Filter By:

Recent Blogs & Podcasts

Insights

 



September 15, 2017 | Security Awareness, Phishing, Social Engineering
By Mike Saurbaugh, IANS Faculty

 Phishing Stories From the Wild

We all know phishing is a problem, but how can the security team best convey the breadth and depth of the issue to end users? In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh helps frame the threat by detailing several examples of real-world data breaches caused by phone-, text- and spear-phishing campaigns.

Read More »


September 14, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By Dave Shackleford, IANS Faculty

 Apply Blockchain Technology to Enterprise Security

Blockchain has been the focus of many hype cycles of late, and it seems to be making inroads into every technology area under the sun - but how enterprise-ready is it? In this report, IANS Lead Faculty Dave Shackleford examines how the technology works and details its current and future use cases in security.

Read More »


September 13, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Create Optimal Contract Language to Enable App Security Assessments via the Cloud

Getting application vendors to agree to have their wares tested in the cloud can  pose challenges, especially because many vendor contracts prohibit the sharing of code, binaries or other data with outside parties. In this Ask-an-Expert written response, IANS Faculty Josh More offers some sample contract language to make it work. 

Read More »


September 8, 2017 | Data Classification
By Michael Pinch, IANS Faculty

 Data Classification: Design for the Human, Enforce with Technology

Data classification policies can be difficult for end users to interpret, leaving organizations open to data leakage issues and more. In this Ask-an-Expert live interaction, IANS Faculty Mike Pinch details the importance of creating human-friendly policies and ensuring employee awareness but also backstopping the process with layered technology solutions such as DLP and DRM. 

Read More »


September 7, 2017 | Data Classification
By Josh More, IANS Faculty

 Take a Phased Approach to Data Classification

End-to-end enterprise data classification/management programs are seldom successful out of the gate, but they can get there eventually. In this written Ask-an-Expert response, IANS Faculty Josh More explains the limitations of data management tool sets, and advocates for an iterative, phased approach that starts small and becomes increasingly successful over time.  

Read More »


September 6, 2017 | Risk Management
By Josh More, IANS Faculty

 Avoid the Pitfalls of Using FAIR for Risk Management

FAIR is an effective approach for rating complex, wide-ranging risks, but it has its downsides. In this Ask-an-Expert written response, IANS Faculty Josh More details the pitfalls of using FAIR to manage tactical risks such as vulnerability management and offers tips for ensuring success.

Read More »


September 6, 2017 | Regulations & Legislation
By George Gerchow, IANS Faculty

 Get Your GDPR Ducks in a Row

Ensuring compliance with the new General Data Protection Regulation (GDPR) can seem like a daunting task, especially with enforcement set to begin in May 2018. In this Ask-an-Expert written response, IANS Faculty George Gerchow details some key steps to take to ensure you have the right people and processes in place by the deadline.

Read More »


September 5, 2017 | Enterprise and IT Compliance Management
By Dave Shackleford, IANS Faculty

 Get a Handle on FAR Compliance

The new Federal Acquisition Regulation (FAR) requires compliant organizations to implement best practice security within 15 different control areas, but what constitutes full compliance is not completely clear in many cases. In this Ask-an-Expert written response, IANS Lead Faculty Dave Shackleford details the 15 control areas and recommends using NIST 800-171 as a guide. 

Read More »