Enterprise Data Protection

In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data ... More about Enterprise Data Protection

Recent Definitions

• enhanced driver's license (EDL)

  - An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license,...

• offensive security

  - Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.

• targeted attack

  - A targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack is conducted to g...

Highlights

• Data breach protection requires new barriers

• Opinion: DBIR, other computer security statistics paint tricky picture

• Verizon DBIR 2013: Damage caused by simple attacks, slow detection

More Enterprise Data Protection Topics

• Data Loss Prevention

• Data Analysis and Classification

• Data Security and Cloud Computing

• Identity Theft and Data Security Breaches

• Enterprise Data Governance

• Disk Encryption and File Encryption

• Database Security Management-Enterprise Data Protection

Application and Platform Security

Get advice on application and platform security. Here you'll find information on vulnerability and threat management, operating system security and storage... More about Application and Platform Security

Recent Definitions

• virtual patching

  - Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a ...

• mobile app security

  - Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and ...

• pharma hack

  - The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google...

Highlights

• Kandek: Most secure Web browser may be one with fewest plug-ins

• Website vulnerabilities down, but progress still needed, survey finds

• Cloud API security risks: How to assess cloud service provider APIs

More Application and Platform Security Topics

• Secure SaaS: Cloud services and systems

• Operating System Security

• Enterprise Vulnerability Management

• Virtualization Security Issues and Threats

• Securing Productivity Applications

• Software Development Methodology

• Web Security Tools and Best Practices

• Application Firewall Security

• Application Attacks (Buffer Overflows, Cross-Site Scripting)

• Database Security Management

• Email Protection

• Open Source Security Tools and Applications

• Social media security risks and real-time communication security

Enterprise Identity and Access Management

Identity management and access control are integral in maintaining data security. Here you'll find information on passwords, authentication and Web access... More about Enterprise Identity and Access Management

Recent Definitions

• smart label

  - A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data.

• PIN lock

  - The PIN lock is an authentication measure for mobile phones that requires the entry of a personal identification number (PIN) code before a device can be used.

• risk-based authentication (RBA)

  - Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the like...

Highlights

• McAfee jumps into IAM with one-time password, cloud SSO products

• 2013 Verizon DBIR: Authentication attacks affect all organizations

• Dropbox security concerns: Time to find secure Dropbox alternatives?

More Enterprise Identity and Access Management Topics

• Web Authentication and Access Control

• User Authentication Services

• Identity Management Technology and Strategy

Government IT Security Management

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national ini... More about Government IT Security Management

Recent Definitions

• Computer Security Incident Response Team (CSIRT)

  - A Computer Security Incident Response Team (CSIRT) is a group of professionals that receives reports of s...

• National eGovernance Plan (NeGP)

  - National eGovernance Plan (NeGP) is an initiative by the government of India to combine various e-governance systems around the c...

• Federal Information Security Management Act (FISMA)

  - The Federal Information Security Management Act (FISMA) defines a comprehensive framework to protect...

Highlights

• NSA's Troy Lange details NSA mobile security strategy

• DHS cybersecurity boss pushes 'cyber 911', new voluntary standards

• US military plans major boost for cyber force

Information Security Threats

Mitigating information security threats is an ongoing battle. Here you'll find information on ID theft, data security breaches, viruses, email threats,... More about Information Security Threats

Recent Definitions

• Shamoon

  - Shamoon, also called W32.Disttrack, is a computer virus that has been used for cyber espionage, particularly in the energy sector.

• business logic attack

  - A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface...

• search engine results page (SERP)

  - A search engine results page (SERP) is the list of results that a search engine returns in response to a specific word or phras...

Highlights

• The Red October malware campaign uncovered: What enterprises can learn

• Apple security update: Is it ready for the enterprise?

• Over 100k serial devices online and unsecured, says HD Moore

More Information Security Threats Topics

• Malware, Viruses, Trojans and Spyware

• Smartphone and PDA Viruses and Threats

• Emerging Information Security Threats

• Information Security Incident Response

• Hacker Tools and Techniques: Underground Sites and Hacking Groups

• Denial of Service (DoS) Attack Prevention

• Security Awareness Training and Internal Threats

• Application Attacks -Information Security Threats

• Web Server Threats and Countermeasures

• Identity Theft and Data Security Breaches

• Enterprise Vulnerability Management

• Email and Messaging Threats-Information Security Threats

• Web Application and Web 2.0 Threats-Information Security Threats

Information Security Careers, Training and Certifications

The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make... More about Information Security Careers, Training and Certifications

Recent Definitions

• network intrusion protection system (NIPS)

  - A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software system...

• Certified Information Systems Auditor (CISA)

  - The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and...

• security clearance

  - A security clearance is an authorization that allows access to information that would otherwise be forbidden.

Highlights

• IT security education climbs the corporate ladder

• (ISC)2, CSA partner on new cloud security certification

• Enterprise information security employee retention strategies

More Information Security Careers, Training and Certifications Topics

• Security Industry Certifications

• Information Security Jobs and Training

• CISSP Certification

Security Audit, Compliance and Standards

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how... More about Security Audit, Compliance and Standards

Recent Definitions

• Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)

  - The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed Unite...

• PCI DSS 12 requirements

  - PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with th...

• PCI DSS 2.0

  - PCI DSS 2.0 (Payment Card Industry Data Security Standard Version 2.0) is the second version of the Payment Card Industry Data Security Standard (PCI DSS).

Highlights

• PCI DSS compliance: What to do when agents email credit card numbers

• How to address PCI compliance in the cloud

• Editor’s desk: A chat with Peter G. Neumann

More Security Audit, Compliance and Standards Topics

• ISO 17799

• Gramm-Leach-Bliley Act (GLBA)

• PCI Data Security Standard

• HIPAA

• Sarbanes-Oxley Act

• IT Security Audits

• Data Privacy and Protection

• FFIEC Regulations and Guidelines

• COBIT

Security for the Channel

Browse the articles and tips in this section for the latest information on how to deal effectively with resellers of the latest security tools. More about Security for the Channel

Enterprise Network Security

Network security is a critical aspect of enterprise security. Here you'll find network security solution for several areas, such as, network architecture,... More about Enterprise Network Security

Recent Definitions

• computer forensics (cyber forensics)

  - Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a parti...

• egress filtering

  - Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet cer...

• mobile security (wireless security)

  - Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks th...

Highlights

• Apple security update: Is it ready for the enterprise?

• With SE Android, NSA looks toward more secure Android platform

• Prevent DDoS DNS amplification attacks by securing DNS resolvers

More Enterprise Network Security Topics

• Network Security: Tools, Products, Software

• Network Protocols and Security

• Secure VPN Setup and Configuration

• Network Intrusion Detection and Analysis

• Wireless Network Security: Setup and Tools

• NAC and Endpoint Security Management

Information Security Management

Conquer the challenges of enterprise information security management with helpful information on regulatory compliance, risk management, information security... More about Information Security Management

Recent Definitions

• mobile security (wireless security)

  - Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks th...

• offensive security

  - Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.

• security event (security incident)

  - A security event is a change in the everyday operations of a network or IT service, indicating that an security policy may hav...

Highlights

• Reframing compliance with a threat model

• Editor’s desk: A chat with Peter G. Neumann

• Incorporating compliance teams in the request for proposals process

More Information Security Management Topics

• Security Industry Market Trends, Predictions and Forecasts

• Enterprise Risk Management: Metrics and Assessments

• Enterprise Compliance Tools

• Business Management: Security Support and Executive Communications

• Enterprise Compliance Management Strategy

• Disaster Recovery and Business Continuity Planning

• Information Security Policies, Procedures and Guidelines

• Information Security Laws, Investigations and Ethics

• Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions

• Information Security Incident Response-Information

• Security Awareness Training and Internal Threats-Information

• News and analysis from IT security conferences