Filter By:

Recent Blogs & Podcasts

Insights

 



April 20, 2017 | Security Policies and Strategy
By Kevin Beaver, IANS Faculty

 Beaver: Policies Don't Get Hacked, So Why Do They Get All the Attention?

What's the first thing everyone seems to talk about when information security is brought up? Policies. But as security professionals, we need to stop relying on words and let our actions do the talking. Technical controls have to be in place in order for policies to be enforced in most situations, and where that’s not possible or feasible, do something else – whatever it takes.

Read More »


April 19, 2017 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Understanding the Australian Regulation’s ‘Two-Person Rule’ Requirement

The Australian Regulation's PPG 234 requires that extremely sensitive IT assets be subject to the "two-person rule," but it doesn't offer much guidance in terms of what it deems "extremely sensitive." In this Ask-an-Expert written response, IANS Faculty Josh More explains the rule and offers some practical   advice for complying with it efficiently. 

Read More »


April 18, 2017 | Penetration Testing and Red Teaming
By Dave Kennedy, IANS Faculty

 Adversarial Simulations - Evolving Penetration Testing

Penetration testing has been given quite a few names over the past few years, including everything from “vulnerability scanning” all the way to “targeted and direct attacks” against organizations. This comes as attacker techniques themselves are shifting based on organizations adding more detection capabilities into their environments. In this webinar, IANS Faculty Dave Kennedy dives into some of the latest attack vectors and discusses why adversarial simulations are some of the most effective methods for building defenses within your organization. 

Read More »


April 14, 2017 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Addressing PCI’s ‘One Primary Function’ Requirement

While PCI DSS 3.2 requires that IT implement just one primary function per server, it isn't exactly clear about what compliance entails. In this Ask-an-Expert written response, IANS Faculty Josh More explains the requirement and offers strategies for defending common business practices.

Read More »


April 13, 2017 | Data Loss Prevention (DLP)
By Ken Van Wyk, IANS Faculty

 Van Wyk: Get a Handle on Your Data

One person's data is another's active content. The intermingling of data and executable content – or “active content” as it’s often called in web application environments – is a problem we haven't solved yet. We’ve applied a bit of duct tape and bubble gum here and there, but the problem persists.

Read More »


April 12, 2017 | Vulnerability Assessment and Management
By Josh More, IANS Faculty

 Managing the Vulnerability Exception Process

Vulnerability remediation can often seem like a three-way tug of war between operations, compliance and security. In this Ask-an-Expert written response, IANS Faculty Josh More details best practices for managing exceptions and keeping the whole process on track.

Read More »


April 12, 2017 | Network Access Controls (NAC)
By Jennifer Minella, IANS Faculty

 Deploying NAC for Both Wired and Wireless Networks

No two network access control (NAC) solutions are alike, and choosing the right implementation for a complex health care environment that spans both wired and wireless networks is difficult at best. In this Ask-an-Expert written response, IANS Faculty Jennifer Minella provides an overview of current NAC options along with some industry-specific recommendations.

Read More »