Most organizations must comply with multiple standards covering privacy, corporate financial data, Protected Health Information and credit card data. Fortunately, the overlapping standards agree on a single concept; implementing appropriate security controls to protect information from improper disclosure.
However, GRC requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that ...
Cybersecurity for the enterprise. There is no silver bullet. But as business becomes more connected and as data moves further outside the organizational walls, enterprises need look at weaknesses in the security chain - and a good place to start is in the supply chain.
Small businesses sit on the "front lines" in the round-the-clock cybercrime battle. Think about how many small businesses, suppliers and customers have access to different areas of an ...
July 2014- Securing Web applications against cybercriminals, hacktivists, and state-sponsored hackers is a never-ending effort. Web application firewalls have become the central platform for protecting applications against all online threats. This white paper explains in detail the 10 features that every Web application firewall should provide.
July 2014- For investigators tasked with identifying the perpetrator of online fraud, it's often the little things that can make the difference. Cyber investigators must work diligently to ferret out the smallest details in order to snare their quarry. Investigating a digital crime is not so dissimilar as investigating a crime in the 'real world'. While popular TV shows might have you believe that a single fiber found at the scene of a crime will lead directly ...
July 2014- As the Internet has evolved to become a primary channel of trade and commerce, so has the sophistication of criminal organizations and other perpetrators of fraudulent schemes who take advantage of domain privacy features as a means by which to mask their true identity. Domain privacy, a controversial topic since its introduction in 2003, provides domain owners with the option to substitute the registrar's contract information for their own. While there are a variety of legitimate ...
July 2014- Cybercrime represents a major threat to both government and businesses, costing the economy hundreds of billions of dollars in losses every year. Often, the most challenging part for an investigator is discovering the who behind an attack. Is it a coordinated attack orchestrated by a criminal syndicate or an amateur hacker looking for a backdoor into your network? If the actual individual cannot be identified-as is too often the case-then investigators can build a Threat ...
Modern day attackers are launching increasingly more sophisticated, targeted attacks designed to evade signature-based security technologies. Despite having made significant investment in a range of protection technologies, security leaders still wonder whether their network has been infiltrated, how far the threats have spread and which assets have been compromised.
The traditional approach of relying on disparate network and endpoint protection technologies is no longer enough. Detecting advanced targeted attacks requires an integrated, multi-layered ...
APTs (advanced persistent threats) have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cyber-criminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.
Controlling these threats requires multiple security disciplines working together in context. While no single solution will solve the problem of advanced threats on its own, next-generation security ...
July 2014- Firewalls enforce network access via a positive control model, where only specific traffic defined in policies is granted access to the network while all other traffic is denied. Access Control Lists (ACLs) initially performed this functionality, often in routers, but their rudimentary approach gave way to dedicated packet filtering and stateful inspection firewall devices that offered deeper levels of access controls. Unfortunately, these traditional firewalls shared a common shortcoming - an inability to see all ...
June 2014- Learn the three key questions you should be asking your DNS host when it comes to protection against DDoS Attacks.
Cloud computing is demonstrating its potential to transform the way IT-based services are delivered to organizations, the journey to cloud is no longer question of "if" but rather "when", and a large number of enterprises have already travelled some way down this path.
However, there is one overwhelming question that is still causing many CIOs and their colleagues to delay their move to cloud: Is cloud computing secure? As many unwary businesses have ...
Your organization's greatest asset is also its greatest risk. The employees, contractors and trusted business partners you rely on to keep your organization running can also cause it the most damage. A malicious insider can use authorized credentials to do unauthorized things, bring your network down or repeatedly steal data from your organization without being detected.
Learn about the Insider Threat Kill Chain and what you can do to protect your organization from ...
Cyber attacks are growing every day and become serious threats to your organization, but how do you know and understand the threats out there?
Download a copy of this book, and you discover the zero-day exploits and threats used to compromise your enterprise. You also learn about a promising new technology developed by Trusteer, an IBM company, which provides effective yet transparent protection to enterprise endpoints. Start reading Stopping Zero-Day Exploits For Dummies, ...
For enterprises looking at Next-Generation Firewall's, the most important consideration is: Will this new technology empower your security teams to securely enable applications to the benefit of the organization? It's not about blocking applications, but safely enabling them.
In this booklet, you'll find practical advice on:
• The how and why of next-generation security
• How to turn security into a business enabler
• 10 critical functions your ...
Securing your server and network configurations may be the smartest security work you can do. Why? Continually protected and hardened systems keep your data safe, repel exploits and provide measurable confidence. But it's hard to do. How do you get started? What are the capabilities to look for in an effective solution?
Security Configuration Management For Dummies shows you how to:
• Adopt and implement a security hardening policy
June 2014- This paper details real cases from three businesses, the legacy infrastructure they replaced, the Palo Alto Networks next-generation security platform they deployed, and the substantial savings they realized - cutting capital and operations costs by 50% on average.
June 2014- "Trust" does not mean giving employees unrestricted and unnecessary access to information. With the right security controls, organizations can significantly reduce their exposure to the risk of insider threats. The key is to find the right balance between employee enablement and control, while holding employees accountable for their actions. This requires a broad approach to allow an organization to carefully manage its identities, access and data, from identity management, to governance, privileged identity management and ...
June 2014- The traditional dangers IT security teams have been facing - andovercoming - for years are being replaced by a far more hazardous, insidious form of attack: the Advanced Persistent Threat (APT).
May 2014- This paper details why organizations needs to shift more security resources from preventing intrusion toward rapid threat detection and remediation, and the intelligence-driven security approach that is required to do so.
May 2014- Combating digital fraud has become a business issue and presents risk for any organization with online operations. Gain perspective from CIOs on what organizations can do to prevent fraud in digital commerce.
The news is littered with stories of enterprises that have suffered costly downtime and damaging lawsuits as a result of security breaches. Even high-profile names such as LinkedIn, Sony, and RSA are not immune. Lack of security is costly, but how much should an organisation spend to address their security issues?
When it comes to security, you spend money to lower risk - much like spending money on the legal department to reduce ...
March 2014- This booklet/poster takes you step-by-step through the 20 Critical Security Controls, with an additional section that focuses on the first four fundamental controls. A convenient scorecard lets you rank your specific needs against NSA rankings.
March 2014- This anthology of blog posts from Tripwire's award-winning blog, "The State of Security" provides five cybersecurity experts' views on vulnerability management."
May 2014- HawkEye G is a dynamic active defense system designed to leverage existing security assets while providing advanced cyber security analytics and automated countermeasure techniques. The combination of the traditional signature-based and new behavior-based heuristics leads to heightened awareness of standard network activity and deviations that could indicate a potentially disastrous situation. Understanding the full threat and defense landscape is crucial for cyber security mitigation and the HawkEye G team has invested the time and resources ...
May 2014- It's only a matter of time before more organizations experience similar attacks. Why? Because hackers only need to exploit one vulnerability and defenders need to cover all of them. It typically just takes a single user unknowingly clicking on a link and the hacker is in. In addition, hackers spend 100 percent of their time focused on accomplishing the mission while most IT and security teams are tasked with multiple competing priorities, not only defending the ...
View All Categories
Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management
Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers
Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services
Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business
Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends
Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds
Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats
Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services
Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services