Whether you're new to the field of security, expanding your skill set or just keeping your fundamentals sharp, these primers will do the trick. These Security Basics articles are compiled from expert input on CSOonline or contributed directly by subject-matter specialists.
Updated 3/1/2013
Security Basics categories (click to skip to a category)
Information Security and Audit Basics
Understanding information security policy, cloud security, social media, IT audit, penetration tests and more.
Pen tests need to accomplish business goals, not just check for random holes. Here's how to get the most value for your efforts.
SaaS, IaaS and PaaS and their security implications.
How to choose the right type of log management system—and use it for business intelligence.
by David Torre
Software security for developers
Best practices and key concepts for writing secure code.
by Mark Merkow and Lakshmikanth Raghavan
Software security for application development managers
How to deliver more code at lower cost—by building security into the application development process. Also by Merkow and Raghavan.
Vulnerability management: The basics
A three-part series covering vulnerability management tactics and tools, plus how penetration testing fits in.
Social media security risks: the basics
TMI, tweet rage, "friend" scams and many more risks to avoid on social media and social networking sites.
IT risk assessment frameworks: an introduction
OCTAVE, FAIR, NIST RMF, and TARA—a look at the strengths and weaknesses of four formal methodologies for risk assessment.
How to write an information security policy
Where to start, what to cover and how to make your overall information security policy effective.
by Jennifer Bayuk
Information system audit basics
What should you expect from an IS audit? Here's a step-by-step walkthrough.
by Jennifer Bayuk
Network security: basic concepts
Defense in depth, role-based access control, and other critical network concepts to understand before you get lost in the bits and bytes
by Stephen Northcutt, SANS Institute
Encryption and authentication are the key to securing wireless networks, regardless of protocol
by Galen Gruman
Incident detection, response and forensics
How to build a robust function for dealing with computer security incidents
by Richard Bejtlich
Dealing with vishing, SPIT and other voice-over-IP (VoIP) threats
by Bob Bradley, Sonus Networks
Service-Oriented Architecture (SOA) security
Threats and defensive techniques in SOAP/WSDL and REST-based architectures
by Mark O'Neill, Vordel
How to foil identity theft and other phishing attempts
Providing IT managers with tools and technologies for controlling user access to critical information within an organization
by John Waters
Physical Security and Business Continuity
Physical security threats and concepts and business interruption scenarios including pickets and strikes, social engineering, access control, video surveillance and more.
Fraud prevention: Improving internal controls
Fighting fraud requires cooperation, ethical culture, good detection mechanisms, and more. NEW
by Daniel Draz, M.S., CFE
Physical security information management (PSIM): the basics
Physical security information management software synthesizes data from video, access control systems, and other sensors. NEW
by Steve Hunt
VSaaS: video surveillance as a service
Hosted or managed video surveillance services aim to reduce hardware hassles and monitoring manpower.
Social engineering: the basics
What is social engineering and what are the most common and most current tricks and tactics?
Internal investigations basics
How to plan and conduct internal investigations of suspected (or alleged) employee misconduct or fraud.
How to handle pickets and strikes
9 things security should do - and 6 things you absolutely can't do - to help ensure a strike or picket remains peaceful
by Anthony Manley
The physical access control project planner
Planning walkthroughs, avoiding common project pitfalls, and more about physical access control
by Jason Cowling
The lowdown on frame rates, storage requirements and other CCTV considerations
by Jason Cowling
Video surveillance and data monitoring
There are lots of ways to watch your employees, visitors, and customers. Here's a guide to doing it well and staying out of hot water.
The 6 things you should know about executive protection
How to build a world-class executive protection program that works in the private-sector setting.
19 ways to build security into a data center
Mantraps, biometrics and simpler measures as well for protecting data centers.
Intellectual property protection: the basics
Do you know the difference between a trade secret and a copyright? Have you taken a holistic look at legal, technical and procedural means of protecting your organization's intellectual property?
Business continuity and disaster recovery basics
How to ready your human, physical and IT infrastructure for disasters or business interruption.
The essential retail security reader
Starting a job in retail security? Just double-checking your defenses? Here's a roundup of strategies for protecting retail inventory, profits and employees. NEW
How to keep your house or apartment secure, including vacation tips
by Chris McGooey
Security Leadership
Critical concepts and tactics for leading a security department or function.
Enterprise Risk Management: The basics
http://www.csoonline.com/article/729621/erm-the-basics NEW
What is a Chief Security Officer?What is a CSO part 2.
A sample job description for security leadership and operational risk management.
Also read about the role of the CSO as a business enabler in
The new basics of security leadership
Maintaining the right level of boardroom and employee security awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm.
Security and business: communication 101
Understanding business language and priorities, and translating security-speak into effective communication with other executives
Security and business: financial metrics 101
From ALE to ROSI—the evolving science of quantifying security's payoff
Physical and IT security convergence: the basics
The benefits and challenges of holistic security management
Information security management basics
How to take a multi-faceted approach to information security management that incorporates organizational, managerial and operational aspects that are closely associated with the business.
by Micki Krause, et al
The CISO's shift from network security to risk management
How the CISO role has evolved over the past several years.
How to build an effective security awareness program
Awareness programs are the cheapest way to prevent costly problems, but the security message can be easy to ignore. CSOs and CISOs share their strategies for spreading the good word.
More in-depth leadership reading:
Real-world looks at security in action.
The Security Metrics Collection
A roundup of security metrics coverage, including both operational and financial metrics.
Templates, tools, and policies:
Also see our resource center with sample security policies and tools.