Browse Definitions :

Security Learning Guides

We've gathered a collection of our learning guides and tutorials on security-related topics. You'll find learning guides about security management, threats and vulnerabilities, viruses and other malware and more. Then see, below, our security-related quizzes and cheat sheets and our larger collection of learning resources.

Need more basic information before you get started? See our definitions for application security, malware and authentication.


Security Learning Guides:

  • Active Directory Security -- This guide includes security tips on how to best avoid Active Directory breaches and deal with patch emergencies, as well as information on Kerberos and Group Policy settings.

  • Application Security -- We've gathered expert advice, articles, news and tips to help you develop your application security testing strategy.

  • Authentication & Authorization: Secure ID and User Privileges -- This collection of resources will get you up to speed on concepts and technology behind authentication processes.

  • Assessing and Mitigating Information Security Threats -- Our excerpt from The Shortcut Guide to Protecting Business Internet Usage by Dan Sullivan explains information security threats with which enterprise security professionals must contend.

  • Bluetooth Security Basics -- This guide covers five steps of maintaining Bluetooth security in the enterprise. Covers user education, vulnerabilities and security measures.

  • Applying ISO 27002 to PCI DSS compliance -- This security school session explains risk-based compliance.

  • Corporate Mergers and Acquisitions Security -- In this guide, experts explain security priorities for mergers and acquisitions and how to manage disparate security staffs, technologies and policies.

  • Developing Secure Enterprise Java Applications -- These resources include tips and information specific to Java application security that will help you understand the basics and then give you details for approaching this issue.

  • Developing Secure .NET Applications -- Learn the basics of .NET application security and discover tools to help you secure your code.

  • Enterprise Security 2008 -- Mike Chapple, Michael Cobb, Joel Dubin, Mike Rothman and Ed Skoudis explain various areas in information security and describe the new threats every organization should be aware of.

  • Firewalls -- Learn what firewalls are, what kind you need and best practices for their use.

  • Firewall Architecture -- These tips will walk you through firewall implementation and guide you through the design process.

  • Firewall Resources -- These resources explain how firewalls work, as well as how to troubleshoot and configure them.

  • Five Application Security Threats and How to Counter Them -- Our guide discusses the five worst threats to application security and explains what you can do about them.

  • HIPAA -- This guide is all about HIPAA compliance and includes a training, audit and requirement checklist.

  • How to Deploy a Successful Patch -- This guide will show you how to deploy a security patch through patch testing and physical deployment phase to the post-deployment review.

  • How to Secure Web Services -- These resources explore security issues of Web services and show you how to deploy them safely.

  • How Standards and Regulations Affect Application Security -- This guide covers application security elements mandated by standards and legislation.

  • Information Security Governance -- This collection of resources introduces information security governance and security programs and explains how to deploy them in any environment.

  • Insider Risk Management -- U.S. organizations lose an estimated $652 billion to fraud every year -- and then there's sabotage, negligence, human error and exploitation by outsiders to consider. This guide will help you explore insider threat controls.

  • Integration of Networking and Security School -- Networking and security should go hand in hand. See our resources on integrating the two.

  • Intrusion Defense School -- Intrusion Defense School focuses on antivirus, antispyware, IDS/IPS and so on to help you keep your organization secure.

  • Intrusion Detection and Prevention -- This collection of resources explains what intrusion detection and prevention are and how they work. Subjects include troubleshooting, configuration and more.

  • Linux and Open Source Security -- Harden Linux servers after consulting these resources about securing data centers, servers and software. Topics include Linux security administration, host access files, binding services and specific interfaces, creating your own public key infrastructure (PKI) and VPN with Layer Two 2 Tunneling Protocol (L2TP) over IPSec.

  • Linux Security -- Learn essential Linux security terms and technologies. Subjects include intrusion detection and prevention, firewalls and remote security.

  • Malware prevention and detection -- Learn how to detect viruses, rootkits, worms and Trojan horses -- and how to keep them out of your systems in the future.

  • Network Access Control -- This guide explains how unauthorized users gain access and how to secure untrusted endpoints. Also, learn about Windows-specific and universal access control policies and procedures.

  • Open Source Security Software -- Open source security software, such as Nessus, Nmap and Snort, offers benefits to value-added resellers (VARs) and their customers.

  • Oracle Security -- This guide goes beyond patching known security flaws to explain what a DBA can do to protect Oracle DBMSs and applications from both internal and external security breaches.

  • Project Guide: Antivirus -- This collection of resources discusses antimalware strategies and techniques, tools for virus removal and products to help deal with the ever-increasing stream of signature mutation-based malware.

  • Project Guide: Email Security -- This guide explains implementation for various email security options, securing systems against malware and choosing the right email security appliance for your customers.

  • Project Guide: Patch Management -- This project guide offers tips on how to test security patches, how to patch Windows, Linux and Unix, and how to troubleshoot faulty patches.

  • Project Guide: Penetration Testing -- This guide provides an overview of penetration testing and ethical hacking, related legal and ethical implications, and offers guidance on what to expect from a penetration tester.

  • Project Guide: Vista Security -- This guide explains how to use Vista security features and configure the OS for maximum security.

  • SAP Application Security -- These resources include tips, expert advice and step-by-step guides to help you establish SAP application security best practices.

  • SAP Security Learning Guide -- This collection of resources offers information on everything from authentication and RFID security to compliance and auditing.

  • Security and Governance Executive Guides -- This CIO Briefing explains how to keep your IT organization safe and while managing compliance with all applicable laws and regulations.

  • Security School: Training for CISSP Certification -- This session includes 10 lessons in 45-minute video presentations, an insider's guide to each domain, and a quiz with prep questions similar to those on the real CISSP exam.

  • Snort -- This guide explains all about the free and open source Snort network intrusion detection system (NIDS).

  • SOX Compliance for the Security Practitioner -- This collection of resources covers PCI compliance, hacker techniques, cloud-based security and more.

  • Spyware Part 1 -- This crash course explains what spyware is, how to  remove it from your system and how to prevent its return. 

  • Spyware Part 2  -- Part two looks at spyware prevention and removal in greater detail.

  • Step-by-Step Guide: How to deploy a successful patch -- This guide explains patch testing and deployment and the post deployment review.

  • Top 10 Most Critical Web Application Security Vulnerabilities -- This guide, based on the Open Web Application Security Project's project, walks you through the 10 most critical vulnerabilities and how to protect yourself against them

  • Understanding Your Authentication Options -- This learning guide covers authentication methods and challenges, as well as how to implement secure authentication systems.

  • Viruses & Other Malware -- Our Learn IT guide explains viruses and other malware and also offers advice on keeping your systems safe from them. 

  • VoIP Security -- VoIP offers its own security challenges. Learn how to overcome them in this learning resource. 

  • Web Application Attacks -- This guide explains how Web app attacks occur, identifies attack methods such as buffer overflows, SQL injection, cross-site scripting and distributed denial-of-service attacks. You'll also learn about helpful security tools and tactics.

  • Web Browser Security -- These resources cover Internet Explorer, Mozilla Firefox and Safari security problems, introduces browser alternatives, and provides tools and tactics for maximum security.

  • Web Security School -- In this session, you'll learn tactics, policies and best practices for enterprise Web server security.

  • XML Security -- These resources review different XML security standards and explain various approaches for keeping your XML Web services secure.

Want more security-specific info? See all our security-related definitions or the resources on Then, if you'd like to test your knowledge, see our security quiz collection.

We've got lots more information for you! Check out the full collection of Learning Guides and Tutorials to learn essential information on a wide range of subjects. You'll find guides and tutorials about networking, storage and storage management, backup and recovery, and a wide range of other topics, including databases, business intelligence, programming and much more. Also see: Our Favorite Cheat Sheets

This was last updated in May 2012

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats

Powered by:


  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...


  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified ...

  • intrusion detection system (IDS)

    An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such ...

  • Secure Shell (SSH)

    SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system ...




  • cache memory

    Cache memory, also called CPU memory, is high-speed static random access memory (SRAM) that a computer microprocessor can access ...

  • capacity management

    Capacity management is the broad term describing a variety of IT monitoring, administration and planning actions that are taken ...

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...