Whether you're new to the field of security, expanding your skill set or just keeping your fundamentals sharp, these primers will do the trick. These Security Basics articles are compiled from expert input on CSOonline or contributed directly by subject-matter specialists.Updated 3\/1\/2013Security Basics categories (click to skip to a category)Information Security and AuditPhysical Security and Business ContinuitySecurity LeadershipInformation Security and Audit BasicsUnderstanding information security policy, cloud security, social media, IT audit, penetration tests and more.Penetration test basicsPen tests need to accomplish business goals, not just check for random holes. Here's how to get the most value for your efforts. Cloud security: the basicsSaaS, IaaS and PaaS and their security implications. Log management basicsHow to choose the right type of log management system\u2014and use it for business intelligence. by David TorreSoftware security for developersBest practices and key concepts for writing secure code. by Mark Merkow and Lakshmikanth RaghavanSoftware security for application development managersHow to deliver more code at lower cost\u2014by building security into the application development process. Also by Merkow and Raghavan. Vulnerability management: The basicsA three-part series covering vulnerability management tactics and tools, plus how penetration testing fits in. Social media security risks: the basicsTMI, tweet rage, "friend" scams and many more risks to avoid on social media and social networking sites.IT risk assessment frameworks: an introductionOCTAVE, FAIR, NIST RMF, and TARA\u2014a look at the strengths and weaknesses of four formal methodologies for risk assessment.How to write an information security policyWhere to start, what to cover and how to make your overall information security policy effective.by Jennifer BayukInformation system audit basicsWhat should you expect from an IS audit? Here's a step-by-step walkthrough.by Jennifer BayukNetwork security: basic conceptsDefense in depth, role-based access control, and other critical network concepts to understand before you get lost in the bits and bytesby Stephen Northcutt, SANS InstituteWireless security basicsEncryption and authentication are the key to securing wireless networks, regardless of protocolby Galen GrumanIncident detection, response and forensicsHow to build a robust function for dealing with computer security incidentsby Richard BejtlichVoIP security basicsDealing with vishing, SPIT and other voice-over-IP (VoIP) threatsby Bob Bradley, Sonus NetworksService-Oriented Architecture (SOA) securityThreats and defensive techniques in SOAP\/WSDL and REST-based architecturesby Mark O'Neill, VordelPhishing: the basicsHow to foil identity theft and other phishing attemptsIdentity management basicsProviding IT managers with tools and technologies for controlling user access to critical information within an organizationby John WatersPhysical Security and Business ContinuityPhysical security threats and concepts and business interruption scenarios including pickets and strikes, social engineering, access control, video surveillance and more.Fraud prevention: Improving internal controlsFighting fraud requires cooperation, ethical culture, good detection mechanisms, and more. NEWby Daniel Draz, M.S., CFEPhysical security information management (PSIM): the basicsPhysical security information management software synthesizes data from video, access control systems, and other sensors. NEWby Steve HuntVSaaS: video surveillance as a serviceHosted or managed video surveillance services aim to reduce hardware hassles and monitoring manpower. Social engineering: the basicsWhat is social engineering and what are the most common and most current tricks and tactics?Internal investigations basicsHow to plan and conduct internal investigations of suspected (or alleged) employee misconduct or fraud.How to handle pickets and strikes9 things security should do - and 6 things you absolutely can't do - to help ensure a strike or picket remains peacefulby Anthony ManleyThe physical access control project plannerPlanning walkthroughs, avoiding common project pitfalls, and more about physical access controlby Jason CowlingThe CCTV project plannerThe lowdown on frame rates, storage requirements and other CCTV considerationsby Jason CowlingVideo surveillance and data monitoringThere are lots of ways to watch your employees, visitors, and customers. Here's a guide to doing it well and staying out of hot water.The 6 things you should know about executive protectionHow to build a world-class executive protection program that works in the private-sector setting.19 ways to build security into a data centerMantraps, biometrics and simpler measures as well for protecting data centers.Intellectual property protection: the basicsDo you know the difference between a trade secret and a copyright? Have you taken a holistic look at legal, technical and procedural means of protecting your organization's intellectual property?Business continuity and disaster recovery basicsHow to ready your human, physical and IT infrastructure for disasters or business interruption.The essential retail security readerStarting a job in retail security? Just double-checking your defenses? Here's a roundup of strategies for protecting retail inventory, profits and employees. NEWHome security basicsHow to keep your house or apartment secure, including vacation tipsby Chris McGooeySecurity LeadershipCritical concepts and tactics for leading a security department or function. Enterprise Risk Management: The basicshttp:\/\/www.csoonline.com\/article\/729621\/erm-the-basics NEWWhat is a Chief Security Officer?What is a CSO part 2.A sample job description for security leadership and operational risk management.Also read about the role of the CSO as a business enabler in The new basics of security leadershipMaintaining the right level of boardroom and employee security awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm.Security and business: communication 101Understanding business language and priorities, and translating security-speak into effective communication with other executivesSecurity and business: financial metrics 101From ALE to ROSI\u2014the evolving science of quantifying security's payoffPhysical and IT security convergence: the basicsThe benefits and challenges of holistic security managementInformation security management basicsHow to take a multi-faceted approach to information security management that incorporates organizational, managerial and operational aspects that are closely associated with the business.by Micki Krause, et alThe CISO's shift from network security to risk managementHow the CISO role has evolved over the past several years.How to build an effective security awareness programAwareness programs are the cheapest way to prevent costly problems, but the security message can be easy to ignore. CSOs and CISOs share their strategies for spreading the good word.More in-depth leadership reading:Security Case StudiesReal-world looks at security in action.The Security Metrics CollectionA roundup of security metrics coverage, including both operational and financial metrics.Templates, tools, and policies:Also see our resource center with sample security policies and tools.