Security Basics

In-depth looks at the basics of information security, physical and corporate security, business continuity, and more.

Security Leadership

Critical concepts and tactics for leading a security department or function.

Enterprise Risk Management: Get started in six steps
Daunted by the ambition of ERM? Here's a six-step exercise to start ERM without revamping any org charts or busting the budget. NEW

What is a Chief Security Officer?
A sample job description for security leadership and operational risk management.
Also read about the role of the CSO as a business enabler in What is a CSO part 2.

The new basics of security leadership
Maintaining the right level of boardroom and employee security awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm.

Security and business: communication 101
Understanding business language and priorities, and translating security-speak into effective communication with other executives

Security and business: financial metrics 101
From ALE to ROSI—the evolving science of quantifying security's payoff

Physical and IT security convergence: the basics
The benefits and challenges of holistic security management

Information security management basics
How to take a multi-faceted approach to information security management that incorporates organizational, managerial and operational aspects that are closely associated with the business.
by Micki Krause, et al

The CISO's shift from network security to risk management
How the CISO role has evolved over the past several years.

How to build an effective security awareness program
Awareness programs are the cheapest way to prevent costly problems, but the security message can be easy to ignore. CSOs and CISOs share their strategies for spreading the good word.

More in-depth leadership reading:

Security Case Studies
Real-world looks at security in action.

The Security Metrics Collection
A roundup of security metrics coverage, including both operational and financial metrics.

Templates, tools, and policies:

Also see our resource center with sample security policies and tools.

Read more about data protection in CSOonline's Data Protection section.

Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody

Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response

A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change

5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it

IT risk assessment frameworks

How to do end-to-end encryption

How to compare and use enterprise antivirus

Also find sample data protection policies in CSO's tools, templates and policies library

Data Protection Webcasts

» View All Data Protection Webcasts

Data Protection White Papers

» View All Data Protection White Papers

Step right up and listen to the security barker
I've gotten some interesting feedback to yesterday's post about the security evangelist title, especially from a guy who gave himself the perfect title in an industry that often feels like a circus. Sean Jackson (@shunkydave on Twitter) sent me the following tweet: "Re: Evangelist, I'm now calling myself the Security Barker to my family and friends."
read more
Is the title 'security evangelist' really that bad?
Teenage hackers could be our last, best hope

More Salted Hash with Bill Brenner

White Papers

Using BD for Smarter Decision Making

Solving Active Directory's Security Challenges

Less Secure Than You Think

2011 DDoS Attacks: Top Trends and Truths

Business Case for Managed DNS

Security Strategies to Virtualizing Internet-Facing Applications

Cloud Security Planning Guide

Cloud Security Vendor Round Table

Planning Guide - Technology for Tomorrow's Cloud

Cloud Security Insights for IT Strategic Planning

Proven strategies for uncovering cost savings with IBM DB2

Deliver Cost-Effective Business Continuity with Extreme Capacity

Enterprise Security eGuide

King Fish Media: How Analytics Bring Organizations Closer to Their Customers

In-Memory Analytics: Leveraging Emerging Technologies for Business Intelligence

Reporting for Midsize Companies: Empower Your Business With Self-Service Reporting

Business Analytics: Optimizing Your Operations

Why performance management? A guide for the midsize organization

Identity and Access Management for the Cloud: What You Need to Know About Managing Access to Your Clouds

How much security do you really need?

More White Papers »

Security Basics

In-depth looks at the basics of information security, physical and corporate security, business continuity, and more.

By Derek Slater

Security Leadership

Network security basics Protection, detection, and reaction—those are the three underlying principles your security program must embody

Computer incident detection, response, forensics Richard Bejtlich shows how to measure and improve the maturity of your incident response

A few good IT security metrics Stop counting blocked malware attachments and measure things that can contribute to meaningful change

5 key cloud security trends Cloud security is evolving rapidly—stay on top of it