Email Address:
Malware isn't just viruses any more and Mac users should not be lulled into a false sense of security. While viruses are not a day to day concern for Mac users, that does not spare them the other forms of attacks that target browsers and other applications that run on the Mac OS. This podcast argues that it is time for Mac users to adopt anti-malware.
Spyware can slow your computer and clutter your machine. Here are several tips for finding, eliminating and avoiding spyware. Topics include anti-spyware programs, browser components, safe browsing techniques, and free services to help filter suspicious or malicious sites.
Protect your desktop, laptop and other mobile devices with 5 sound and easy to implement security practices.
Data classification is a critical process in risk assessment. In this podcast we discuss the purpose and structure of data classification schemes and describe a 3-step method for getting your data classification efforts started.
Workflow analysis can help identify points where the confidentiality and integrity of data can be compromised. This podcasts discusses hwo identifying key workflows, classifying data, and assessing the movement of data through different trust zones can help identify potentially vulnerable data management operations.
Rolling out a new application is no time to forget about security. In this podcast we look into several topics to consider when deploying a new application, including the last steps in application testing, establishing access controls, configuring and patching servers, optimizing with virtualization, and establishing backup and recovery plans. Special issues with deploying to cloud services, such as Amazons Elastic Cloud Computing (EC2) service are also discussed.
Threat modeling is a design practice that helps us understand they types of attacks and vulnerabilities that can adversely affect our applications. In this podcast, we examine the basic steps in threat modeling and describe a tool for supporting threat modeling. The podcast covers identifying business objectives, creating an application overview, decomposing an application, identifying threats, and assessing vulnerabilities. It also provides a managing framework for improving the security of applications.
Improving Oracle security doesn't have to be difficult. Some relatively simple steps can reduce risks. At the same time advanced features like virtual private databases and data encryption can are sometimes required. This podcast examines 10 steps, ranging from the simple to the complex, for improving Oracle database security.
Server virtualization faces the same threats as non-virtualized servers plus others. In this podcast we discuss those threats and a number of ways to mitigate these threats, including system configuration and asset management practices. Advances in hardware design are also discussed.
You can't secure what you don't know you have. In this podcast we look at how the practice of configuration management can improve preventive maintenance, patch management and long term planning - all with a focus on security. The podcast describes configuration management systems and their key components along with the role they play in improving security.
Mobile device security often brings to mind issues like encryption, authentication, and data loss prevention. It should also raise concerns about how mobile devices can be compromised and used as means of accesses corporate networks. This podcasts examines how network access control (NAC) systems can be used to protect networks as well as some challenges with using NAC systems with mobile devices.
Digital vault, or folder based encryption, is a convenient, low cost method for protecting confidential and private information. It's not right for everyone but this podcast can help you understand if it is right for you.
The information we share with friends on social networking sites may be used in unintended ways, such as providing details for a spear phishing attack. In this podcast we look at the benefits as well as the risks in social networking, like information spill over, vulnerabilities in social networking services, and the use of multiple technologies and data sources to conducted target fraud.
Ruby on Rails is a powerful framework for developing Web database applications. In this podcast we look at security tips related to user input, model/controller separation, core Ruby functions, and basic database security measures.
Web browsing is not as safe as it used to be. There is more malware distributed through Web sites and phishing sites continue to lure unsuspecting victims. In this podcast we examine tools for reducing the chance of becoming a victim of an online scam, including tools for the browser, DNS services and improved site authentication.
Governance, compliance and risk management (GCR) is a broad, demanding and sometimes intimidating topic but there are strategies for getting GCR under control. This podcast describes a seven step process for getting a GCR program started with an emphasis on pragmatic considerations. It also includes a brief introduction on the importance of GCR and why security is no longer a matter just for the inner recesses of the data center but a concern for executive management as well.
Full disk encryption can be a significant part of a data loss prevention program but it comes with management challenges. This podcast discusses some of the advantages and management issues faced when deploying and maintaining full disk encryption for mobile devices.
Mobile devices functionality is growing more comparable to non-mobile devices. This podcast examines topics to consider when formulating a mobile device security policy, including: authentication, encryption, firewalls, anti-virus and other configuration issues. The role of network access control in enforcing these policies is also discussed.
Outsourcing security services has a number of advantages, including gaining access to expertise not available in house, more efficiently dealing with mundane operational tasks, and expanding the breadth of your security measures. This podcast discusses the advantages, the kinds of services you can expect to find in a security as a service offering, and finally some issues you should consider, such as defining roles and responsibilities, coordinating multiple vendors, and third party access to private and confidential data.
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine