Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ Ask-an-Expert 



April 19, 2018 | Account Provisioning
By Aaron Turner, IANS Faculty

 Cloud Provisioning: Know the Issues

The good news for cloud identity management? Authentication standards are solid. The bad news? Authorization standards are nowhere near as mature. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the many challenges in cloud provisioning and recommends focusing on making role-based access control (RBAC) as efficient as possible.

Read More »


April 17, 2018 | Penetration Testing and Red Teaming
By Jake Williams, IANS Faculty

 Avoid Common Issues with Live Red Team Exercises

Red team exercises provide valuable insight into an organization's defenses, but running them against live environments can be dicey. In this Ask-an-Expert live interaction, IANS Faculty Jake Williams details how to get a red team program up and running, and offers tips for conducting live exercises without adversely affecting the business.

Read More »


April 16, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Create an Efficient, Effective Bug Bounty Program

Organizations with significant software exposure often consider deploying bug bounty programs to improve quality and better manage vulnerability disclosures, but what's the best way to go about it? In this Ask-an-Expert written response, IANS Faculty Marcus Ranum recommends using an internal (vs. outsourced) process and details the critical components for success.

Read More »


April 12, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Set an Optimal Social Media Usage Policy

Like all things in infosec, social media usage policies must strive to balance security with business benefits. In this Ask-an-Expert written response, IANS Faculty Aaron Turner explains the pros and cons of strict vs. permissive social media policies and suggests the best path forward is to balance unfettered social media engagement with smart investments in SSL decryption and other monitoring solutions.

Read More »


April 9, 2018 | Intrusion Prevention/Detection (IPS/IDS)
By Jake Williams, IANS Faculty

 Choose the Best IDS/IPS for a New Wide-Area Network

An IDS/IPS is a critical WAN security control, but choosing the right one for your environment requires some research. In this Ask-an-Expert written response, IANS Faculty Jake Williams details the key criteria to consider and suggests evaluating solutions from four main vendors: Check Point, Cisco, McAfee and WatchGuard.

Read More »


April 5, 2018 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Shi, IANS Director of Web Development & Security

 Ensure Your User IDs Are Encrypted

In the wake of the Equifax breach and other high-profile incidents, organizations are enforcing encryption across all PII and passwords, but what about user IDs? In this Ask-an-Expert written response, IANS Director of Web Development and Security Aaron Shi explains why user IDs are often left in the clear and offers a simple way to bring them into the encryption fold.

Read More »


April 2, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Build a More Formal, Automated CTI Program

Moving from an ad hoc, manual cyber threat intelligence (CTI) program to one that is more formal and automated is not complicated, as long as you follow the right steps. In this Ask-an-Expert written response, IANS Faculty Jake Williams explains the five-step CTI lifecycle and details key pitfalls to avoid.

Read More »


March 29, 2018 | Insider Threats
By Mark Clancy, IANS Faculty

 Create an Effective Insider Threat Monitoring Program

Monitoring for insider threats is both important and complex, especially when privacy is also a concern. In this Ask-an-Expert live interaction, IANS Faculty Mark Clancy details the key steps to building an effective monitoring program, from deciding what and who to monitor, to ensuring employee privacy is protected. 

Read More »


March 27, 2018 | Security Awareness, Phishing, Social Engineering
By Jason Gillam, IANS Faculty

 Spear-Phishing Attacks: Understanding the Risk

Spear-phishing attacks are often in the news, but how prevalent and effective are they really? In this Ask-an-Expert written response, IANS Faculty Jason Gillam offers a simple answer: Very. He also outlines some common attacks and best practices for thwarting them.

Read More »