Problem solve

Writing and enforcing security policies

• Considerations for an effective SMB password security policy

  Passwords are much easier to crack than they used to be. Joel Snyder takes a fresh look at password security policy considerations for the midmarket. Continue Reading

• Write it down: Network security documentation basics

  Joel Snyder reveals the specific network security documentation that will help move disaster recovery plans along. Continue Reading

• How to find a keylogger on your computers

  If a hardware or software keylogger made it on to one of your organization's machines, it would be a security pro's worst nightmare. Learn how to detect and defend against the malware. Continue Reading

• Laptop full disk encryption: Debunking myths

  Mike Chapple reviews laptop full disk encryption and separates fact from fiction. Continue Reading

• Security mergers and acquisitions strategy: Questions you need to ask

  Your security vendor has just been acquired. Learn the questions you need to ask and the answers you need to hear. Continue Reading

• Are you too small for an email retention and archiving policy?

  Joel Snyder reviews how organizations, both large and small, should prepare their email retention and archiving policy.Continue Reading

• Five things to do before your first PCI DSS compliance audit

  Put these steps in motion before your organization's first PCI DSS compliance audit.Continue Reading

• Acceptable use policy for Internet usage helps data protection efforts

  Acceptable use policies are an inexpensive, yet effective, control in limiting exposure to data breaches.Continue Reading

• From the gateway to the application: Effective access control strategies

  Organizations need to strike a balance between so-called front-door access control and more fine grained controls established within an application itself. This article discusses the difference between products designed to set access at the gateway ...Continue Reading

• Consider a compliance-driven security framework

  Midmarket companies bound to regulations such as PCI DSS, HIPAA and Sarbanes-Oxley should consider using these requirements as the basis for their security programs.Continue Reading

• Handling the politics of network access control policies

  Midmarket IT staffs need to think beyond network security policies in a NAC rollout, and take into consideration business needs such as HR policies, compliance mandates and partner relationships.Continue Reading

• Questions to ask when choosing your managed security service provider

  Outsourcing security services forces midmarket IT organizations to ask tough questions about a provider's capabilities and business model.Continue Reading

• How should a company's security program define roles and responsibilities?

  In many organizations, it's not uncommon for physical, legal and information security departments to step on each other's toes. In this expert Q&A, security management pro Shon Harris reveals how a CSO can bring these teams together and implement a ...Continue Reading

• What controls can compensate when segregation of duties isn't economically feasible?

  Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains.Continue Reading