Filter By:

Recent Blogs & Podcasts

Insights

\ Threats & Vulnerabilities 



November 20, 2017 | Security Awareness, Phishing, Social Engineering
By Dave Shackleford, IANS Faculty

 Defend Your Internal Phishing Campaign to Upper Management

Security teams know internal phishing programs are important, but how can they prove that to others in the organization? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford explains how internal phishing campaigns help validate other security controls and offers multiple stats to prove their benefits, including the fact that simulated phishing attacks yield an average ROI of 37 percent.

Read More »


November 9, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Help Consumers Avoid Holiday Shopping Scams

The holidays bring an uptick in both online shopping and holiday-oriented cyber crime. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh details the most common shopping scams and offers consumers tips for avoiding them and keeping their personal data safe throughout the season.

Read More »


November 6, 2017 | Threat Intelligence and Modeling
By Paul Asadoorian, IANS Faculty

 Get Your Arms Around Threat Intelligence

Collecting and analyzing data from a variety of threat intelligence feeds and sources can get overwhelming fast. In this Ask-an-Expert written response, IANS Faculty Paul Asadoorian explains the key threat feed data types, ingestion methods and integrations, and suggests some resources that help ease the process. 

Read More »


November 1, 2017 | Threat Intelligence and Modeling

 IANS Threat Modeling Tool

Threat modeling methodologies have existed for years in many forms, but there hasn't always been a simple and time-effective way to operationalize them. The IANS Threat Modeling Tool is designed to help jumpstart and evolve your organization's risk management efforts. 

Read More »


November 1, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Ensure Your Security Awareness Program Fosters Behavioral Change

Security awareness training can easily become a compliance checkbox that isn’t beneficial to the organization, particularly as many users view security simply as a necessary evil that restricts their ability to get things done. In this report, IANS Faculty Mike Saurbaugh steps you through the process of ensuring security training gets employees to stop undesired behaviors (e.g., clicking on phishing links) and start desired ones (e.g., reporting suspicious emails to security), so that your training program can actually meet its ultimate goal: securing the business. 

Read More »


October 24, 2017 | Enterprise and IT Compliance Management
By Andrew Carroll, IANS Faculty

 Meet PCI Standards for Penetration Testing

PCI DSS requires Level 1 merchants to perform an annual penetration test and mitigate any vulnerabilities found, but what does the whole process entail? In this Ask-an-Expert written response, IANS Faculty Andrew Carroll explains exactly what PCI DSS requires and offers tips for ensuring compliance.

Read More »


October 18, 2017 | Configuration and Change Management
By Marcus Ranum, IANS Faculty

 Configuration Management: Driving the Future of Security

Strong configuration management not only eases operational tasks like desktop and server deployments, but it also helps improve security, especially as organizations move to newer on-demand and software-defined networking environments. In this report, IANS Faculty Marcus Ranum details the vital role configuration management plays in today's environments, and offers tips for building a comprehensive program that will help drive security well into the future.

Read More »


October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Testing Request-for-Quote (RFQ) Template

Contracting with third-parties for penetration tests -- against both internal and externally facing resources -- is an important part of security. This RFQ is a template for identifying and selecting highly qualified vendors for the services of network and application penetration testing. 

Read More »


October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Test Preparation Checklist

Penetration tests are risk-oriented and consist of activities ranging from vulnerability assessment to post-exploitation. Establishing specific test goals helps ensure the test meets expectations, and these questions should always be addressed during the scoping process. 

Read More »


October 12, 2017 | Threat Intelligence and Modeling
By Dave Shackleford, IANS Faculty

 For Automated Testing Tool Success, Focus on Process and Measurement

Automated testing tools can help shore up defenses while freeing up staffers from mundane tasks, but they must be implemented properly. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford offers tips for putting the right procedures, metrics and management processes in place for deploying tools like Veridian, AttackIQ and SafeBreach. 

Read More »