How-Tos 

Which Threat Risk Model Is Right for Your Organization?

Which threat risk model is right for you? We compare strengths and weaknesses of three popular ones: STRIDE, DREAD and CVSS.

How to Protect Bank Cards in E-Commerce Apps

Rapid growth of e-commerce applications mean security is sometimes lacking. How can developers secure e-commerce apps?

Must You Use Microsoft's In-Box DNS?

Active Directory does not require Microsoft DNS to function properly. In fact, organizations can enjoy security benefits by using non-Microsoft DNS.

7 Database Security Best Practices

Database security has never been more important, given the high value hackers place on data. These database security best practices will help protect your data.

How to Mitigate Fourth-Party Security Risks

What do you know about your vendors' vendors? Fourth-party security risks can be serious. How can you mitigate them?

What Citizen Developers Should Know About Mobile Security

The rise of citizen developers creates more mobile security concerns. What can enterprises do to ensure mobile apps are secure?

5 Freaky but Real Application Security Threats

There are some new application security threats in town, and they are pretty scary.

3 Best Practices for Protecting Data Better than Hillary Did

Hillary Clinton's email scandal offers a reminder of the importance of data protection best practices, like the three we cover here.

3 Data Protection Tips, in Light of Proposed Cybersecurity Laws

Proposed cybersecurity legislation is making business owners nervous – with good reason. These tips will help you be prepared no matter what Congress does.

How to Encrypt a Flash Drive Using VeraCrypt

Many security experts prefer open source software like VeraCrypt, which can be used to encrypt flash drives, because of its readily available source code.

Ransomware Is on a Roll – So How Can You Stop It

Ransomware is a favored tool for hackers. Three tips can help you proactively remove ransomware attack vectors.

What Is SQL Injection and How Can It Hurt You?

Using SQL injection hackers can wreak havoc on databases and data-driven applications. Fortunately there are ways to reduce SQL injection risk.

5 Ways to Defuse Data Threat from Departing Employees

Departing employees who take sensitive data with them present a huge security threat. Protection begins with data discovery and classification.

6 Questions to Ask Yourself about Your Cloud Security

While companies are more at ease with the cloud, they still have concerns about cloud security. Asking these questions will help improve cloud security postures.

Using Microsoft Tools for Policy-driven Security

Here is how to use Microsoft tools, including Group Policy ADMX and Group Policy Preferences, to assure policy-driven compliance and security.

Better Security through Benchmarks

Security by the Numbers aims to offer comparative benchmarks that help companies understand how their security postures stack up against their peers.

3 Things the Kentucky Derby Teaches Us about Security Analytics

What can handicapping and betting on horse racing teach infosec pros about security analytics?

National Security Letters and Gag Orders: 5 Tips to Reduce Risk

To reduce your government surveillance 'attack surface' and protect customers' data privacy from U.S. government agencies, follow these five tips.

How to Conduct Internal Penetration Testing

Automated penetration testing tools and open source tools, especially those in Linux security distributions, are invaluable aids for internal pentests.

5 Steps to a Better Incident Response Plan

Incident response plans have never been more important, given the growth in cyber attacks. These steps will ensure yours is ready for action.

How to Find the Right Penetration Testing Company

A penetration test is only as good as the company conducting it. Here is everything you need to know to find the right penetration testing company.

How to Get Identity Authentication Right

Identity authentication is especially important for high-value transactions, so it is important to get it right.

6 Ways to Make IAM Work for Third-Party Organizations

Identity and access management (IAM) for third-party organizations is a tough security challenge. Gartner's Felix Gaehtgens offers tips that will help.

IoT Security: It's All About the Process

With IoT security, complicated dependencies demand complementary processes.

6 Tips for CISOs Selling Security to the Board

Some CISOs may dread presenting to the board of directors. These tips will help ensure it goes well.