This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Tips and Techniques to Pass the PMP® Exam

The following is external content provided as a free resource for blog readers.





Passing the Project Management Professional® (PMP) certification exam can seem like a daunting task when project managers first decide to take the leap. Just like a project management plan, if you carefully map out your study plan, you will be successful. You must understand several key concepts, be intimately familiar with the five process groups and ten knowledge areas, understand project management terminology, and learn to think like PMI. It is also important to set study goals, create a schedule for success, and commit fully to passing the exam in order to obtain your PMP® credential.



Request Free!

Applying the Four Standards of Security-Based CIA

The following is external content provided as a free resource for blog readers.





It's no longer about just protecting data. Businesses need to formulate coherent, systematic approaches to security by incorporating regulatory compliance, periodic assessments and the application of relevant tools to eliminate security issues. High levels of optimization help to ensure that an organization's information security approach is both well-rounded and flexible enough to meet current and future threats.



Request Free!

Seven Steps to Security

The following is external content provided as a free resource for blog readers.





After a decade of news detailing countless successful cyber-attacks, it's hard to imagine a corporation not understanding that they need a software security solution. However, building a comprehensive software security program can be overwhelming. Unlike implementing software quality assurance, the processes that go into making an application more secure are still relatively immature. Additionally, ownership for the security of software in an organization is not always consistent or clear.



Request Free!

Why You Need A Next-Generation Firewall

The following is external content provided as a free resource for blog readers.





At the same time, creative threats are coming from new angles, presenting security professionals with an ongoing challenge of protecting their organization's assets. To stay ahead of the threats, it's time for IT to embrace next-generation firewalls. This paper provides a checklist for selecting the right solution.



Request Free!

Your Guide for Migrating from 1024-Bit to Stronger SSL Certificate Key Lengths

The following is external content provided as a free resource for blog readers.





This guide aims to help educate and inform users of TLS/SSL certificates about the upcoming change in key lengths and tips on managing their transition to using stronger SSL certificates.



Request Free!

Website Security Threat Report 2013

The following is external content provided as a free resource for blog readers.





The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.



Request Free!

The New Prescription for Privacy

The following is external content provided as a free resource for blog readers.





This white paper looks at the challenges and requirements of protecting confidential patient data online, the risk of security breaches in the world of EHR, and the measures that healthcare organizations must take in order to achieve and maintain compliance.



Request Free!

5 Ways To Prepare Your Infrastructure For Disaster

The following is external content provided as a free resource for blog readers.






By taking preventative measures, you can reduce the risk of downtime and latency if disaster ever strikes.


In this whitepaper you will learn the best ways to prevent disaster from bringing down your website by utilizing your DNS and strengthening your internal strategies.



  • Data center preparedness

  • Failover and intelligent load balancing

  • DNS Time To Live

  • Monitoring

  • And your relations with customers






Request Free!

Guest Post: Malware search checks online security for text you highlight

NOTE: The following is a guest post by Courtney Gordner. The blog maintainer is not responsible for its contents.

Security is a huge issue in today’s digital world, especially since we now keep so much of our personal information stored on mobile devices and computers. Just stop for a moment and think about how much dangerous software there is floating around out there, it’s enough to drive someone mad.
Malware and spyware can log information and keep track of what we’re doing when we use a computer. A simple virus could take down a working device and ruin an entire day’s worth of work or more. Those are a couple of the most common threats, but the list goes on and on. It goes without saying, there are a lot of dastardly things that could be accomplished with our sensitive data- especially if someone were able to monitor keystrokes and log passwords.
Long story short, security is important all the time. You would think with everything so streamlined and instant, that digital security would be the same way. In most cases, it’s not. To remain protected, you have to install third party security software, which generally does not offer streamlined support unless you pay a heavy premium. Of course, there are security firms that offer features like free email and file scanning, but they’re the exception more than they are the rule. Still, what do you do when you want streamlined protection? What do you do when you want to know right away if a download or URL is safe to visit?
With Malware Search, scans can actually be activated instantly. Once the software has been installed on your computer, you can right-click on a link (including download URLs) to scan the target using several different malware databases. It relies on a variety of sources like Threat Expert, Process Library, and Microsoft’s Malware Protection Center to ensure target links are safe to visit. It’s similar to VirusTotal, in that it uses a large collection of remote security engines to do the work, except Malware Search does it in a much more convenient way. With VirusTotal you have to download a package first, and then scan it. With Malware Search, you can just right click on an item and figure out what you need to. It’s streamlined, and most importantly always available.
Better yet, you can also check to see if a particular URL or web address is safe by viewing its Web of Trust listing.
Malware Search comes as a browser extension for both Chrome and Firefox. While the add-on itself hasn’t been updated in some time, the malware databases it uses are constantly being improved. Even though it’s an older extension it still works great with the latest versions of the aforementioned browsers.
Malware Search keeps you from going in blind because you can scan any link or URL and find out enough information to know whether or not it’s safe to visit. Unfortunately, there are no mobile variants of the software, so it’s for desktop use only. You can pick it up for Google Chrome from the Chrome Web Store, or Firefox from the Mozilla Add-ons page. When a site is infected with malware, they are kicked off Google which makes their SEO ranking go down. It’s important for you to understand if you run your own website the risks involved in becoming infected. Make sure you are using SEO Tools to see how you’re site is doing in searches so you can stay ahead of the game.

Courtney Gordner is a blogger/journalist who loves writing on any topic! Read more from her at her blog, www.talkviral.com

SSL 101: A Guide to Fundamental Website Security

The following is external content provided as a free resource for blog readers.





Given the number of people who experience or have heard about phishing and other Web-based scams, many Internet users don't feel comfortable sharing their personal details online. Fortunately, there is Secure Sockets Layer (SSL) technology, a standard solution for protecting sensitive information online. But there's more to SSL than just basic safety. Read this guide to learn about what SSL does, how it works, and how it can help build credibility online.



Request Free!

Stop Phishing: A Guide to Protecting Your Web Site Against Phishing Scams

The following is external content provided as a free resource for blog readers.





If you have a website and do business online, you are probably at risk. Fortunately, there is an effective way to protect your customers, your company and your brand from phishing: SSL and Extended Validation (EV) SSL. In this guide, you'll learn more about Phishing and how SSL and EV SSL technology can help protect your site, your business and ultimately, your bottom line.



Request Free!

Securing Multiple Domains with SSL

The following is external content provided as a free resource for blog readers.





Usually, one SSL certificate secures just one domain name or URL; however, some common situations are better handled with a type of certificate that allows multiple domains to be secured with just one certificate. Read this white paper to learn about typical situations where multiple domain certificates are the ideal solution, how multiple domain certificates work, and how to select the right multi-domain certificate for your needs.



Request Free!

Extended Validation SSL Certificates

The following is external content provided as a free resource for blog readers.





Extended Validation SSL delivers the acknowledged industry standard for the highest level of online identity assurance processes for SSL certificate issuance. Find out how the EV standard increases the visibility of authentication status through the use of a green address bar in the latest high security web browsers.



Request Free!

Securing Microsoft Exchange 2010

The following is external content provided as a free resource for blog readers.





However, as with Microsoft Exchange Server 2007, Exchange 2010 requires SSL certificates to ensure the security of all connections to the email server. This guide from Thawte is designed to take the guesswork out of implementing SSL for Exchange 2010, making it easier than ever to get the SSL certificate you need for a successful and secure Exchange implementation, and to take advantage of powerful capabilities such as Subject Alternative Names (SANs).



Request Free!

Server-Gated Cryptography: Providing Better Security for More Users

The following is external content provided as a free resource for blog readers.





This guide will help you to understand how SGC-enabled SSL certificates work and why they are different from other certificates, why the technology was first introduced in the late 90s, and why this technology remains as relevant today as it was back then.



Request Free!

Securing your Apache Web Server with a Thawte Digital Certificate

The following is external content provided as a free resource for blog readers.





We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure.



Request Free!

Tricks of the Trade - New Whitepaper Available (Malware evading Intrusion Detection)

I'm happy to announce that I've completed my whitepaper on how malware attempts to evade detection by intrusion detection systems.

In this paper I take a look at how malware attempts to evade detection by both network-based and host-based intrusion detection systems through some very clever techniques. All of the malware featured was captured by my own personal honeypots.

Please view or download the paper over at Scribd:
Tricks of the Trade - How Malware Authors Cover Their Tracks

Top 10 Security Best Practices for Small Business

The following is external content provided as a free resource for blog readers.





Cybercrime is increasing at epidemic proportions and small to medium businesses have turned into key targets for cybercriminals. The Wall Street Journal recently stated that small businesses rarely recover from a cyberattack but there are some very simple steps you can take to protect your business. Download this informative slideshow and improve your security today.



Request Free!

Security and HIPAA Compliance: Meeting the Challenge of Securing Protected Health Information

The following is external content provided as a free resource for blog readers.





As the need to ensure the security of sensitive health information grows, security and compliance teams must look to more integrated approaches to both reduce risk and enable streamlined and efficient user workflows. This white paper provides insight into:

  • The most important elements of securing sensitive health information

  • Meeting HIPAA compliance requirements in a scalable and cost-effective way

  • The HITECH Act, which addresses the privacy and security concerns associated with the electronic transmission of health information


By focusing efforts in the key areas of controlling access, monitoring healthcare personnel with broad privileges (privileged users) and managing privilege delegation, organizations can reduce the net risk to themselves and sensitive health information, which in turn eases compliance with standards such as HIPAA and the HITECH Act.



Request Free!

Staying Secure in a Cloudy World

The following is external content provided as a free resource for blog readers.





Organizations that deploy public, private or hybrid cloud infrastructures—which today is virtually all of them—must mitigate inherent security risks while also maintaining compliance with industry and government regulations. This paper contains three simple steps for maintaining visibility and control when moving to the cloud and explains how NetIQ can help with each:

  • Reduce risk

  • Improve threat response

  • Reduce the compliance effort


Fortunately, advances in information security and compliance management technologies have empowered cloud-computing users to reduce risk, improve threat response and drastically reduce the effort needed for compliance management. And NetIQ is leading the charge.



Request Free!

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

The following is external content provided as a free resource for blog readers.





Compliance mandates are changing, and collecting logs is not enough. To reduce the risk of audit failure, you must be able to produce reports that both help you review anomalies, and demonstrate to ever-more attentive auditors that you're doing so. In this white paper:

  • Get the security intelligence you need to meet compliance requirements.

  • Make better use of time and resources with automated processes.

  • Satisfy your internal audiences with graphical reporting that lets them understand your organization's security posture.






Request Free!

Identity and Access Governance: Bringing Business and IT Together

The following is external content provided as a free resource for blog readers.





IT professionals and executives who use identity management and access governance systems typically have different objectives and technology backgrounds. Converging the systems makes sense, but it must be robust to meet IT's demands and simple for non-IT professionals to manage. This white paper covers:

  • Primary factors driving the growth of the identity and access governance (IAG) marketplace.

  • Key elements for effective IAG solutions.

  • What you should ask when selecting a vendor.






Request Free!

Legacy Applications - The Swiss Cheese of Security

Almost every organization has them...

There's that one app which someone in your organization can't live without. It's probably from back in the 1990's, and the developer no longer supports it, if they're even in business anymore. Sometimes the app was never replaced simply due to lack of funding; other times a replacement simply doesn't exist.

To make matters worse, this app probably requires additional unsupported software, such as Java 1.4.2 or even Microsoft Java Virtual Machine. Bonus points if the app also requires an unsupported operating system, such as Windows 2000.

As a security practitioner, what can you do to help secure these applications which introduce gaping holes into your organization's network?

Exchange ActiveSync and BYOD: Potential for Disaster or Foundation for Mobile Success

The following is external content provided as a free resource for blog readers.





Wednesday, September 11th @ 2 pm ET / 11 am PT



Join Exchange MVP Tony Redmond and Brian Reed of BoxTone to learn:

  • Key challenges facing Exchange organizations in an increasingly mobile world

  • Approaches to avoid pitfalls and promote mobile success

  • Strategies to manage the complexity of BYOD and device diversity






Request Free!

Eagle Bank Uses Single Sign-On to Secure Deposits and Customer Data

The following is external content provided as a free resource for blog readers.





When a security audit revealed the bank's password-protection vulnerability, Eagle Bank, a mutual bank with over $430 million in assets, turned to Imprivata® OneSign® Single Sign-On (SSO) technology. If you are an IT professional in banking or financial services, then this case study that details how OneSign alleviated Eagle Bank's password problems and increased system security is a must read.



Request Free!

How Single Sign-On Helped Republic Bank Relieve Password Headaches

The following is external content provided as a free resource for blog readers.





Republic Bank's employees were struggling to remember the complex passwords required to access the bank's critical software applications. If you are an IT professional in banking or financial services, then you'll want to watch this recorded webinar. In it, you'll hear from a security expert at Republic Bank who shares experiences on how his bank used Imprivata® OneSign® Single Sign-On technology to reduce the number of passwords and log-ins required of employees, mitigate the risks of password sharing, and ensure compliance with industry regulations.



Request Free!

Android for the Paranoid - Radiation Alarm

I haven't done an Android for the Paranoid article lately, so I was absolutely glowing when I stumbled across "Radiation Alarm".

This nifty little app lets you know if your phone is detecting any harmful radiation.

How does it do that? The science behind the app is pretty simple - if you cover your cellphone camera with a dark piece of paper or tape over the cell phone, light won't pass through, but radiation will still hit the camera's CMOS censor, causing pixels to "light up".

My "Radiation" reading after calibration
A neat trick I found works well is to slip a small piece of a floppy disk inside the camera's case, so that it covers the phone's camera. This way light can't pass through, and I don't have to worry about making my camera lens sticky or blurry. Best of all, the piece of floppy disk can be hidden behind the camera battery when not in use.

NOTE: Using a piece of a floppy disk may generate false positives if your phone is pointed at a light source, or used in a very bright area.

While I don't have a radioactive source available to me, the science behind this is sound, and reinforced by this YouTube video, which shows what a cellphone camera looks like when exposed to radiation.


When you install and calibrate this app for the first time, you should be away from any known radiation sources. For example, if you live in a brick house, you should actually calibrate your app in a location away from any brick buildings. After all, brick houses do give off low levels of radiation. Of course, if you live anywhere near Fukushima or Chernobyl, you might have a hard time calibrating this.