Results ordered by term relevance.

October 1, 2016 | Risk Management
By Rich Guida, IANS Faculty

 Best Practices for Risk Registers

When it comes to building a risk register, there are a number of important steps organizations must take. In this Ask-an-Expert written response, IANS Faculty Rich Guida details the process of constructing a risk register and offers specific criteria for determining how accurate and successful it is.

Read More »


December 9, 2016 | Risk Management
By Rich Guida, IANS Faculty

 Understanding the Relationship Between Physical and Logical Information Security

The relationship between physical security and cybersecurity can be more closely linked than some organizations might think. In this Ask-an-Expert written response, IANS Faculty Rich Guida details specific instances (i.e., insider threats) where the two types of security come together and offers insight into the practice of "incrementalism."

Read More »


August 9, 2016 | Team Structure and Management
By Rich Guida, IANS Faculty

 Prioritizing Risk to Manage the Security Team’s Workload

When it comes to managing the workload of the security team (particularly if it only has a few members), prioritizing organizational risks is an important first step. In this Ask-an-Expert written response, IANS Faculty Rich Guida offers tips for developing a true risk register, compiling critical metrics and getting the various business units to own risks.

Read More »


March 8, 2017 | Directory Services
By Rich Guida, IANS Faculty

 Detailing Requirements for an IDAM System

Establishing a set of questions and requirements is a critical step in the process of constructing an identity and access management (IDAM) system. In this Ask-an-Expert written response, IANS Faculty Rich Guida details the important questions security teams should be asking their prospective IDAM vendors, ranging from cryptography and authentication requirements to privilege management and separation of duties. 

Read More »


March 24, 2017 | Directory Services
By Rich Guida, IANS Faculty

 Managing Terminated Active Directory Accounts

Managing AD accounts for terminated employees can become complex and confusing, especially as organizations evolve over time. In this Ask-an-Expert written response, IANS Faculty Rich Guida details best practices for managing terminated accounts to meet application, audit and regulatory requirements, and offers recommendations for easing the process.

Read More »


February 16, 2017 | Cloud Access Security Brokers
By George Gerchow, IANS Faculty

 Deciphering the Dynamic CASB Marketplace

The cloud access security broker (CASB) market continues to mature. In this report, IANS Faculty George Gerchow provides an update, detailing the relevant vendors, their latest capability sets and the various deployment models available. He also offers some guidance on choosing the right CASB for your needs and cloud maturity level, as well as trends to expect in the future.

Read More »


June 27, 2016 | Cloud Access Security Brokers
By Ed Moyle, IANS Faculty

 Identity as a Service: Deciding When It Makes Sense

As more companies start using cloud services, many are considering identity as a service (IDaaS) to help simplify identity management, but is it a good idea? In this report, IANS Faculty Ed Moyle provides a quick market overview, some common use cases, and tips for deciding when IDaaS can work – and when it can’t.

Read More »


February 28, 2017 | Privacy
By Aaron Turner, IANS Faculty

 Protecting Data Transferred From Canada

While Canadian regulators in the past typically followed U.S. precedent on data protection standards, the country has moved closer toward the EU model over the past few years. In this Ask-an-Expert written response, IANS Faculty Aaron Turner recommends companies handling Canadian citizen data follow the EU General Data Protection and offers some technical guidance for implementing the necessary controls. 

Read More »


November 7, 2016 | Vendor and Partner Management
By Marty Gomberg, IANS Faculty

 Identifying Vendor Risk Red Flags

When it comes to evaluating vendors, there are a number of factors organizations need to keep in mind, from integration costs to uptime guarantees. In this Ask-an-Expert written response, IANS Faculty Martin Gomberg lays out some of the major red flags organizations should look out for when evaluating vendors, from the due diligence phase to the questionnaire process.

Read More »


November 3, 2016 | Malware and Advanced Threats
By Michael Pinch, IANS Faculty

 Health Care Roundtable: Tackling Ransomware

Ransomware is a scourge across every vertical but it seems to have found a soft spot in health care. For this roundtable, IANS brought together a group of health care sector security executives to talk about the problems they face and the strategies they are using to get ahead of the ransomware issue.

Read More »


October 13, 2016 | Networking and Network Devices
By Mike Saurbaugh, IANS Faculty

 What to Look for in a Secure Web Gateway

Secure web gateways provide a staple in network infrastructure and the market seems to suggest they will be around for the next few years. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh explores the capabilities of modern proxy solutions and offers selection criteria to help evaluate various solutions.

Read More »


October 6, 2016 | Regulations & Legislation
By Randy Sabett, IANS Faculty

 International Security, Privacy and Compliance Laws: Q3 2016 Update

Each quarter, IANS provides an update on the emerging international compliance laws and regulations that impact the information security community. For Q3 2016, we provide a short summary for each jurisdiction in which there was a change, followed by a more detailed description. An updated table of jurisdictions and changes can be accessed here.

Read More »


October 4, 2016 | Data Breaches
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q3 2016

A new vulnerability or breach seems to be discovered daily, but which should be taken more seriously and which are overhyped? In this report, IANS Faculty Mike Saurbaugh looks back over the major breaches and vulnerabilities of the past three months, explains them and provides real-world context and perspective.

Read More »


September 1, 2016 | Software Development Lifecycle (SDLC)
By Jason Gillam, IANS Faculty

 Ensuring a PCI-Compliant SDLC Review Process

Establishing a review process for PCI DSS compliance is something organizations should do in a strategic, ongoing fashion, rather than as a once-per-year activity. In this Ask-an-Expert written response, IANS Faculty Jason Gillam details the Building Security in Maturity Model (BSIMM) and demonstrates how organizations can consult this framework to build a continuous compliance review process within the software development lifecycle.

Read More »


August 26, 2016 | Cloud Application and Data Controls
By George Gerchow, IANS Faculty

 Securing Microsoft Office 365 and OneDrive for Mobile Access

Moving to Office 365 and other cloud applications presents both security and compliance challenges. In this Ask-an-Expert live interaction, IANS Faculty George Gerchow recommends using a CASB, together with Microsoft's own DLP and SharePoint data classification schemes to keep corporate data safe while easing access for mobile and cloud users.

Read More »


August 18, 2016 | Security Awareness, Phishing, Social Engineering
By Kevin Beaver, IANS Faculty

 CEO Spoofing: Don't Get Fooled!

Austrian aerospace firm FACC fired its CEO after losing nearly €50 million when fraudsters posing as the CEO forced the finance department to approve multimillion dollar payments. In this report, IANS Faculty Kevin Beaver explains how such scams work and offers tips to ensure your company doesn’t become the next victim.

Read More »


July 6, 2016 | Privacy
By Randy Sabett, IANS Faculty

 International Security, Privacy and Compliance Laws: Q2 2016 Update

Each quarter, IANS provides an update on the emerging international compliance laws and regulations that impact the information security community. For Q2 2016, we provide a short summary for each jurisdiction in which there was a change, followed by a more detailed description. An updated table of jurisdictions and changes can be accessed here.

Read More »


June 30, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 Encrypting Data at Rest With Pre-Boot Authentication

When it comes to encrypting data at rest on a laptop or desktop, enterprises can choose to employ software-, hardware- or user-driven pre-boot authentication (PBA) methods. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details each approach and explains why using Trusted Platform Modules (TPMs) is likely the most effective strategy.

Read More »


May 26, 2016 | IT Forensics
By Bill Dean, IANS Faculty

 Mobile Device Forensics: A Tools Overview

Mobile device forensics tools in the marketplace today vary greatly in both capability and price. In this Ask-an-Expert written response, IANS Faculty Bill Dean assesses a number of these solutions and explains that budget and the types of mobile phones in your environment are the two main factors for selecting the right forensics tool.

Read More »


November 2, 2016 | Risk Management
By Michael Pinch, IANS Faculty

 Breaking Down the Top 5 Security Risks Facing Health Care Organizations

The top priorities for health care organizations today are uptime and free access to data, which means companies in this space face a number of security challenges. In this Ask-an-Expert written response, IANS Faculty Mike Pinch details the major security risks the health care industry is dealing with today - from ransomware to the Internet of Things - and offers strategies for tackling these challenges.

Read More »


January 4, 2017 | Regulations & Legislation
By Daniel Maloof, IANS Managing Editor

 Trump and Security: What to Expect in the New Administration

We all know incoming U.S. President Donald Trump is focused on physical security and building the wall, but what about cybersecurity policy? In this report, a handful of IANS Faculty detail what they believe we should expect from the new Donald Trump administration in terms of digital privacy, consumer protections, the EU-U.S. Privacy Shield, the U.S. Cybersecurity Framework and more.

Read More »


January 6, 2017 | Cloud Application and Data Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q4 2016

As more organizations move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »


January 26, 2017 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Pros and Cons of CISA’s Threat-Sharing Program

With the passage of CISA and with DHS’ Automated Indicator Sharing (AIS) program getting up and running, organizations interested in sharing threat intelligence can now consider automating the process. How can they ensure their automated feed is scrubbed of PII and won’t leave them open to liability or privacy concerns? In this report, IANS Faculty Bill Dean offers tips for sharing threat indicators both automatically and safely.

Read More »


February 22, 2017 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Achieving HITRUST Certification Under Tight Time and Staffing Constraints

Achieving HITRUST certification, in addition to SOC 1 and 2, is no easy feat, especially when the security organization is under-staffed and running up against tight deadlines. In this Ask-an-Expert live interaction, IANS Faculty Josh More offers some tips for easing the process and avoiding common pitfalls.

Read More »


February 27, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Managing Vendors With Disparate Frameworks

Vendor due diligence becomes even more challenging when there are a variety of information security frameworks in play. In this Ask-an-Expert written response, IANS Faculty Josh More details two approaches to the problem: a formalized mapping process using the COBIT framework and an ad-hoc approach designed to prioritize the specific risks facing the organization. 

Read More »