Social Engineering: 5 Security Holes at the Office (Includes Video)
We poked around a secure building with social engineering expert Chris Nickerson and found several ways a criminal could get inside and access sensitive data.
Social Engineering: The Fine Art of BS, Face to Face (Includes Video)
A confrontation with a facilities manager demonstrates social engineers' complete comfort dealing with (and manipulating) conflict.
Information Systems Audit: The Basics
What should you expect from an IS audit? Jennifer Bayuk spells out the audit process, step by step.
Where PCI DSS Still Falls Short (and How to Make it Better)
Former CISO and Symantec strategic consulting director Ariel Silverstone goes through PCI DSS line by line and offers suggestions to make it more effective.
3 Ways Pen Testing Helps DLP (and 2 Ways It Doesn't)
Orbitz CISO Ed Bellis says penetration testing is a valuable tool in his data loss prevention arsenal. But it won't help him find everything.
Monster.com Breach (Again!): Evolution of a Disclosure Letter
Monster.com has been forced to disclose another data security breach. With each incident, the language and tone of the disclosure note has changed. Here's how, and what it means.
Why Mass. 201 CMR 17 Deadline Was Extended
Companies that live or do business in Massachusetts have a few extra months to meet compliance deadlines for the state's tough 201 CMR 17 data protection law. The simple reason: Too few understand the law to meet the original January deadline (Part 1 in a series).
PCI's Post-Audit Pain Points
Passed your first PCI compliance audit? You've only just begun! Veterans say ongoing challenges with log management, database encryption and upper management buy-in mean the task is never finished.
Separation of Duties and IT Security
Muddied responsibilities create unwanted risk. Kevin Coleman says auditors may start labeling poorly defined IT duties as a material deficiency.
Former ISACA Head: SAS 70 Changes Coming
Marios Damianides, a partner in Ernst & Young's technology and security risk services group and past president of ISACA's board of directors, expects changes for SAS 70 and more collaboration between security and non-security management groups.
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- More Headlines
- Change Topic
Data Protection
- Cisco's Free IPhone App Grabs Security Feeds
- Security Pro Says New SSL Attack Can Hit Many Sites
- 3 Basic Steps to Avoid Joining a Botnet
- Security Vendor Fortinet Sparkles in IPO
- NSA Helped with Windows 7 Development
- The Mass. 201 CMR 17 Survival Guide
- 64-Bit Windows Safer, Claims Microsoft
- Firefox 3.6 Locks Out Rogue Add-Ons
- How to Hack China for Just $1,800
- The Cloud Security Survival Guide
