Search IANS' Insights

Recent Blog Posts

Podcast: Ken Van Wyk on Shadow Brokers, Incident Response Exercises and Why Teams Struggle With Threat Modeling
On the show this week, IANS faculty member Ken Van Wyk talks NSA vs. Shadow Brokers and shares his approach to crafting effective incident r... Read More >
IANS Faculty Break Down NIST’s Proposed New Password Guidelines
After recently recommending the phasing out of SMS-based two-factor authentication, the National Institute for Standards and Technology (NIS... Read More >
Researchers Uncover Multimillion-Dollar Ransomware-as-a-Service Ring
In a report published earlier this week, security researchers uncovered a massive ransomware-as-a-service (RaaS) ring in which cybercriminal... Read More >
Aug 23, 2016 | Network Security
Both network- and host-based IDS solutions are critical for organizations when it comes to quickly identifying threats. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy breaks down the advantages and limitations of each and offers recommendations for organizations to get the most out of their IDS/IPS solutions. Read More
Aug 22, 2016 | Security Operations
Most tools for performing data lineage visualization fall into one of two categories: data analytics processing or fraud analytics. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford details the top analytics processing and visualization tools, including some open-source options that can be used to analyze large quantities of logs and events. Read More
Aug 18, 2016 | Social Engineering/Pen Testing
Austrian aerospace firm FACC fired its CEO after losing nearly €50 million when fraudsters posing as the CEO forced the finance department to approve multimillion dollar payments. In this report, IANS Faculty Kevin Beaver explains how such scams work and offers tips to ensure your company doesn’t become the next victim. Read More
Aug 15, 2016 | Incident Response & Investigations
Designed correctly, tabletop exercises can help you determine how well your people, processes and technologies are prepared for an incident – and improve that preparation over time. In this report, IANS Faculty Bill Dean steps you through the process of designing, planning and executing effective tabletop exercises. Read More
Aug 15, 2016 | Vulnerability & Threat Management
IT Security has long been a practitioner of traditional risk assessments, but threat modeling brings an entirely new, attacker-centric view of your systems. Threat modeling methodologies have been around in many forms, but until now, there hasn't been a simple and time-effective way to operationalize them. In this webinar, IANS Faculty Mike Pinch delves into the IANS Pragmatic Threat Modeling Toolkit, designed to help jumpstart and evolve your organization's risk management efforts. Read More
Aug 9, 2016 | Security Management
When it comes to managing the workload of the security team (particularly if it only has a few members), prioritizing organizational risks is an important first step. In this Ask-an-Expert written response, IANS Faculty Rich Guida offers tips for developing a true risk register, compiling critical metrics and getting the various business units to own risks. Read More
Aug 9, 2016 | Security Operations
Over the past few years, a number of organizations have begun to implement a user behavior analytics program in an effort to combat things like insider threats. In this live Ask-an-Expert interaction with the security team at a large financial services organization, IANS Faculty Dave Shackleford assesses the current landscape of user behavior analytics tools and offers tips and pitfalls to consider when implementing such a program. Read More
Aug 2, 2016 | Enterprise Risk Management
IT asset management is an ongoing process that requires continual maintenance and dedicated resources. In this Ask-an-Expert written response, IANS Faculty Chris Poulin provides an overview of the tools required for building and tracking an inventory, and offers best practices for managing an organization's physical and virtual assets. Read More
Jul 21, 2016 | Enterprise Compliance Management
Maintaining PCI compliance is a factor of how well you can build ongoing PCI-based tasks into the normal operating processes of your organization. In this Ask-an-Expert written response, IANS Faculty Adam Ely provides a sample PCI compliance task tracking list that organizations can use to describe various PCI tasks and the frequency at which they need to be addressed. Read More
Jul 21, 2016 | Social Engineering/Pen Testing
As the features and functionality of vulnerability assessment and penetration tools continue to evolve, a number of vendors have begun to enter the spaces. In this Ask-an-Expert written response, IANS Faculty Bill Dean details the various open-source and commercial tools available and offers factors to consider for choosing the most effective solutions. Read More