Search IANS' Insights

Recent Blog Posts

Two Years Later, Yahoo Confirms Breach of 500 Million Accounts
Yahoo Inc., once the most popular website in the U.S. that has now become best (exclusively?) known for its Fantasy Football offering, has c... Read More >
Podcast: Dave Shackleford on DDoS, Passwords and Web App Testing With a UK Flair
IANS Senior Faculty Dave Shackleford joins the 'cast this week to talk about global DDoS threats, password policy problems, privileged crede... Read More >
FBI to Ransomware Victims: Tell Us Your Horror Story
The federal law enforcement agency is now urging victims to come forward and tell their stories, regardless of outcome. ... Read More >
Sep 23, 2016 | Security Organization
The fierce competition for skilled, experienced security practitioners has made the infosec talent shortage a top concern for security leaders. How do you assemble a world-class team in such a withering environment? In this webinar, IANS Faculty Adam Ely shares key hiring and retention strategies to help you out-recruit your competitors and keep the all-star players you need to win. Read More
Sep 21, 2016 | Vulnerability & Threat Management
Insider threats can often pose a greater risk to an organization than external actors. In this Ask-an-Expert written response, IANS Faculty Bill Dean offers some key statistics regarding insider threats and provides a number of steps organizations can take to anticipate and prepare for the risks posed by insiders. Read More
Sep 20, 2016 | Vulnerability & Threat Management
These days, enterprises need to be very aware of the fact that once information gets posted to a social site, it can never again be considered private. In this Ask-an-Expert written response, IANS Director of Technology Research Chris Gonsalves breaks down some of the common types of social media-related attacks organizations could face and offers a number of tips and features designed to combat these attacks. Read More
Sep 12, 2016 | Enterprise Risk Management
Building a quality, efficient, multi-entity governance, risk and compliance (GRC) structure that doesn’t slow business units and allows for consistent and effective risk mitigation is hard but achievable. In this report, IANS Faculty Adam Ely explains how to determine costs, handle staffing and empower stakeholders to create a GRC program that efficiently mitigates risk and garners support from line-of-business leaders. Read More
Sep 1, 2016 | Security Development Life-Cycle
Establishing a review process for PCI DSS compliance is something organizations should do in a strategic, ongoing fashion, rather than as a once-per-year activity. In this Ask-an-Expert written response, IANS Faculty Jason Gillam details the Building Security in Maturity Model (BSIMM) and demonstrates how organizations can consult this framework to build a continuous compliance review process within the software development lifecycle. Read More
Aug 26, 2016 | Virtualization/Cloud Security
Moving to Office 365 and other cloud applications presents both security and compliance challenges. In this Ask-an-Expert live interaction, IANS Faculty George Gerchow recommends using a CASB, together with Microsoft's own DLP and SharePoint data classification schemes to keep corporate data safe while easing access for mobile and cloud users. Read More
Aug 23, 2016 | Network Security
Both network- and host-based IDS solutions are critical for organizations when it comes to quickly identifying threats. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy breaks down the advantages and limitations of each and offers recommendations for organizations to get the most out of their IDS/IPS solutions. Read More
Aug 22, 2016 | Security Operations
Most tools for performing data lineage visualization fall into one of two categories: data analytics processing or fraud analytics. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford details the top analytics processing and visualization tools, including some open-source options that can be used to analyze large quantities of logs and events. Read More
Aug 18, 2016 | Social Engineering/Pen Testing
Austrian aerospace firm FACC fired its CEO after losing nearly €50 million when fraudsters posing as the CEO forced the finance department to approve multimillion dollar payments. In this report, IANS Faculty Kevin Beaver explains how such scams work and offers tips to ensure your company doesn’t become the next victim. Read More
Aug 15, 2016 | Incident Response & Investigations
Designed correctly, tabletop exercises can help you determine how well your people, processes and technologies are prepared for an incident – and improve that preparation over time. In this report, IANS Faculty Bill Dean steps you through the process of designing, planning and executing effective tabletop exercises. Read More