We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ Security Operations 



June 19, 2018 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 Three Success Factors for SSH Key Management

Despite the fact that most enterprises use hundreds of thousands of SSH keys on a regular basis, few have the right pieces in place to manage them effectively. In this Ask-an-Expert written response, IANS Faculty Aaron Turner says successful SSH key management depends on three factors: strong configuration management, mature service management and effective policy management.

Read More »


June 12, 2018 | Metrics and Reporting
By Marcus Ranum, IANS Faculty

 Create Metrics to Show Security’s Business ROI

Dollar-based metrics may get executives' attention, but are they the right tools to use to promote information security across an organization? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum steps through the process of creating actionable security metrics and suggests focusing on staff time vs. dollars when reporting to top management.

Read More »


May 22, 2018 | Security Information and Event Management (SIEM) and Log Management
By Michael Pinch, IANS Faculty

 Help Operations Understand the Importance of Log Monitoring

Faced with the log monitoring prowess of mature cybersecurity teams, some IT operations staffers are starting to believe they no longer need to participate in log management/monitoring. In this Ask-an-Expert written response, IANS Faculty Mike Pinch explains why this is a mistake, citing both IT operational excellence frameworks and the need for a layered defense.

Read More »


May 21, 2018 | Security Information and Event Management (SIEM) and Log Management
By Jake Williams, IANS Faculty

 Train the Team on the SIEM Basics

Bringing SIEM duties in-house after an outsourcing arrangement requires in-house staff be brought up to speed quickly. In this Ask-an-Expert written response, IANS Faculty Jake Williams suggests focusing training on three areas: configuration/maintenance, log management and alert management.

Read More »


May 2, 2018 | Vulnerability Assessment and Management
By Dave Shackleford, IANS Faculty

 Vulnerability Management in a Post-Equifax World

After the Equifax debacle, upper management cares now more than ever before about vulnerability management. How can you use this new spotlight to take your program to the next level? In this report, IANS Faculty Dave Shackleford explains how to drive the right incentives, build the right metrics framework and get IT on board  for a successful, comprehensive vulnerability/patch management program. 

 

Read More »


March 29, 2018 | Insider Threats
By Mark Clancy, IANS Faculty

 Create an Effective Insider Threat Monitoring Program

Monitoring for insider threats is both important and complex, especially when privacy is also a concern. In this Ask-an-Expert live interaction, IANS Faculty Mark Clancy details the key steps to building an effective monitoring program, from deciding what and who to monitor, to ensuring employee privacy is protected. 

Read More »


March 20, 2018 | Managed Security Services
By Dave Shackleford, IANS Faculty

 Consider the Top MSSPs for Your SOC

How can you be sure the MSSP you choose for your SOC will be the right fit for your business and security needs? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford details the main decision factors and lists the top MSSPs to consider, along with their strengths and weaknesses.

Read More »


March 8, 2018 | Metrics and Reporting
By Josh More, IANS Faculty

 Use Metrics to Communicate Risk Management’s Value

A successful metrics program helps tell security's story in a way that fosters business engagement and support, but what's the best way to get there? In this Ask-an-Expert written response, IANS Faculty Josh More discusses the difference between operational and strategic metrics, and offers tips for getting started using FAIR.

Read More »


February 13, 2018 | Security Analytics and Visualization
By John Strand, IANS Faculty,
     Aaron Turner, IANS Faculty

 Cut Through the AI/ML Hype

Vendors across the board are touting artificial intelligence and machine learning as the next big thing in security, but how practical is it for today's enterprises? In this Ask-an-Expert live interaction, IANS Faculty John Strand and Aaron Turner discuss the current state of the technology and offer practical ways to assess vendor offerings.

Read More »


February 6, 2018 | Security Information and Event Management (SIEM) and Log Management
By Justin Searle, IANS Faculty

 Strike the Right Balance When Logging Windows Events

Deciding what to log - and what not to log - is more of art than a science. In this Ask-an-Expert written response, IANS Faculty Justin Searle recommends starting with regulatory requirements and Microsoft's audit policy recommendations, as well as using the Suspect subscription to ensure  Windows event logs stay manageable and actionable.

Read More »