Security Policies

It seems like we’ve been hearing a lot about phishing in the news in recent years, and this threat hasn’t abated yet. Why are attacks via phishing –and social engineering in general —so prevalent and so effective? This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.

This white paper published by independent security research firm, Securosis takes a brutally candid look at triggers for considering a new security management platform, walking through each aspect of the decision, and presenting a process to migrate.

Read how managing risk today means making sense of more data: vulnerability scans, application and database logs, flows, access and session records, alerts, and trending analysis.

This paper explores the subject of continuous compliance versus audit-driven compliance, as well as how an ongoing approach to compliance makes compliance a positive force for securing data and systems.

As the digital universe evolves in both volume and scope, companies must be diligent about protecting their content. Fortunately, companies can easily leverage IP information to protect themselves. This paper explores the best practices of using IP intelligence for digital rights management to reduce risk to online content.

CISOs recognize the risk threats such as phishing, fake antivirus (AV), and search engine poisoning bring, and are anxious to invest in web security technology to safeguard users. Unfortunately, it’s not so easy. Many security executives are struggling to answer questions about the most effective approach. This ESG white paper from BlueCoat explains why some CIOs are struggling to manage security in an increasingly complex and mobile landscape, and offers advice for what they should be looking for in web security.

Data breaches have become a fact of life for organizations of all sizes, in every industry and in many parts of the globe. While many organizations anticipate that at some point a non-malicious or malicious data breach will occur, the focus of this study is to understand the steps organizations are taking—or not taking--to deal with the aftermath of a breach or what we call the Post Breach Boom. Sponsored by Solera Networks, The Post Breach Boom study was conducted by Ponemon Institute to understand the differences between non-malicious and malicious data breaches and what lessons are to be learned from the investigation and forensic activities organizations conduct following the loss or theft of sensitive and confidential information. The majority of respondents in this study believe it is critical that a thorough post-breach analysis and forensic investigation be conducted following either a non-malicious or malicious security breach.

See how RSA Archer Risk Management enables you to proactively address risks to your organization with a central GRC management system for identifying risks, evaluating their impact, relating them to mitigating controls, and tracking their resolution.

A holistic, forward-looking and flexible IT security strategy can help organizations avoid common pitfalls and meet security threats head on in a cost and time efficient manner.

Compliance does not automatically equate to security. A company may be compliant with a host of regulatory requirements, while its databases remain exposed and vulnerable. Learn how McAfee Database Security can help prevent such vulnerabilities.

With McAfee® Database Security, achieving protection and compliance is easier than you might think.

Learn about McAfee Database Security solutions, compliance and security requirements, and principles for protecting your database.

Databases store companies’ most valuable information assets, but in most cases they’re poorly protected. It’s important to secure databases as well as or better than other systems in the enterprise. But it’s not that simple.

McAfee recently bridged the MySQL security gap with a unique solution that combines an open source auditing plug-in with industry-leading database security modules — the McAfee MySQL Audit Plug-In.

Recent surveys of IT managers revealed two commonly held beliefs: database regulations are the most challenging to comply with, and of all regulatory standards, the Payment Card Industry Data Security Standard (PCI DSS) the toughest.

Users who take work with them everywhere unknowingly jeopardize networks and systems.

How do rogue programs work - and how do you protect yourself and your business? Three best practices to keep these unwanted programs out of your networks.

Protect systems from unknown, advanced persistent threats with centrally managed whitelisting

There is no single anti-malware product that can block all malware infiltration and subsequent activity. The only way to combat the malware threats is through an end-to-end, integrated, real-time, context-aware, holistically-managed system.

Application whitelisting used in conjunction with existing antivirus solutions provides a strong defense against emerging threats like APT and targeted malware, and also contributes to reduced operational costs by controlling the sprawl of unauthoriz

Today’s threats to endpoints and data are more complex, more numerous, more varied —and changing every second. McAfee understands next-generation security in the context of your devices, additional protection technologies, and central management.

It’s a critical time for security efforts to move beyond the traditional software operating stack and monitor operations from a new vantage point closer to, and within, the hardware level.

Learn how McAfee Deep Defender version 1.0 targets the more dangerous kernel mode rootkits.

Protecting the valuable and confidential information stored within databases is vital for maintaining the integrity and reputation of organizations everywhere, and for ensuring regulatory compliance.

Insight and control to secure your dynamic cloud environment at every infrastructure layer