Filter By:

Recent Blogs & Podcasts

Insights

 



September 1, 2017 | Data Loss Prevention (DLP)
By James Tarala, IANS Faculty

 Implement DLP Effectively

The best DLP implementations go beyond technology considerations to focus on achieving business goals. In this Ask-an-Expert written response, IANS Faculty James Tarala explains how to build an effective DLP program, from creating optimal governance and data classification policies to choosing the right keywords and vendors. 

Read More »


August 30, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 How to Vet Third Parties That Store Your Critical Data in Someone Else’s Cloud

It's difficult enough to vet your vendors, but how do you vet your vendors' vendors, especially when they're storing your sensitive data in the cloud? In this Ask-an-Expert written response, IANS Faculty Josh More details specific questions in seven key areas that you should ask your vendors to ensure your data is secured properly, no matter where it's hosted. 

Read More »


August 28, 2017 | Metrics and Reporting
By Paul Asadoorian, IANS Faculty

 Confirm and Compare Your Attack Rate

Determining whether an attack is real can be difficult, but quantifying your overall attack rate with any certainty is even trickier. In this Ask-an-Expert written response, IANS Faculty Paul Asadoorian details common methods for quantifying attacks and understanding how your attack rate compares with others in your industry.

Read More »


August 28, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Build and Manage a Holistic Anti-Phishing Program

Phishing continues to be a top attack vector and all companies are targets, regardless of their size. In this report, IANS Faculty Mike Saurbaugh details how to build a comprehensive anti-phishing program from the ground up and explains the importance of focusing on the right behaviors, metrics and employee engagement to ensure everyone in the company becomes a strong security ally. 

Read More »


August 24, 2017 | Risk Management
By Josh More, IANS Faculty

 Risk-Scoring Firms Aren’t Viable – Yet

A new breed of vendors is attempting to extend the financial/credit risk-scoring model to the information security world, enabling organizations to rate vendors according to their "risk score." In this Ask-an-Expert written response, IANS Faculty Josh More explains why such security risk scores aren't a very viable approach to vendor assessment, at least not yet.

Read More »


August 23, 2017 | Architecture, Configuration and Segmentation
By Dave Kennedy, IANS Faculty

 Why Jump Servers Are Important

Developers and system administrators may not like using jump servers to access critical resources, but they are an important layer of security, especially when it comes to disrupting lateral movement. In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains how using - and configuring - jump servers correctly can slow down attackers and help prevent data loss.

Read More »


August 22, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Top 10 Ways Penetration Testers Break Into Organizations

Penetration-testers are great at uncovering critical vulnerabilities that give them unfettered access across entire organizations, but did you know that many rely primarily on 10 common (and easily mitigated) exploits? In this Ask-an-Expert written response, IANS Faculty Dave Kennedy details penetration-testers' top go-to methods and offers advice for shutting them down.

Read More »


August 22, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Help the Business Uncover Security Red Flags When Vetting Third-Party Apps

While business stakeholders can't perform detailed security analyses of third-party applications, they can ask some key questions to help weed out critical shortcomings. In this Ask-an-Expert written response, IANS Faculty Josh More provides a list of questions designed to help the business uncover security red (and yellow) flags in potential applications. 

Read More »