Learn the basics of IT, information, computer, and network security

As computer / information specialists we often come across the same issues over and over again. Even though many organizations have security policies in place and provide training – too often these lessons are quickly forgotten or otherwise ignored for whatever reason (until of course a breach eventually occurs).

Check out our free PDF posters – download and print these to distribute around the office, so you can gently remind people about your security policies and good general security practices.

 

We have also put together this essential reading list for anyone who wants to learn more about what it takes to properly secure your office network.

 

IT Security Reports, Tips, and Basics

2012 Data Breach Investigations Report from Verizon Business

Lots of information about data breach statistics and the latest security information that organizations should be aware of – including contributions from numerous law enforcement agencies, and a global perspective on how data breaches can destroy business reputations, brand equity, and customer relationships.

 

Information Security Shake-Up Report for 2013 from SBIC (PDF link)

The Security for Business Innovation Council (SBIC) analyzes continuing cyber security challenges in 2013. This report talks about big data analytics, cloud computing, social media, and mobile access to highlight the growing complexity and exposure of serious information security risks.

 

Security Threat Report 2013 from Sophos

Excellent analysis covering many important security topics – such as malware attacks, java security vulnerabilities, mobile security issues, polymorphic / targeted attacks, and OS X and Mac security issues. Essential reading for any organization serious about their security integrity.

 

Organizational Security Awareness Strategies from Gartner

Discusses the key challenges of improving enterprise security by showing how to foster ideal security behaviors among end users. In particular how traditional security awareness programs consistently fail to improve organizational security even when extensive and strictly enforced.

 

Emerging Cyber Threats 2013 from Georgia Tech Cyber Security Summit 2012

Based on extensive academic research that highlights the significant risks in providing online security, and focusing on six key themes. These are information manipulation, supply chain insecurity, mobile and cloud security, medical data privacy, and aggressive malware attacks.

 

2013 Security Threat Predictions from McAfee Labs (PDF)

An extensive report based on all the data gathered by McAfee on malware, vulnerabilities, and threats to access points, networks, email, mobile devices, and the web in 2012. McAfee researchers offer a range of bold predictions of what businesses should expect to encounter in 2013, as well as some interesting insights on how organizations can address these issues.

 

The Global State of Information Security 2013 from PWC

Lots of interesting data about what various geographic regions and industries are worried about with information security concerns in 2013. Over 9300 respondents (including CEOs, CFOs, CIOs, CISOs, CSOs, and VPs) from 128 countries took part in this survey, and the interactive charts make for some interesting insights.

 

How to Write an Information Security Policy

Not all organizations bother to write an Information Security Policy, and they probably should. This basic guideline from ComputerWorld will show you how to construct and effective policy that will get positive results. Including well-defined actions and objectives, and guidance to mitigate the common risks of enforcement and non-compliance (we can also help you design this policy).

 

How to Develop a Security Awareness Program

The best insurance to avoid paying heavily later. Awareness programs can become overbearing and cumbersome however, and this can create the reverse desired behavior. This basic guide offers good advice for developing your security awareness program without acting like “Big Brother”.

 

Penetration Testing Basics

Straight from CSO Online – how to construct a Penetration Testing Program in 10 “easy” steps. Organizations need to run such programs to assure data security integrity or to satisfy regulatory / legal requirements (such as HIPAA, PCI DSS, or Sarbanes Oxley). This guide will also help you get more value when seeking outside network security consultations.

 

Network Security Basics

This basic guide will show you how to configure your network properly, and keep track of traffic in your network. While this is a massive and complex topic that certainly requires qualified expertise, this guide will help you understand the basics of properly configuring your network, and how to detect and react to suspicious network activity.

 

Wireless Security Basics

Too many organizations lack appropriate measures to secure their wireless access, so this guide will show you some of the basic fundamentals of wireless security and how to mitigate the more common issues. This is also a useful guide to help you understand what a security professional does in such a case.

 

VOIP Security Basics

While potentially an excellent cost saving measure for modern organizations seeking cheaper communications tools. Using such services does carry extra risk, and therefore needs to be properly secured. For example data verification and network hardening to prevent DDoS attacks, corporate espionage, and phishing attacks.

 

Phishing Prevention Basics

Preventing “pharmers” and “phishers” from collecting sensitive information is a no-brainer for any business. These guidelines show how you some of the basic steps to keep your organization prepared and on guard from the most common phishing and pharming tactics.

 

Identity Management Basics

The frequency of security breaches from identity theft has been sharply rising in recent years. These guidelines show how organizations can benefit from adopting a strict security policy regarding the usage and administration of user accounts – for example properly managing appropriate access privileges.

 

How to Stop Social Engineering: The Basics

Even the best security systems in the world can be undone by one clever act of social engineering. This method works because it takes advantage of natural human behaviors to gain access. This guide outlines some of the more common tactics employed by social engineers, while providing some basic tips to keep you prepared and on guard.

 

The Basics of Incident Detection, Response, and Data Forensics

Unauthorized access to corporate, educational, and government systems are a sadly routine occurrence, and in many cases preventable using proper tools and techniques. This guide will show you how to detect data breaches and respond to security incidents as quickly as possible – including using digital forensics to trace security breaches to their source.

 

Log Management Basics to Increase Security Integrity

System logs provide organizations with tremendous insights into what is going on in the company, including many security advantages. While organizations can quickly get overwhelmed with analyzing, managing, and evaluating with the vast amounts of data generated by system logs – there is still much to be gained by using system logs to their full potential.

 

Information System & Security Audit Basics

There are many reasons to run a security audit – whether for security assurances or to comply with regulatory requirements. The scope of an information systems audit will depend on the objectives of said audit, and this guide will help you for determine those exact objectives.

 

Internal Investigation Basics

While perhaps an uncomfortable subject in some companies. The reality is that fraud cases, outright theft, data manipulation, and even the occasional act of revenge not only occurs more often than we might like to admit – but often the perpetrator is a former or actual employee.