

• From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan

  PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.Continue Reading

• What do organizations need to know about privacy in a HIPAA audit?

  A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.Continue Reading

• Tips for creating a data classification policy

  Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading

• A new trend in cybersecurity regulations could mean tougher compliance

  State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading

• network vulnerability scanning

  A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.Continue Reading

• How to keep track of sensitive data with a data flow map

  Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading

• State of the Network study: How security tasks are dominating IT staff

  The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading

• Introduction to database security tools for the enterprise

  Expert Adrian Lane explains why database security tools play a significant, if not the majority, role in protecting data in the enterprise data center.Continue Reading

• Three usage scenarios for deploying data loss prevention products

  Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading

• The business case for data loss prevention products

  Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading

• Introduction to data loss prevention products

  Expert Bill Hayes describes how data loss prevention (DLP) products can help identify and plug information leaks and improve enterprise security.Continue Reading

• Six criteria for procuring security analytics software

  Security analytics software can be beneficial to enterprises. Expert Dan Sullivan explains how to select the right product to fit your organization's needs.Continue Reading

• Introduction to unified threat management appliances

  Expert Ed Tittel describes unified threat management (UTM) appliances and features, and explains its advantages to organizations of all sizes.Continue Reading

• Common Vulnerabilities and Exposures (CVE)

  Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.Continue Reading

• The three enterprise benefits of SSL VPN products

  Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations.Continue Reading

• Microsoft Schannel (Microsoft Secure Channel)

  The Microsoft Secure Channel or Schannel is a security package that facilitates the use of Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) encryption on Windows platforms.Continue Reading

• The top full disk encryption products on the market today

  Full disk encryption can be a key component of an enterprise's desktop and laptop security strategy. Here's a look at some of the top FDE products in the industry.Continue Reading

• The secrets of proper firewall maintenance and security testing techniques

  The Verizon 2015 PCI Compliance Report cited a lack of firewall maintenance and security testing as major causes for compliances breaches. Expert Kevin Beaver offers tips to successfully manage these tasks.Continue Reading

• What are the secrets to SIEM deployment success?

  Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation.Continue Reading

• Introduction to security analytics tools in the enterprise

  Expert Dan Sullivan explains how security analysis and analytics tools work, and how they provide enterprises with valuable information about impending attacks or threats.Continue Reading

• How should agencies prepare for federal security scanning?

  What do agencies need to consider before going through the Department of Homeland Security's network security scanning? Expert Mike Chapple answers.Continue Reading

• Four questions to ask before buying a Web application firewall

  Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.Continue Reading

• Six ways to use wireless intrusion prevention systems in the enterprise

  Expert George V. Hulme presents six real-world use cases for the deployment of WIPS to beef up wireless network security in the enterprise.Continue Reading

• single-factor authentication (SFA)

  Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.Continue Reading

• Introduction to intrusion detection and prevention technologies

  Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important.Continue Reading

• Business-use scenarios for a Web application firewall deployment

  Web application firewalls can be a critical security layer for many companies. Expert Brad Causey explains when and how to deploy a WAF in the enterprise.Continue Reading

• knowledge-based authentication (KBA)

  In a KBA scheme, the user is asked to answer at least one "secret" question before being allowed to change account settings or reset a password.Continue Reading

• Getting to know the new GIAC certification: GCCC

  The new GIAC certification, GCCC, is not a very specific certification, but it could prove useful in organizations. Expert Joseph Granneman explains why.Continue Reading

• What's the best way to find enterprise compliance tools?

  Looking for compliance tools? Expert Mike Chapple explains why the best place to start the search is within your own information security infrastructure.Continue Reading

• How to increase the importance of information security in enterprises

  Expert Mike Villegas explains how to use the Three C's to emphasize the importance of information security within an organization.Continue Reading

• What is endpoint security? What benefits does it offer?

  The increased number of smartphones, laptops and other endpoints in the enterprise is a major security concern. Learn what endpoint security is and how it can help combat your enterprise security woes.Continue Reading

• Detecting backdoors: The Apple backdoor that never was?

  The debate over the purported Apple backdoor leaves enterprises asking, "When is a backdoor not a backdoor?" Application security expert Michael Cobb explains the difference.Continue Reading

• mobile authentication

  Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access.Continue Reading