Infosecurity White Papers

  1. Top 5 Tips For Securing Data In The Modern Organization

    Ready your organization for more robust data protection measures by first implementing these five steps to improve data security in a business- and cost-effective manner.

  2. 2011 DDoS Attacks: Top 10 Trends & Truths

    The Internet powers almost every aspect of business operations today, from websites, email and ecommerce payments to behind-the-scenes data exchanges. During a distributed denial of service (DDoS) attack, the entire enterprise is at risk.

  3. Managing Information Risk in the Extended Enterprise: Why Corporate Compliance and IT Security Must Join Forces

    It’s no secret: end users take huge security risks in order to get their jobs done. One of the biggest sources of information risk companies face is collaboration with externals. Companies can’t operate without sharing sensitive information with strategic partners, regulatory authorities, board members, consultants, acquisition partners, contractors and legions of other individuals outside the corporate network.

  4. 10 Questions to Identify Compliance Risks When Sharing Information

    Corporate and regulatory compliance policies have forced companies to ensure that information flows are documented, auditable, and highly secure. Yet in order to conduct their business, companies must share sensitive information outside the firewall, introducing serious potential information risk. How can companies enforce security policy and cost-effectively meet compliance objectives when documents must be shared with partners, investors, board members, bidders and others outside the enterprise?

  5. FireEye Advanced Threat Report

    The FireEye Advanced Threat Report is based on research and trend analysis conducted by the FireEye Malware Intelligence Labs.

  6. “Your Pad or Mine?” Enabling Secure Personal and Mobile Device Use On Your Network

    Many of today’s endpoints are neither known nor protected. According to Gartner, enterprises are only aware of 80 percent of the devices on their network. Those 20 percent of unknown devices are inside the perimeter of the network, are unmanaged and provide users with access.They are small, varied and highly mobile, and they are loaded with their own applications, can act as WAPs, and often contain outdated firmware or are jailbroken.

  7. CISO Guide to Next Generation Threats

    Over 95% of businesses unknowingly host compromised endpoints, despite their use of firewalls, intrusion prevention systems (IPS), antivirus and Web gateways.

  8. The what, how and why of Role Based Access Control (RBAC)

    In the world of identity and access management, Role Based Access Control (RBAC) is gradually becoming a frequently used term. Dictated in part by legislative and regulatory norms, an increasing number of organizations wish to manage and assign all access privileges across the network in a structured way. This is possible through the use of RBAC software. So how can companies achieve an adequate implementation of RBAC across their entire organization?

  9. 2012 State of the Endpoint

    The 2012 State of the Endpoint study sponsored by Lumension® and conducted by Ponemon Institute is the third annual study to determine how effective organizations are in the protection of their endpoints and what they perceive are the biggest obstacles to reducing risk.

  10. Intelligent Layer 7 DoS and Brute Force Protection for Web Applications

    Both Denial-of-Service (DoS) and Brute Force Attacks have existed for many years, and many network devices tout the ability to withstand them. However, most of today’s DoS attacks target layer 7 (L7) by overwhelming applications with seemingly valid requests and Brute Force programs can send more than one million attempts per second. This paper will discuss how to intelligently mitigate these types of attacks.

  11. Enterprise Single Sign On Architecture

    This whitepaper outlines the possible benefits that Enterprise SSO and authentication management (smart card-based login) can offer organizations.

  12. Secure iPhone Access to Corporate Web Applications

    The way corporations operate around mobile devices is currently shifting—employees are starting to use their own devices for business purposes, rather than company-owned devices. With no direct control of the endpoints, IT departments have generally had to prohibit this or risk insecure access inside the firewall. But as more mobile devices appear on the corporate network, mobile device management has become a key IT initiative.

  13. DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks

    Domain Name System (DNS) provides one of the most basic but critical functions on the Internet. If DNS isn’t working, then your business likely isn’t either. Secure your business and web presence with Domain Name System Security Extensions (DNSSEC).

  14. Intelligent Whitelisting: An Introduction to More Effective and Efficient Endpoint Security

    The volume and sophistication of malware is skyrocketing, and traditional anti-virus approaches are struggling to keep up. It’s time to rethink how we protect our endpoints. Instead of trying to build a better anti-virus “mousetrap,” without any shift in the underlying management model for vetting change in endpoint environments, security professionals should investigate more innovative approaches to endpoint security that can automate trusted change policies.

  15. Endpoint Management and Security Buyers Guide

    Five factors to look for in endpoint management and security solutions that will help reduce endpoint cost, simplify management and improve overall performance.

  16. Detect and Survive

    The ability to detect complex cases of computer misuse within an organisation, whether perpetrated by outsiders or from within, is vital to the continuing survival of the company. But as computer criminals refine their techniques, so must the detection methods evolve. To enable this, modern-day IT departments need to employ techniques and tools previously only available to forensic investigators within the law enforcement community. Thankfully, those tools are becoming available outside of the justice environment, and are proving highly effective in solving cases that would otherwise have remained impossible to close.

  17. A value proposition for IT security

    IT departments are facing three big issues when it comes to protecting the data created and stored on the systems they manage. First, the value of the data is often only realised when it is legitimately shared in some way; second, that sharing is increasingly taking place across public networks and third, the users doing the sharing are doing so on a growing diversity of devices in locations that are convenient to them.

  18. Best Practices and Applications of TLS/SSL

    TLS (Transport Layer Security), widely known as SSL (Secure Sockets Layer), is the most well known method to secure your web site. But it can also be used for much more. Read the white paper, "Best Practices and Applications of TLS/SSL," to learn how TLS works, best practices for its use and the various applications in which it can secure business computing.

  19. How to embrace and protect a consumerized workforce

    While tools such as Web 2.0 applications, IM, P2P and portable USB media can be great for business innovation and productivity, they can introduce significant risks when not managed properly.

  20. The Insider Threat

    The actions of users who intentionally or accidentally cause damage to an organization is now one of the most complex and difficult problems facing IT security teams. In this short whitepaper, learn: • Important aspects of insider threat • How to reduce the risk of attack • The essential role encryption plays in these attacks

What’s hot on Infosecurity Magazine?