Enterprise Data Protection

In an era when data theft and security breaches are daily occurrences, secure data storage is a key component of a security infrastructure. This introduction to enterprise data ... More about Enterprise Data Protection

Recent Definitions

• enhanced driver's license (EDL)

  - An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license,...

• offensive security

  - Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.

• targeted attack

  - A targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack is conducted to g...

Highlights

• Privileged user management a must for DBAs

• BSIMM4 measures and advances secure application development

• Data breach protection requires new barriers

More Enterprise Data Protection Topics

• Data Loss Prevention

• Data Analysis and Classification

• Data Security and Cloud Computing

• Identity Theft and Data Security Breaches

• Enterprise Data Governance

• Disk Encryption and File Encryption

• Database Security Management-Enterprise Data Protection

Application and Platform Security

Get advice on application and platform security. Here you'll find information on vulnerability and threat management, operating system security and storage... More about Application and Platform Security

Recent Definitions

• distributed denial-of-service attack (DDoS)

  - On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised system...

• virtual patching

  - Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a ...

• mobile app security

  - Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and ...

Highlights

• New skills for the QA tester: Scripting, security

• Using EMET to harden Windows XP and other legacy applications

• May 2013 Patch Tuesday fixes IE8 zero day; Adobe tightens ColdFusion

More Application and Platform Security Topics

• Secure SaaS: Cloud services and systems

• Operating System Security

• Enterprise Vulnerability Management

• Virtualization Security Issues and Threats

• Securing Productivity Applications

• Software Development Methodology

• Web Security Tools and Best Practices

• Application Firewall Security

• Application Attacks (Buffer Overflows, Cross-Site Scripting)

• Database Security Management

• Email Protection

• Open Source Security Tools and Applications

• Social media security risks and real-time communication security

Enterprise Identity and Access Management

Identity management and access control are integral in maintaining data security. Here you'll find information on passwords, authentication and Web access... More about Enterprise Identity and Access Management

Recent Definitions

• smart label

  - A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data.

• PIN lock

  - The PIN lock is an authentication measure for mobile phones that requires the entry of a personal identification number (PIN) code before a device can be used.

• risk-based authentication (RBA)

  - Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the like...

Highlights

• Can a password blacklist improve general enterprise password security?

• McAfee jumps into IAM with one-time password, cloud SSO products

• 2013 Verizon DBIR: Authentication attacks affect all organizations

More Enterprise Identity and Access Management Topics

• Web Authentication and Access Control

• User Authentication Services

• Identity Management Technology and Strategy

Government IT Security Management

Government IT security management news and analysis covering information security in the federal government and its agencies as well as state and local governments, national ini... More about Government IT Security Management

Recent Definitions

• Federal Information Security Management Act (FISMA)

  - The Federal Information Security Management Act (FISMA) is United States legislation that defines a ...

• Computer Security Incident Response Team (CSIRT)

  - A Computer Security Incident Response Team (CSIRT) is a group of professionals that receives reports of s...

• National eGovernance Plan (NeGP)

  - National eGovernance Plan (NeGP) is an initiative by the government of India to combine various e-governance systems around the c...

Highlights

• NSA's Troy Lange details NSA mobile security strategy

• DHS cybersecurity boss pushes 'cyber 911', new voluntary standards

• US military plans major boost for cyber force

Information Security Threats

Mitigating information security threats is an ongoing battle. Here you'll find information on ID theft, data security breaches, viruses, email threats,... More about Information Security Threats

Recent Definitions

• Shamoon

  - Shamoon, also called W32.Disttrack, is a computer virus that has been used for cyber espionage, particularly in the energy sector.

• business logic attack

  - A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface...

• search engine results page (SERP)

  - A search engine results page (SERP) is the list of results that a search engine returns in response to a specific word or phras...

Highlights

• Exploit kits evolved: How to defend against the latest attack toolkits

• DDoS attack trends highlight increasing sophistication, larger size

• Department of Labor website hack highlights advanced attack trends

More Information Security Threats Topics

• Malware, Viruses, Trojans and Spyware

• Smartphone and PDA Viruses and Threats

• Emerging Information Security Threats

• Information Security Incident Response

• Hacker Tools and Techniques: Underground Sites and Hacking Groups

• Denial of Service (DoS) Attack Prevention

• Security Awareness Training and Internal Threats

• Application Attacks -Information Security Threats

• Web Server Threats and Countermeasures

• Identity Theft and Data Security Breaches

• Enterprise Vulnerability Management

• Email and Messaging Threats-Information Security Threats

• Web Application and Web 2.0 Threats-Information Security Threats

Information Security Careers, Training and Certifications

The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make... More about Information Security Careers, Training and Certifications

Recent Definitions

• network intrusion protection system (NIPS)

  - A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software system...

• Certified Information Systems Auditor (CISA)

  - The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and...

• security clearance

  - A security clearance is an authorization that allows access to information that would otherwise be forbidden.

Highlights

• How will the cloud affect future network security skills requirements?

• IT security education climbs the corporate ladder

• (ISC)2, CSA partner on new cloud security certification

More Information Security Careers, Training and Certifications Topics

• Security Industry Certifications

• Information Security Jobs and Training

• CISSP Certification

Security Audit, Compliance and Standards

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how... More about Security Audit, Compliance and Standards

Recent Definitions

• Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)

  - The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed Unite...

• PCI DSS 12 requirements

  - PCI DSS 12 requirements is a set of security controls that businesses are required to implement to protect credit card data and comply with th...

• PCI DSS 2.0

  - PCI DSS 2.0 (Payment Card Industry Data Security Standard Version 2.0) is the second version of the Payment Card Industry Data Security Standard (PCI DSS).

Highlights

• Web application security testing: Is a pen test or code review better?

• How to use compliance automation to reduce compliance risk

• PCI DSS compliance: What to do when agents email credit card numbers

More Security Audit, Compliance and Standards Topics

• ISO 17799

• Gramm-Leach-Bliley Act (GLBA)

• PCI Data Security Standard

• HIPAA

• Sarbanes-Oxley Act

• IT Security Audits

• Data Privacy and Protection

• FFIEC Regulations and Guidelines

• COBIT

Security for the Channel

Browse the articles and tips in this section for the latest information on how to deal effectively with resellers of the latest security tools. More about Security for the Channel

Enterprise Network Security

Network security is a critical aspect of enterprise security. Here you'll find network security solution for several areas, such as, network architecture,... More about Enterprise Network Security

Recent Definitions

• distributed denial-of-service attack (DDoS)

  - On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised system...

• computer forensics (cyber forensics)

  - Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a parti...

• egress filtering

  - Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet cer...

Highlights

• Can a password blacklist improve general enterprise password security?

• DDoS attack trends highlight increasing sophistication, larger size

• Is Google Private Channel more secure than an enterprise app store?

More Enterprise Network Security Topics

• Network Security: Tools, Products, Software

• Network Protocols and Security

• Secure VPN Setup and Configuration

• Network Intrusion Detection and Analysis

• Wireless Network Security: Setup and Tools

• NAC and Endpoint Security Management

Information Security Management

Conquer the challenges of enterprise information security management with helpful information on regulatory compliance, risk management, information security... More about Information Security Management

Recent Definitions

• four eyes principle

  - The four eyes principle is a requirement that two individuals review and approve some action before it can be taken. In a business context, the two ...

• confidentiality, integrity, and availability (CIA)

  - Confidentiality, integrity, and availability (CIA) is a model designed to guide policies for informati...

• mobile security (wireless security)

  - Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks th...

Highlights

• Beyond privacy policies: Practical privacy for websites and mobile apps

• How will the cloud affect future network security skills requirements?

• McAfee in agreement to acquire next-gen firewall maker Stonesoft

More Information Security Management Topics

• Security Industry Market Trends, Predictions and Forecasts

• Enterprise Risk Management: Metrics and Assessments

• Enterprise Compliance Tools

• Business Management: Security Support and Executive Communications

• Enterprise Compliance Management Strategy

• Disaster Recovery and Business Continuity Planning

• Information Security Policies, Procedures and Guidelines

• Information Security Laws, Investigations and Ethics

• Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions

• Information Security Incident Response-Information

• Security Awareness Training and Internal Threats-Information

• News and analysis from IT security conferences