Filter By:

Recent Blogs & Podcasts

Insights

 



October 26, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By David Etue, IANS Faculty

 Help Users Understand the Importance of Encryption

Encryption is a powerful control with myriad use cases and business implications, but getting end users to understand its importance is no easy task. In this Ask-an-Expert written response, IANS Faculty David Etue explains why organizations use encryption, what can happen when it's not used and how much easier it is to apply encryption than to deal with the ramifications of a breach or data loss.

Read More »


October 25, 2017 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 Hybrid Cloud Security: Know the Fundamentals

While hybrid clouds offer more visibility and control than cloud-only environments, they also require smart architecture and security designs to keep data safe and the business as a whole up and running. In this report, IANS Faculty Dave Shackleford details the key fundamentals of hybrid cloud security, including automation, continuous monitoring and shift-left strategies designed to ensure your hybrid cloud workloads remain secure today - and over time. 

Read More »


October 24, 2017 | Risk Management

 IANS Risk Register Tool

Building a Risk Register is a critical undertaking for organizations of all sizes, and there are a number of factors that contribute to its accuracy and success. This tool offers a step-by-step guide for identifying risk and harm, calculating exposure and adopting appropriate security controls. 

Read More »


October 24, 2017 | Enterprise and IT Compliance Management
By Andrew Carroll, IANS Faculty

 Meet PCI Standards for Penetration Testing

PCI DSS requires Level 1 merchants to perform an annual penetration test and mitigate any vulnerabilities found, but what does the whole process entail? In this Ask-an-Expert written response, IANS Faculty Andrew Carroll explains exactly what PCI DSS requires and offers tips for ensuring compliance.

Read More »


October 23, 2017 | Risk Management
By Josh More, IANS Faculty

 Suit Your Risk Framework to Your Risk Types

When it comes to managing risk, no one risk framework can truly rule them all. In this Ask-an-Expert written response, IANS Faculty Josh More explains that organizations face different types of risks (strategic, tactical and operational) and details some ways to address them all without force-fitting a framework, bogging down processes or oversimplifying the analysis.

Read More »


October 22, 2017 | Data Breaches
By Ken Van Wyk, IANS Faculty

 Van Wyk: Take Steps to Protect Yourself as a Consumer

With all the digital threats we face on a daily basis, it's a miracle we haven't all been hacked. To ensure the odds are in your favor, there are some informed and well-planned steps you can take to protect yourself as a consumer, particularly as the holiday shopping season approaches. 

Read More »


October 18, 2017 | Configuration and Change Management
By Marcus Ranum, IANS Faculty

 Configuration Management: Driving the Future of Security

Strong configuration management not only eases operational tasks like desktop and server deployments, but it also helps improve security, especially as organizations move to newer on-demand and software-defined networking environments. In this report, IANS Faculty Marcus Ranum details the vital role configuration management plays in today's environments, and offers tips for building a comprehensive program that will help drive security well into the future.

Read More »


October 17, 2017 | Recruiting, Hiring and Retention

 Information Security Job Description Templates

With the information security workforce shortage projected to reach 2-3 million over the next few years, organizations are putting a greater emphasis on their recruiting process to better fill out their security teams. Use these sample infosec job descriptions to set the foundation for role expectations and attract the most highly qualified professionals to your organization. 

Read More »