Filter By:

Recent Blogs & Podcasts



September 25, 2017 | IT Service Management
By George Gerchow, IANS Faculty

 Top 5 GRC Solutions to Consider

The market for governance, risk management and compliance (GRC) solutions continues to evolve, but certain vendors consistently work their way to the top of most organizations' short lists. In this Ask-an-Expert written response, IANS Faculty George Gerchow offers his take on five top vendors: LockPath, MetricStream, ZenGRC, RSA Archer and ServiceNow.

Read More »

September 21, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Honeypots: Don’t Bar the Window; Be the Window

One of the best ways to detect someone climbing into your window is to instrument the window. It’s a different way of thinking about the problem of “too many alerts” in your operations center: narrow the alerts down to activities you don’t expect to see occur. In this report, IANS Faculty Marcus Ranum explains how to cut through the noise with targeted alerts and offers tips and tricks to ensure that your honeypot management doesn’t become a nightmare. 

Read More »

September 20, 2017 | Account Provisioning
By Aaron Turner, IANS Faculty

 Revoke Network Access Efficiently and Effectively

Depending on the human element and manual notifications to revoke network access when users leave the company is neither scalable nor dependable. In this Ask-an-Expert written response, IANS Faculty Aaron Turner suggests using some script-based workarounds to automate the process while evaluating the move to a newer, more automated IDAM platform for the future.

Read More »

September 18, 2017 | Cloud Application and Data Controls
By Shannon Lietz, IANS Faculty

 M&A Playbook: Merging Domains in the Cloud

Mergers and acquisitions (M&As) are complicated enough without adding AWS instances to the mix. In this Ask-an-Expert live interaction, IANS Faculty Shannon Lietz provides a playbook for ensuring an acquired company's AWS environment is integrated quickly and securely.

Read More »

September 18, 2017 | Risk Management
By Rich Guida, IANS Faculty

 Infosec Risk Management: How to Focus on the Business Units

Information security professionals spend a lot of time doing risk management, but how do we know what the enterprise’s biggest risks are? How did we determine them? In this webinar, IANS Faculty Rich Guida discusses ways to ensure that business units (and their executive leaders) can be brought to the table and contribute meaningfully in risk identification and ranking, so when you ask for money to mitigate those risks, you have confidence that leadership has bought in to them.

Read More »

September 18, 2017 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty

 Poulin: The Economics of IoT Fear and Uncertainty

Information- (and now device-) security is an underappreciated field. It’s anti-climactic and difficult to justify the cost of building security in, bolting security on and implementing security controls for the operating environment. But it's up to us in the community to become early adopters and work with the manufacturers to make products as secure as possible for the general public. 

Read More »

September 15, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Phishing Stories From the Wild

We all know phishing is a problem, but how can the security team best convey the breadth and depth of the issue to end users? In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh helps frame the threat by detailing several examples of real-world data breaches caused by phone-, text- and spear-phishing campaigns.

Read More »