Filter By:

Recent Blogs & Podcasts

Insights

 



October 18, 2017 | Configuration and Change Management
By Marcus Ranum, IANS Faculty

 Configuration Management: Driving the Future of Security

Strong configuration management not only eases operational tasks like desktop and server deployments, but it also helps improve security, especially as organizations move to newer on-demand and software-defined networking environments. In this report, IANS Faculty Marcus Ranum details the vital role configuration management plays in today's environments, and offers tips for building a comprehensive program that will help drive security well into the future.

Read More »


October 17, 2017 | Recruiting, Hiring and Retention

 Information Security Job Description Templates

With the information security workforce shortage projected to reach 2-3 million over the next few years, organizations are putting a greater emphasis on their recruiting process to better fill out their security teams. Use these sample infosec job descriptions to set the foundation for role expectations and attract the most highly qualified professionals to your organization. 

Read More »


October 17, 2017 | Cloud Application and Data Controls
By George Gerchow, IANS Faculty

 Take 3 Steps to Prevent Amazon S3 Data Leaks

High-profile Amazon S3 data leaks from the likes of Dow Jones and Verizon are highlighting the need for customers to get smart about their S3 security controls. In this Ask-an-Expert written response, IANS Faculty George Gerchow details three key steps to ensure your S3 buckets stay secure.

Read More »


October 16, 2017 | Security Information and Event Management (SIEM) and Log Management
By Raffy Marty, IANS Faculty

 Implementing Your Big Data and SIEM Plans: 10 Challenges to Solve First

SIEM deployments can be challenging for many reasons: scalability, visibility, insights, etc. But is the SIEM really to blame? In this webinar, IANS Faculty Raffy Marty explores some of the reasons why you might not be getting the full benefits from your SIEM and details some of the challenges around moving to an alternative big-data solution.

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) 20 Master Mapping Tool

Understanding and managing different security frameworks can be a daunting task. This tool offers a detailed matrix for mapping the CSC 20 to a number of different frameworks, including the NIST CSF, ISO 27002, NSA MNT and many more. 

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) Assessment Tool

One way to assess organizational maturity around information security is to use the CIS Critical Security Controls (CSC). Use this tool to perform an initial assessment of your maturity level and track your progress on what percentage of CSC your organization is currently following. 

Read More »


October 16, 2017 | Security Information and Event Management (SIEM) and Log Management

 SIEM Strategy Checklist

SIEM products represent a major investment in time and money, and deciding which one is right for a given enterprise is a complex process. With the stakes for selecting the right system so high – and the penalties for bad SIEM decisions so onerous – it’s vital that security professionals carefully consider a number of key factors. To take some of the mystery and risk out of the process, use this checklist as your guide to making the correct SIEM choice for your organization.

Read More »


October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Test Preparation Checklist

Penetration tests are risk-oriented and consist of activities ranging from vulnerability assessment to post-exploitation. Establishing specific test goals helps ensure the test meets expectations, and these questions should always be addressed during the scoping process. 

Read More »