- 5 Steps to Building and Operating an Effective Security Operations Center (SOC)
- Dec 21, 2015
- Joseph Muniz, co-author of Security Operations Center: Building, Operating, and Maintaining Your SOC, provides a high-level overview of the steps involved in creating a security operations center to protect your organization's valuable data assets.
|
- Overview of Security Operations Center Technologies
- Dec 15, 2015
- This chapter from Security Operations Center: Building, Operating, and Maintaining your SOC focuses on the technology and services associated with most modern SOC environments, including an overview of best practices for data collection, how data is processed so that it can be used for security analysis, vulnerability management, and some operation recommendations.
|
- Information Security Principles of Success
- Jul 4, 2014
- This chapter introduces these key information security principles and concepts, showing how the best security specialists combine their practical knowledge of computers and networks with general theories about security, technology, and human nature.
|
- The Anatomy of a Digital Investigation
- Oct 8, 2013
- Michael W. Graves discusses the details of a digital investigation, including understanding the scope of the investigation, identifying the stakeholders, and understanding documentation,
|
- Cisco NX-OS and Cisco Nexus Switching: Unified Fabric
- Apr 26, 2013
- This chapter shows the basic Nexus 5x00 and Nexus 7000 configurations necessary to provide a Unified access method for LAN data traffic and SAN storage traffic.
|
- Securing Overlay Transport Virtualization (OTV) with Cisco TrustSec (CTS)
- Apr 25, 2013
- Ron Fuller shows just how easy it is to take advantage of MACSEC and AES-128 bit encryption on your Cisco Nexus 7000 series switches.
|
- Secure By Design? Techniques and Frameworks You Need to Know for Secure Application Development
- Dec 19, 2012
- What do you know about developing secure robust software? Randy Nash discusses several available techniques and frameworks for secure application development.
|
- The CERT Guide to Insider Threats: Insider Theft of Intellectual Property
- Mar 2, 2012
- This chapter offers a model to prevent insider theft of intellectual property. The first half of this chapter describes the model at a high level.The second half of the chapter digs deeper into the technical methods used in committing these crimes and mitigation strategies that you should consider based on all of this information.
|
- Network Security First-Step: Firewalls
- Feb 8, 2012
- This chapter dissects a firewall’s duties to understand what makes a firewall operate and how it does its job.
|
- Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
- Jan 26, 2012
- Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.
|
- ZigBee Wireless Security: A New Age Penetration Tester's Toolkit
- Jan 9, 2012
- Brad Bowers takes a closer look at the ZigBee protocol, some of the attacks that have been leveraged against it, and the security tools that penetration testers can use.
|
- Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
- Dec 26, 2011
- Gary McGraw and Sammy Migues clarify the intended use of the Building Security In Maturity Model (BSIMM) and compare it to the SAFECode Practices methodology.
|
- Software [In]security: Third-Party Software and Security
- Nov 30, 2011
- How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.
|
- Software [In]security: Software Security Training
- Oct 31, 2011
- Gary McGraw and Sammy Migues describe how training has changed, provide data showing it's importance, and explain why it's important to pick the right training for your organization's needs.
|
- Software [In]security: BSIMM3
- Sep 27, 2011
- BSIMM3 is the third iteration of the Building Security In Maturity Model (BSIMM) project, a tool used as a measuring stick for software security initiatives in the corporate world. Gary McGraw describes the BSIMM3 along with Brian Chess and Sammy Migues.
|
- Software [In]security: Balancing All the Breaking with some Building
- Aug 30, 2011
- Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
|
- Software [In]security: Software Security Zombies
- Jul 21, 2011
- Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
|
- Software [In]security: Partly Cloudy with a Chance of Security
- Jun 17, 2011
- Security expert Gary McGraw provides some issues to consider when it comes to adoption of cloud services and their impact on security in your organization.
|
- Software [In]security: Computer Security and International Norms
- May 30, 2011
- The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
|
- Software [In]security: vBSIMM (BSIMM for Vendors)
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|