Tips

Tips

• Recovering stolen laptops one step at a time

  When a student's laptop was stolen last year on a university campus, police and IT investigators went to work, recovering it within a matter of weeks. Neil Spellman, one of the investigators on the case, offers some best practices on what to do if a...  Continue Reading

• Risk assessments: Internal vs. external

  Risk assessments are a necessary function at financial firms, but how do you know whether to conduct them internally or to use a third party? Expert Rick Lawhorn explores the pros and cons in this tip.  Continue Reading

• How to lay the foundation for role entitlement management

  Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps.  Continue Reading

• Key management challenges and best practices

  Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them.  Continue Reading

• Ophcrack: Password cracking made easy

  Scott Sidel examines the open source security tool Ophcrack, a password cracking tool aimed at ensuring the strength of corporate passwords.  Continue Reading

• GLBA risk assessment steps to success

  GLBA requires financial firms to protect their data from anticipated risks. How can those risks be determined? Follow these steps to perform a risk assessment at your financial organization.  Continue Reading

• Intrusion detection system deployment recommendations

  Before you take the time and effort to deploy an IDS, consider this advice.  Continue Reading

• Built-in Windows commands to determine if a system has been hacked

  In this tip, contributor Ed Skoudis identifies five of the most useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked.  Continue Reading

• Ten hacker tricks to exploit SQL Server systems

  SQL Server hackers have a medley of tricks and tools to gain access to your database systems. Learn their techniques and test SQL Server security before they do.  Continue Reading

• Cleansing an infected mail server

  Learn five measures you can take to when cleaning up a massive email virus infection  Continue Reading

• Firewall redundancy: Deployment scenarios and benefits

  There are, however, several good reasons to deploy multiple firewalls in your organization. Let's take a look at a few scenarios.  Continue Reading

• Developing a patch management policy for third-party applications

  Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from ...  Continue Reading

• Your physical security budget: Who pays and how much?

  In many organizations, the cost of data center security is a shared expense -- or at least it should be. How much then should you be spending on security and how much of that should be picked up by other business units?  Continue Reading

• PCI compliance after the TJX data breach

  The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden.  Continue Reading

• Preparing for uniform resource identifier (URI) exploits

  URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web ...  Continue Reading

• How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

  For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how ...  Continue Reading

• Enterprise risk management frameworks: Controls for people, processes, technology

  Once responsibilities and requirements are defined, the next stage in developing a successful risk management framework involves developing controls. As Khalid Kark explains, that includes developing a culture of security, using technology in the ...  Continue Reading

• Digital forensics tool Helix 'does no harm'

  Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system.  Continue Reading

• Steps in the information security program life cycle

  This article from our series on information security governance describes the essential steps to take when developing a security program life cycle.  Continue Reading

• Where to place IDS network sensors

  JP Vossen explains where to place IDS sensors.  Continue Reading

• How to patch vulnerabilities and keep them sealed

  Learn how to simplify the patch deployment process and employ methods that will reduce vulnerabilities.  Continue Reading