Filter By:

Recent Blogs & Podcasts



October 5, 2017 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q3 2017

As organizations continue to move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »

October 4, 2017 | Security Awareness, Phishing, Social Engineering
By Jason Gillam, IANS Faculty

 Match Your Phishing Program to Your Maturity Level

The tools and processes used within a typical phishing program differ according to each organization's overall level of security awareness. In this Ask-an-Expert written response, IANS Faculty Jason Gillam explains what a typical phishing program should look like at each stage of maturity.

Read More »

October 2, 2017 | Incident Response Planning
By Ken Van Wyk, IANS Faculty

 Van Wyk: Doing Your IR Planning the Right Way

In light of the Equifax breach, organizations need to re-examine their incident response planning to ensure similar crises are handled effectively. Being proactive, communicating transparently and prioritizing customers are three important pieces of the IR puzzle,.

Read More »

October 2, 2017 | Vendor and Partner Management
By Rich Guida, IANS Faculty

 Weigh the Risk/Benefit of Partnering with Startups

Vetting third-parties that are new, small and innovative is very different from assessing established vendors. In this Ask-an-Expert written response, IANS Faculty Rich Guida explains how to weigh a startup's overall benefits against its security risks, and offers tips for getting the business to mitigate or accept them.

Read More »

September 29, 2017 | Vulnerability Assessment and Management
By Dave Shackleford, IANS Faculty

 Toning Up the Vulnerability Management Core

When it comes to safeguarding your organization, it's the security basics, not the shiny new widgets, that get the job done. In this report, IANS Lead Faculty Dave Shackleford details the fundamental technology controls required to tone up your vulnerability management core, including inventory management/maintenance, patch management and implementing rigorous configuration controls that meet or exceed industry best practices. 

Read More »

September 27, 2017 | Security Policies and Strategy
By David Kolb, IANS Faculty

 Getting the Board on Board

Information security is no longer a cursory topic embedded in a quarterly discussion of organizational risk; it’s now an uncomfortably frequent topic on many board agendas. In this report, IANS Faculty David Kolb offers tips to ensure that when summoned to the board, you are prepared and succinct, and use the opportunity to build trust, deepen organizational understanding and get the support you need to provide excellent information security. 

Read More »

September 26, 2017 | Authentication
By Michael Pinch, IANS Faculty

 Determine the Best MFA Fit: Duo vs. Azure

When it comes to deploying effective multifactor authentication (MFA) across a large user enterprise, success depends on matching the MFA solution to your operational strategy. In this Ask-an-Expert written response, IANS Faculty Michael Pinch provides a functional comparison of both Duo and Microsoft Azure MFA in terms of security, channels, ease of use and ease of enrollment.

Read More »

September 25, 2017 | IT Service Management
By George Gerchow, IANS Faculty

 Top 5 GRC Solutions to Consider

The market for governance, risk management and compliance (GRC) solutions continues to evolve, but certain vendors consistently work their way to the top of most organizations' short lists. In this Ask-an-Expert written response, IANS Faculty George Gerchow offers his take on five top vendors: LockPath, MetricStream, ZenGRC, RSA Archer and ServiceNow.

Read More »