Problem solve
Get help with specific problems with your technologies, process and projects.
Writing and enforcing security policies
Considerations for an effective SMB password security policy
Passwords are much easier to crack than they used to be. Joel Snyder takes a fresh look at password security policy considerations for the midmarket. Continue Reading
Write it down: Network security documentation basics
Joel Snyder reveals the specific network security documentation that will help move disaster recovery plans along. Continue Reading
How to find a keylogger on your computers
If a hardware or software keylogger made it on to one of your organization's machines, it would be a security pro's worst nightmare. Learn how to detect and defend against the malware. Continue Reading
-
Laptop full disk encryption: Debunking myths
Mike Chapple reviews laptop full disk encryption and separates fact from fiction. Continue Reading
Security mergers and acquisitions strategy: Questions you need to ask
Your security vendor has just been acquired. Learn the questions you need to ask and the answers you need to hear. Continue Reading
Are you too small for an email retention and archiving policy?
Joel Snyder reviews how organizations, both large and small, should prepare their email retention and archiving policy.Continue Reading
Five things to do before your first PCI DSS compliance audit
Put these steps in motion before your organization's first PCI DSS compliance audit.Continue Reading
Acceptable use policy for Internet usage helps data protection efforts
Acceptable use policies are an inexpensive, yet effective, control in limiting exposure to data breaches.Continue Reading
From the gateway to the application: Effective access control strategies
Organizations need to strike a balance between so-called front-door access control and more fine grained controls established within an application itself. This article discusses the difference between products designed to set access at the gateway ...Continue Reading
Consider a compliance-driven security framework
Midmarket companies bound to regulations such as PCI DSS, HIPAA and Sarbanes-Oxley should consider using these requirements as the basis for their security programs.Continue Reading
-
Handling the politics of network access control policies
Midmarket IT staffs need to think beyond network security policies in a NAC rollout, and take into consideration business needs such as HR policies, compliance mandates and partner relationships.Continue Reading
Questions to ask when choosing your managed security service provider
Outsourcing security services forces midmarket IT organizations to ask tough questions about a provider's capabilities and business model.Continue Reading
How should a company's security program define roles and responsibilities?
In many organizations, it's not uncommon for physical, legal and information security departments to step on each other's toes. In this expert Q&A, security management pro Shon Harris reveals how a CSO can bring these teams together and implement a ...Continue Reading
What controls can compensate when segregation of duties isn't economically feasible?
Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains.Continue Reading