Ben Tomhave

Content-aware data loss prevention is increasingly accepted as a standard part of security architecture, even as the market rebalances between enterprise, channel and DLP-lite solutions. This research provides a foundational analysis of the value and composition of E-DLP.

Application security testing remains a critical application security practice for developers, testers and security team members. This document explains how to implement three phases of AST throughout the software life cycle.

Microsoft SharePoint Server continues to be prevalent in on-premises IT environments. The sensitive content it contains drives the need for solid security solutions. We analyze the strengths and weaknesses of built-in and third-party content protection approaches available now for SharePoint.

Application security is a key part of security programs. This research presents a guidance framework for building an application security program based on key guiding principles that are essential to program success.

Much has been written about DevOps, but very little has been done to address the role of security and risk management within that context. This research identifies opportunities for security teams and developers to reap benefits from a DevOps movement while evolving the state of security.

Technical professionals are often asked to research, recommend, implement and execute IT risk assessment and analysis processes. Here we compare and contrast common methodologies, highlighting attributes that readily integrate with risk management programs, as well as scale and evolve over time.

Macro changes in attack targets and threats to the enterprise, as well as the IT delivery model, are shaping the risk and security landscape over the next decade. Visibility into these anticipated changes help technical professionals plan for the architectural implications for future practices.

Network access control is fundamentally about policy control, but the types of control vary widely, including basic network access, guest access, BYOD, and endpoint compliance. This assessment analyzes the myriad use cases in play today and describes the range of architectures available.

Today more than ever, legal practitioners need to fully understand the obligations, liabilities, risks and treatments involving information security and privacy. Top executives must have a firm grasp of the information security and privacy statutes and regulations in each country where they do business, including any industry sector-specific rules. This book provides a practical and comprehensive approach to information security and privacy law for both international and domestic statutes. It… Show more

Today more than ever, legal practitioners need to fully understand the obligations, liabilities, risks and treatments involving information security and privacy. Top executives must have a firm grasp of the information security and privacy statutes and regulations in each country where they do business, including any industry sector-specific rules. This book provides a practical and comprehensive approach to information security and privacy law for both international and domestic statutes. It provides all the tools you need to handle the business, legal and technical risks of protecting information on a global scale. For anyone responsible for or advising a corporation involved in domestic or international business, who must comply with a dizzying array of statutes, regulations, technologies, methodologies and standards, this book is the invaluable resource you've been looking for. Show less

The Data Breach and Encryption Handbook takes an in-depth look at the issue of escalating data breaches and their legal ramifications. This comprehensive resource focuses on the law and its implications, encryption technology, recognized methods of resolving a breach, and many related aspects of information security. Unlike a treatise on information security or encryption, this book will enable attorneys, business owners, technology professionals, and policy-makers to understand the root causes… Show more

The Data Breach and Encryption Handbook takes an in-depth look at the issue of escalating data breaches and their legal ramifications. This comprehensive resource focuses on the law and its implications, encryption technology, recognized methods of resolving a breach, and many related aspects of information security. Unlike a treatise on information security or encryption, this book will enable attorneys, business owners, technology professionals, and policy-makers to understand the root causes of the security failures that lead to many of today's massive data breaches. It will instruct practitioners on how to ask the right questions to address the issues raised by data breaches and provide solutions for how to prevent them. The book also examines a number of the major data breach incidents from a variety of legal and technology perspectives, and provides instructive graphics to illustrate the methodologies hackers use to cause these breaches. Show less