Security Basics
In-depth looks at the basics of information security, physical and corporate security, business continuity, and more.
By Derek Slater
April 01, 2009 — CSO — Whether you're new to the field of security, expanding your skill set or just keeping your fundamentals sharp, these primers will do the trick. These Security Basics articles are compiled from expert input on CSOonline or contributed directly by subject-matter specialists.
Updated 3/1/2013
Security Basics categories (click to skip to a category)
Information Security and Audit Basics
Understanding information security policy, cloud security, social media, IT audit, penetration tests and more.
Penetration test basics
Pen tests need to accomplish business goals, not just check for random holes. Here's how to get the most value for your efforts.
Cloud security: the basics
SaaS, IaaS and PaaS and their security implications.
Log management basics
How to choose the right type of log management system—and use it for business intelligence.
by David Torre
Software security for developers
Best practices and key concepts for writing secure code.
by Mark Merkow and Lakshmikanth Raghavan
Software security for application development managers
How to deliver more code at lower cost—by building security into the application development process. Also by Merkow and Raghavan.
Vulnerability management: The basics
A three-part series covering vulnerability management tactics and tools, plus how penetration testing fits in.
Social media security risks: the basics
TMI, tweet rage, "friend" scams and many more risks to avoid on social media and social networking sites.
IT risk assessment frameworks: an introduction
OCTAVE, FAIR, NIST RMF, and TARA—a look at the strengths and weaknesses of four formal methodologies for risk assessment.
How to write an information security policy
Where to start, what to cover and how to make your overall information security policy effective.
by Jennifer Bayuk
Information system audit basics
What should you expect from an IS audit? Here's a step-by-step walkthrough.
by Jennifer Bayuk
Network security: basic concepts
Defense in depth, role-based access control, and other critical network concepts to understand before you get lost in the bits and bytes
by Stephen Northcutt, SANS Institute
Wireless security basics
Encryption and authentication are the key to securing wireless networks, regardless of protocol
by Galen Gruman
Incident detection, response and forensics
How to build a robust function for dealing with computer security incidents
by Richard Bejtlich
VoIP security basics
Dealing with vishing, SPIT and other voice-over-IP (VoIP) threats
by Bob Bradley, Sonus Networks
Service-Oriented Architecture (SOA) security
Threats and defensive techniques in SOAP/WSDL and REST-based architectures
by Mark O'Neill, Vordel
Phishing: the basics
How to foil identity theft and other phishing attempts
Identity management basics
Providing IT managers with tools and technologies for controlling user access to critical information within an organization
by John Waters
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
Database security: At rest, not at risk
IT risk assessment frameworks
How to do end-to-end encryption
Also find sample data protection policies in CSO's tools, templates and policies library
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Content Analytics Explained
- Modernizing Wireless Infrastructure for Today's Mobile and Data Driven Enterprise
- Data loss prevention: Refreshing data security to meet an evolving threat environment
- Two-Factor Authentication
- DLP Is Not Just Good for Business, It's Vital for Business
- Expert Help to Assess Your Data Loss Risks
- Harvard Business Review: How Mobility is Changing the World
- How Mobility is Changing the Enterprise
- #FFSec: Infosec pros who bring value to Twitter
Follow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste) - B-Sides Boston is Saturday
- Leaving CSO, Heading to Akamai
More Salted Hash with Bill Brenner
