- Video: Introduction to Information Security: A Course Overview
- Dec 25, 2015
- In this excerpt from Introduction to Information Security LiveLessons (Video Training), Scott Aurnou introduces himself and discusses what he will cover in his 5-hour information security video course.
|
- Video: Introduction to Information Security: Why All Tech Personnel Need a Basic Understanding of Security
- Dec 23, 2015
- Security issues directly impact IT, networks, and software development. In this excerpt from Introduction to Information Security LiveLessons (Video Training), Scott Aurnou discusses why all technical personnel should have a basic understanding of information security.
|
- 5 Steps to Building and Operating an Effective Security Operations Center (SOC)
- Dec 21, 2015
- Joseph Muniz, co-author of Security Operations Center: Building, Operating, and Maintaining Your SOC, provides a high-level overview of the steps involved in creating a security operations center to protect your organization's valuable data assets.
|
- Overview of Security Operations Center Technologies
- Dec 15, 2015
- This chapter from Security Operations Center: Building, Operating, and Maintaining your SOC focuses on the technology and services associated with most modern SOC environments, including an overview of best practices for data collection, how data is processed so that it can be used for security analysis, vulnerability management, and some operation recommendations.
|
- Video: Introduction to Information Security: Understand Vulnerabilty Assessments and Pentesting
- Apr 17, 2015
- Vulnerability and pentesting are both effective ways to check the status of your organization's security posture. In this excerpt from Introduction to Information Security LiveLessons (Video Training), Scott Aurnou discusses the three basic steps of vulnerability assessments and the proper use of penetration testing.
|
- Video: Introduction to Information Security: Institute Business Continuity / Disaster Recovery
- Apr 3, 2015
- Your business just had an information security incident--now what do you do? In this video excerpt from Introduction to Information Security LiveLessons (Video Training), Scott Aurnou discusses the difference between business continuity and disaster recovery plans, how to create them, and when to implement them.
|
- Information Security Principles of Success
- Jul 4, 2014
- This chapter introduces these key information security principles and concepts, showing how the best security specialists combine their practical knowledge of computers and networks with general theories about security, technology, and human nature.
|
- The Anatomy of a Digital Investigation
- Oct 8, 2013
- Michael W. Graves discusses the details of a digital investigation, including understanding the scope of the investigation, identifying the stakeholders, and understanding documentation,
|
- Cisco NX-OS and Cisco Nexus Switching: Unified Fabric
- Apr 26, 2013
- This chapter shows the basic Nexus 5x00 and Nexus 7000 configurations necessary to provide a Unified access method for LAN data traffic and SAN storage traffic.
|
- Securing Overlay Transport Virtualization (OTV) with Cisco TrustSec (CTS)
- Apr 25, 2013
- Ron Fuller shows just how easy it is to take advantage of MACSEC and AES-128 bit encryption on your Cisco Nexus 7000 series switches.
|
- Secure By Design? Techniques and Frameworks You Need to Know for Secure Application Development
- Dec 19, 2012
- What do you know about developing secure robust software? Randy Nash discusses several available techniques and frameworks for secure application development.
|
- The CERT Guide to Insider Threats: Insider Theft of Intellectual Property
- Mar 2, 2012
- This chapter offers a model to prevent insider theft of intellectual property. The first half of this chapter describes the model at a high level.The second half of the chapter digs deeper into the technical methods used in committing these crimes and mitigation strategies that you should consider based on all of this information.
|
- Network Security First-Step: Firewalls
- Feb 8, 2012
- This chapter dissects a firewall’s duties to understand what makes a firewall operate and how it does its job.
|
- Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
- Jan 26, 2012
- Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.
|
- ZigBee Wireless Security: A New Age Penetration Tester's Toolkit
- Jan 9, 2012
- Brad Bowers takes a closer look at the ZigBee protocol, some of the attacks that have been leveraged against it, and the security tools that penetration testers can use.
|
- Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
- Dec 26, 2011
- Gary McGraw and Sammy Migues clarify the intended use of the Building Security In Maturity Model (BSIMM) and compare it to the SAFECode Practices methodology.
|
- Software [In]security: Third-Party Software and Security
- Nov 30, 2011
- How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.
|
- Software [In]security: Software Security Training
- Oct 31, 2011
- Gary McGraw and Sammy Migues describe how training has changed, provide data showing it's importance, and explain why it's important to pick the right training for your organization's needs.
|
- Software [In]security: BSIMM3
- Sep 27, 2011
- BSIMM3 is the third iteration of the Building Security In Maturity Model (BSIMM) project, a tool used as a measuring stick for software security initiatives in the corporate world. Gary McGraw describes the BSIMM3 along with Brian Chess and Sammy Migues.
|
- Software [In]security: Balancing All the Breaking with some Building
- Aug 30, 2011
- Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
|