Whether you're new to the field of security, expanding your skill set or just keeping your fundamentals sharp, these primers will do the trick. These Security Basics articles are compiled from expert input on CSOonline or contributed directly by subject-matter specialists.
Security Basics categories (click to skip to a category)
Understanding information security policy, cloud security, social media, IT audit, penetration tests and more.
Pen tests need to accomplish business goals, not just check for random holes. Here's how to get the most value for your efforts.
SaaS, IaaS and PaaS and their security implications.
How to choose the right type of log management system—and use it for business intelligence.
by David Torre
Best practices and key concepts for writing secure code.
by Mark Merkow and Lakshmikanth Raghavan
How to deliver more code at lower cost—by building security into the application development process. Also by Merkow and Raghavan.
A three-part series covering vulnerability management tactics and tools, plus how penetration testing fits in.
TMI, tweet rage, "friend" scams and many more risks to avoid on social media and social networking sites.
OCTAVE, FAIR, NIST RMF, and TARA—a look at the strengths and weaknesses of four formal methodologies for risk assessment.
Where to start, what to cover and how to make your overall information security policy effective.
by Jennifer Bayuk
What should you expect from an IS audit? Here's a step-by-step walkthrough.
by Jennifer Bayuk
Defense in depth, role-based access control, and other critical network concepts to understand before you get lost in the bits and bytes
by Stephen Northcutt, SANS Institute
Encryption and authentication are the key to securing wireless networks, regardless of protocol
by Galen Gruman
How to build a robust function for dealing with computer security incidents
by Richard Bejtlich
Dealing with vishing, SPIT and other voice-over-IP (VoIP) threats
by Bob Bradley, Sonus Networks
Threats and defensive techniques in SOAP/WSDL and REST-based architectures
by Mark O'Neill, Vordel
How to foil identity theft and other phishing attempts
Providing IT managers with tools and technologies for controlling user access to critical information within an organization
by John Waters
Physical security threats and concepts and business interruption scenarios including pickets and strikes, social engineering, access control, video surveillance and more.
Fighting fraud requires cooperation, ethical culture, good detection mechanisms, and more. NEW
by Daniel Draz, M.S., CFE
Physical security information management software synthesizes data from video, access control systems, and other sensors. NEW
by Steve Hunt
Hosted or managed video surveillance services aim to reduce hardware hassles and monitoring manpower.
What is social engineering and what are the most common and most current tricks and tactics?
How to plan and conduct internal investigations of suspected (or alleged) employee misconduct or fraud.
9 things security should do - and 6 things you absolutely can't do - to help ensure a strike or picket remains peaceful
by Anthony Manley
Planning walkthroughs, avoiding common project pitfalls, and more about physical access control
by Jason Cowling
The lowdown on frame rates, storage requirements and other CCTV considerations
by Jason Cowling
There are lots of ways to watch your employees, visitors, and customers. Here's a guide to doing it well and staying out of hot water.
How to build a world-class executive protection program that works in the private-sector setting.
Mantraps, biometrics and simpler measures as well for protecting data centers.
Do you know the difference between a trade secret and a copyright? Have you taken a holistic look at legal, technical and procedural means of protecting your organization's intellectual property?
How to ready your human, physical and IT infrastructure for disasters or business interruption.
Starting a job in retail security? Just double-checking your defenses? Here's a roundup of strategies for protecting retail inventory, profits and employees. NEW
How to keep your house or apartment secure, including vacation tips
by Chris McGooey
Critical concepts and tactics for leading a security department or function.
A sample job description for security leadership and operational risk management.
Also read about the role of the CSO as a business enabler in
Maintaining the right level of boardroom and employee security awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm.
Understanding business language and priorities, and translating security-speak into effective communication with other executives
From ALE to ROSI—the evolving science of quantifying security's payoff
The benefits and challenges of holistic security management
How to take a multi-faceted approach to information security management that incorporates organizational, managerial and operational aspects that are closely associated with the business.
by Micki Krause, et al
How the CISO role has evolved over the past several years.
Awareness programs are the cheapest way to prevent costly problems, but the security message can be easy to ignore. CSOs and CISOs share their strategies for spreading the good word.
More in-depth leadership reading:
Real-world looks at security in action.
A roundup of security metrics coverage, including both operational and financial metrics.
Templates, tools, and policies:
Also see our resource center with sample security policies and tools.