Filter By:

Recent Blogs & Podcasts

Insights

 



October 17, 2017 | Cloud Application and Data Controls
By George Gerchow, IANS Faculty

 Take 3 Steps to Prevent Amazon S3 Data Leaks

High-profile Amazon S3 data leaks from the likes of Dow Jones and Verizon are highlighting the need for customers to get smart about their S3 security controls. In this Ask-an-Expert written response, IANS Faculty George Gerchow details three key steps to ensure your S3 buckets stay secure.

Read More »


October 16, 2017 | Wireless Networks

 KRACK Weakness in WPA2 Wi-Fi Security Protocol

On October 16, 2017, researchers disclosed a major weakness in the Wi-Fi Protected Access 1 (WPA1) and WPA2 security protocols. WPA2 is the most widely used Wi-Fi security standard in the world. The disclosure was a proof-of-concept, and there are currently no confirmed reports of this vulnerability, known as KRACK (an acronym for Key Reinstallation Attacks), being actively exploited in the wild.

Read More »


October 16, 2017 | Security Information and Event Management (SIEM) and Log Management
By Raffy Marty, IANS Faculty

 Implementing Your Big Data and SIEM Plans: 10 Challenges to Solve First

SIEM deployments can be challenging for many reasons: scalability, visibility, insights, etc. But is the SIEM really to blame? In this webinar, IANS Faculty Raffy Marty explores some of the reasons why you might not be getting the full benefits from your SIEM and details some of the challenges around moving to an alternative big-data solution.

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) 20 Master Mapping Tool

Understanding and managing different security frameworks can be a daunting task. This tool offers a detailed matrix for mapping the CSC 20 to a number of different frameworks, including the NIST CSF, ISO 27002, NSA MNT and many more. 

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) Assessment Tool

One way to assess organizational maturity around information security is to use the CIS Critical Security Controls (CSC). Use this tool to perform an initial assessment of your maturity level and track your progress on what percentage of CSC your organization is currently following. 

Read More »


October 16, 2017 | Security Information and Event Management (SIEM) and Log Management

 SIEM Strategy Checklist

SIEM products represent a major investment in time and money, and deciding which one is right for a given enterprise is a complex process. With the stakes for selecting the right system so high – and the penalties for bad SIEM decisions so onerous – it’s vital that security professionals carefully consider a number of key factors. To take some of the mystery and risk out of the process, use this checklist as your guide to making the correct SIEM choice for your organization.

Read More »


October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Test Preparation Checklist

Penetration tests are risk-oriented and consist of activities ranging from vulnerability assessment to post-exploitation. Establishing specific test goals helps ensure the test meets expectations, and these questions should always be addressed during the scoping process. 

Read More »


October 16, 2017 | Endpoints

 Infosec Quick-Wins Checklist

There's nothing more frustrating than investing in the latest security technologies and "solutions" only to find that a few simple process changes would have accomplished the same things at far less cost. This checklist offers a number of low-cost, high-impact tips for improving your organization's security posture.

Read More »


October 16, 2017 | Security Policies and Strategy

 CISO Impact Security Process Maturity Matrix

For security organizations, understanding where you stand from a maturity perspective can offer valuable insight into which processes and procedures need to be improved. These charts depict specific processes and procedures within information security mapped to the various stages of maturity within IANS' CISO Impact framework. 

Read More »