Filter By:

Recent Blogs & Podcasts

Insights

 



November 9, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Help Consumers Avoid Holiday Shopping Scams

The holidays bring an uptick in both online shopping and holiday-oriented cyber crime. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh details the most common shopping scams and offers consumers tips for avoiding them and keeping their personal data safe throughout the season.

Read More »


November 6, 2017 | Threat Intelligence and Modeling
By Paul Asadoorian, IANS Faculty

 Get Your Arms Around Threat Intelligence

Collecting and analyzing data from a variety of threat intelligence feeds and sources can get overwhelming fast. In this Ask-an-Expert written response, IANS Faculty Paul Asadoorian explains the key threat feed data types, ingestion methods and integrations, and suggests some resources that help ease the process. 

Read More »


November 2, 2017 | Security Operations Centers (SOCs)
By Dave Shackleford, IANS Faculty

 SOC Year 1: Set Realistic Expectations

Most organizations struggle to understand what a mature security operations center (SOC) should look like, let alone a fairly new one. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford details some key metrics to track and some realistic expectations to set for the SOC's first year.

Read More »


November 1, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Ensure Your Security Awareness Program Fosters Behavioral Change

Security awareness training can easily become a compliance checkbox that isn’t beneficial to the organization, particularly as many users view security simply as a necessary evil that restricts their ability to get things done. In this report, IANS Faculty Mike Saurbaugh steps you through the process of ensuring security training gets employees to stop undesired behaviors (e.g., clicking on phishing links) and start desired ones (e.g., reporting suspicious emails to security), so that your training program can actually meet its ultimate goal: securing the business. 

Read More »


November 1, 2017 | Threat Intelligence and Modeling

 IANS Threat Modeling Tool

Threat modeling methodologies have existed for years in many forms, but there hasn't always been a simple and time-effective way to operationalize them. The IANS Threat Modeling Tool is designed to help jumpstart and evolve your organization's risk management efforts. 

Read More »


October 31, 2017 | Security Policies and Strategy

 Comprehensive Security Policy Generator

One of the best ways to construct a set of comprehensive information security policies is to start with the control categories laid out in ISO 27001 Annex A (also known as ISO 27002), and then describe what infosec policies apply to each of the controls. This document does just that, giving organizations the power to measure their current policies against this framework or develop new ones that align with the full scope of the ISO 27002 controls. 

Read More »


October 31, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 When to Trust Docker Images

Docker image security comes down to finding the right balance between trust and risk. In this Ask-an-Expert written response, IANS Faculty Jason Gillam explains why some Docker images (such as those in the official Docker repository) are more trustworthy than others.  

Read More »


October 30, 2017 | Architecture, Configuration and Segmentation

 Internal Network Monitoring Solution Request-for-Proposal (RFP) Template

When creating a request for proposal (RFP) of any kind, the purpose is to ensure prospective vendors can check all of the necessary boxes. This document provides a comprehensive RFP template specifically designed for organizations seeking an internal network monitoring solution.

Read More »


October 30, 2017 | Risk Management
By Josh More, IANS Faculty

 Create a Simple Risk Taxonomy for the Enterprise

When discussing risks and prioritizing controls, it's important that security and the business use a common language to collaboratively communicate recommendations to upper management. In this Ask-an-Expert written response, IANS Faculty Josh More details how the CIS Critical Controls can provide a simple risk taxonomy that helps keep everyone on the same page.

Read More »