Filter By:

Recent Blogs & Podcasts



August 9, 2017 | Data Classification
By Rebecca Herold, IANS Faculty

 NIST’s CUI Designation Explained

Ensuring you have the right controls and policies in place to protect NIST-designated controlled unclassified information (CUI) first requires that you know what CUI is and the likely places it may reside in your organization. In this Ask-an-Expert written response, IANS Faculty Rebecca Herold defines the term and offers several concrete examples of applicable data.

Read More »

August 8, 2017 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty

 Poulin: What I Hacked this Summer in Vegas

Another July has come and gone, leaving the security community with a collective information hangover from Black Hat, DEF CON and BSidesLV. Hardware exploitation, IoT, machine-learning and blockchain emerged as some of the major themes from the conferences this year. 

Read More »

August 7, 2017 | Certifications and Training
By Kevin Beaver, IANS Faculty

 Beaver: Establishing Credibility Key to Infosec Success

One thing I've discovered over the years is that security has a credibility problem. It's nothing personal. It's just that other people aren't buying what we're selling until they’re convinced we are worth listening to. So, the question becomes: what are you doing to make sure that happens?

Read More »

August 4, 2017 | Software Development Lifecycle (SDLC)
By Josh More, IANS Faculty

 Match Your Open Source Tools to Your AppSec Workflow

Open source security tools can be a good way to get best-of-breed functionality at low or no cost, but choosing the right toolset among all the options available and can be challenging. In this Ask-an-Expert written response, IANS Faculty Josh More details five common application security workflows and recommends using open source tools that best match your workflow of choice.

Read More »

August 3, 2017 | Managed Security Services
By Dave Shackleford, IANS Faculty,
     Dave Kennedy, IANS Faculty

 How to Vet and Choose the Right MSSP for You

Most MSSPs claim to have the right staff and services in place to meet your every security need, but how can you be sure the one you pick will actually deliver on its promises? In this Ask-an-Expert written response, IANS Faculty Dave Shackleford and Dave Kennedy offer a shortlist of top vendors and offer advice for vetting, choosing, contracting with and managing the right MSSP. 

Read More »

August 2, 2017 | Desktop Virtualization (VDI)
By Dave Shackleford, IANS Faculty

 Best Practices in VMware VDI Security

Moving to a virtual desktop infrastructure (VDI) environment can enhance an organization's security, but only if it's done right. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford provides both general and VMware-specific best practices across controls, standards, policies and procedures. 

Read More »

July 31, 2017 | Incident Investigations, Handling and Tracking
By IANS Faculty, IANS Faculty

 Poll: Is It Better to Shut Down/Disconnect a Suspected Malware-Infected Device or Leave It Running?

When malware strikes, ensuring employees know and take the right steps immediately can make all the difference. In this report, IANS Faculty Mark Clancy, Dave Kennedy, Aaron Turner and Marcus Ranum weigh in on whether employees' first step should be to shut down the infected machine or contact security. 

Read More »