Features

Features

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.  Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.  Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.  Continue Reading

• Understanding IDaaS: The benefits and risks of Identity as a Service

  Are identities safe in the cloud? Experts say enterprises must carefully weigh the risks vs. rewards of identity management as a service.  Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.  Continue Reading

• FAQ: An introduction to the ISO 31000 risk management standard

  Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.  Continue Reading

• How to prevent wireless DoS attacks

  Despite recent 802.11 security advances, WLANs remain very vulnerable to Denial of Service attacks. While you may not be able to prevent DoS attacks, a WIDS can help you detect when DoS attacks occur and where they come from, so that you can track ...  Continue Reading

• Rogue AP containment methods

  Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these ...  Continue Reading

• How to compartmentalize WiFi traffic with a VLAN

  Virtual LANs have long been used within enterprise networks to create logical workgroups, independent of physical location or LAN topology. This tip describes how to use these same VLAN capabilities, found in both wired and wireless devices, to tag ...  Continue Reading

• Spotlight article: Domain 8, Laws, Investigations and Ethics

  Get a detailed introduction to the concepts of CISSP exam Domain 8, Laws, Investigations and Ethics.  Continue Reading

• Results Chain for Information Security and Assurance

   Continue Reading

• Information Security Blueprint

   Continue Reading

• Balancing the cost and benefits of countermeasures

  The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by...  Continue Reading

• Network-based attacks

  The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published ...  Continue Reading

• E-mail policies -- A defense against phishing attacks

  In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks.  Continue Reading

• IT security auditing: Best practices for conducting audits

  Even if you hate security audits, it's in your best interest to make sure they're done right.  Continue Reading