Filter By:

Recent Blogs & Podcasts



October 16, 2017 | Endpoints

 Endpoint Protection Vendor Checklist

Current endpoint security products have a much more complicated job to do than antivirus ever did, and there’s no shortage of technologies on the market today to choose from. Regardless of the vendor, when considering an endpoint protection product, use this feature checklist to make sure you’re covering all your bases.

Read More »

October 16, 2017 | Risk Management

 Employee Termination Checklist

Former employees at many organizations still have access to corporate applications after they leave their jobs. Even the most basic security missteps can leave an organization vulnerable to unauthorized access or breaches long after an employee leaves a job. This checklist offers information security best practices and actions to take when an employee leaves an organization.

Read More »

October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Testing Request-for-Quote (RFQ) Template

Contracting with third-parties for penetration tests -- against both internal and externally facing resources -- is an important part of security. This RFQ is a template for identifying and selecting highly qualified vendors for the services of network and application penetration testing. 

Read More »

October 15, 2017 | Mobile Access and Device Management
By Kevin Beaver, IANS Faculty

 Beaver: Learning the Right Lessons from ExpensiveWall Android Malware

If you're in charge of information security, you may not be able to control every user and every device in your environment, but you can shore up the gaps that do exist right now. If a security incident still surfaces, at least you’ll know in good conscience that you’ve done what needed to be done in order to minimize its impact.

Read More »

October 12, 2017 | Threat Intelligence and Modeling
By Dave Shackleford, IANS Faculty

 For Automated Testing Tool Success, Focus on Process and Measurement

Automated testing tools can help shore up defenses while freeing up staffers from mundane tasks, but they must be implemented properly. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford offers tips for putting the right procedures, metrics and management processes in place for deploying tools like Veridian, AttackIQ and SafeBreach. 

Read More »

October 11, 2017 | Cloud Application and Data Controls

 Accenture Data Left Unsecured on Public AWS S3 Cloud Storage Bucket

On September 17, 2017, cybersecurity firm UpGuard privately alerted Accenture to the fact that some of its sensitive information (including client-specific information, passwords and credentials, and encryption keys) was stored on a publicly accessible, unsecured Amazon Simple Storage Service (S3) storage unit -- called a “bucket.” The data could be downloaded by anyone who knew the web address -- no password was required.

Read More »

October 11, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 The Future of Enterprise Encryption: Prioritizing What Matters

Encryption is a hard technology to understand and an even harder one to deploy in a consistent, reliable way. In this report, IANS Faculty Aaron Turner explains how enterprises should be re-prioritizing their encryption technologies, staffing and investments to handle the increasingly larger role encryption is set to play in today's (and tomorrow's) information security programs.

Read More »

October 6, 2017 | Vendor and Partner Management

 Russian Hackers’ Breach of NSA via Kaspersky Software

In 2015, Russian-government backed hackers stole classified National Security Agency (NSA) data on U.S. cyber-offensive capabilities, according to a Wall Street Journal report on Tuesday, October 5th. The stolen information included details on how the U.S. defends against cyberattacks and the techniques it uses to penetrate foreign networks.

Read More »

October 6, 2017 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q3 2017

Vulnerabilities and breaches are mainstream news regularly. With a new vulnerability seemingly discovered daily, which should be taken more seriously (i.e., patch now!) and which are overhyped? In this quarterly research report, IANS Faculty Mike Saurbaugh updates clients on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

Read More »