Basics

Security Basics

Fundamentals of information security, physical and corporate security, business continuity, and more.

CSO — Whether you're new to the field of security, expanding your skill set or just keeping your fundamentals sharp, these primers will do the trick.

New in 2010: Key security risks of social media sites; advice on teaching employees to spot social engineering; also how to conduct internal investigations.

Categories (click to skip to a category)

• Information Security and Audit
• Physical Security and Business Continuity
• Security Leadership

Information Security and Audit

Social Media Security Risks: The Basics
TMI, tweet rage, "friend" scams and much more.

How to Write an Information Security Policy
Where to start, what to cover and how to make your overall policy effective.
by Jennifer Bayuk

Information System Audit Basics
What should you expect from an IS audit? Here's a step-by-step walkthrough.
by Jennifer Bayuk

Network Security
Defense in depth, role-based access control, and other critical network concepts
by Stephen Northcutt, SANS Institute

Wireless Security
Encryption and authentication are they key
by Galen Gruman

Incident Detection, Response and Forensics
How to build a robust function for dealing with computer security incidents
by Richard Bejtlich

VoIP Security
Dealing with vishing, SPIT and other voice-over-IP (VoIP) threats
by Bob Bradley, Sonus Networks

Service-Oriented Architecture (SOA) Security
Threats and defensive techniques in SOAP/WSDL and REST-based architectures
by Mark O'Neill, Vordel

Phishing: The Basics
How to foil identity theft and other phishing attempts

Identity Management Basics

Physical Security and Business Continuity

Social Engineering: The Basics
What is social engineering and what are the most common and most current tricks and tactics?

Internal Investigations Basics
How to plan and conduct internal investigations of suspected (or alleged) employee misconduct or fraud.

How to Handle Pickets and Strikes
9 things security should do - and 6 things you absolutely can't do - to help ensure a strike or picket remains peaceful
by Anthony Manley

The Physical Access Control Project Planner
Planning walkthroughs, avoiding common project pitfalls, and more about physical access control
by Jason Cowling

The CCTV Project Planner
The lowdown on frame rates, storage requirements and other CCTV considerations
by Jason Cowling

Video Surveillance and Data Monitoring
There are lots of ways to watch your employees, visitors, and customers. Here's a guide to doing it well and staying out of hot water.

The 6 Things You Should Know About Executive Protection

19 Ways to Build Security Into a Data Center
Mantraps, biometrics and simpler measures as well.

Intellectual Property Protection
Do you know the difference between a trade secret and a copyright? Have you taken a holistic look at legal, technical and procedural means of protecting your organization's intellectual property?

Business Continuity and Disaster Recovery
How to ready your human, physical and IT infrastructure for disasters or business interruption.

Home Security Basics
by Chris McGooey

Security Leadership

What is a Chief Security Officer?
A sample job description for security leadership and operational risk management.

The New Basics of Security Leadership

Security and Business: Communication 101

Security and Business: Financial Metrics 101
From ALE to ROSI

Physical and IT Security Convergence
The benefits and challenges of holistic security management

Information Security Management
by Micki Krause, et al

More in-depth leadership reading:
Security Case Studies
Security Metrics Collection

Read more about data protection in CSOonline's Data Protection section.

• Email
• Print
• Comments
• Digg This
• SlashDot