How-Tos 

Windows 10: Securing Identity, Information and Devices

Windows 10 includes some goodies for enterprise security professionals.

Integrating Bulletproof Security into App Development

Application security should never be an afterthought. SoftServe's Nazar Tymoshyk offers advice on building secure software.

Phone Scams Getting More Sophisticated

Even folks who know better can fall for sophisticated phone scams that leverage personal information.

Windows Server 2003: No Support, No Security?

What are your options, if any, for mitigating security risks of continuing to run Windows Server 2003 after Microsoft ends extended support in July?

Data Security Best Practices Not Good Enough

Following data security best practice may give you a false sense of security and leave you vulnerable to potential attacks, says Absolute Software's Ryan St. Hilaire.

Phishing Attacks: Not Sophisticated, but Successful

While companies spend big bucks on combating advanced malware, users still fall prey to email phishing scams.

3 Bad Security Habits that Make CISOs Crazy

Every CISO can relate to these bad security habits found in most organizations. But what can CISOs do to change them?

Making the Case for Security Investment

Annual security risk assessments and meaningful metrics are among the tools infosec pros can use when asking senior decision-makers to increase budgets.

10 Tips to Mitigate Data Breaches

We include a list of vendors that offer solutions that can help improve your response to security threats and data breaches.

Third-Party Vendors a Weak Link in Security Chain

Security shortcomings of third-party vendors are a cybercriminal's dream. So security pros should revisit how they manage vendor relationships.

Web Application Firewalls: Next Big Thing in Security

Web application firewalls, an especially critical component of enterprise security, are even more effective when combined with other emerging security technologies.

Mobile Payment Fraud a Growing Problem: LexisNexis

Mobile commerce is a prime target for payment fraud, thanks to its novelty and complexity, according to a recent LexisNexis report.

6 Tips for Developing Secure IoT Apps

Most IoT systems contain security vulnerabilities that can be exploited by hackers, a recent study found, highlighting the importance of developing secure IoT apps.

3 Questions Every CISO Should Answer

FireEye's Kevin Mandia has a few key questions for CISOs.

Risk Assessments: What You Need to Know

Why are information security risk assessments so important, and how can you make sure you get an effective assessment?

5 Lessons Learned from Anthem Data Breach

Anthem's recent data breach reveals some things Anthem did right – and some it did wrong. Other enterprises can learn from its actions.

Email Is Not Forever: Advice on Archiving

In the wake of the Sony scandal, companies may wonder how long to retain email. Hint: The answer is not "forever."

Enterprise Wearables: Mitigate Security Risks

Enterprises are finding business use cases for wearable technology, which means security teams must protect data on wearables and educate users about risks and best practices.

It's Not Easy to Determine Costs of Data Breach

Determining costs of a data breach is a complicated, but important, exercise. It may help convince executives to increase security spending.

10 Tips for Secure Business Travel

Business travelers are an attractive target for hackers. Here's how to protect yourself when you are on the road.

Intrusion Detection Systems: a Primer

Intrusion detection systems can be a key tool in protecting data. This primer can help you determine which kind of IDS is right for you.

Building a Better Security Budget

The key to smart security spending is assessing your current environment and looking for opportunities for centralization, consolidation and standardization.

PCI Compliance: Preparing for Version 3.0

When version 3.0 of the Payment Card Industry Data Security Standards becomes mandatory next month, merchants may need to make some changes.

The Trouble with Tor

Confidence that Tor can reliably provide users with anonymity on the Internet has been shattered, thanks to recent revelations. Tor alternatives do exist, however.

Dridex and Email: A Nasty Social Engineering Team

Recent social engineering attacks involving Dridex malware illustrate the importance of paying attention to older and infrequently used attack vectors.