Focus on Five High-Priority Changes to Tackle the EU GDPR
The GDPR takes effect soon and requires huge changes in privacy data processing. Not sure where to start? Read Gartner’s Focus on Five High-Priority Changes to Tackle the EU GDPR report now to ensure your organization is on track for compliance.
How to Select the Right Web Application Firewall: 10 Key Requirements to Consider
A web application firewall is not a one-size-fits-all option. This guide provides IT security staff with an overview of the threats to web applications and items to consider when selecting a web application firewall. It also details minimum feature and functionality requirements, and provides an at-a-glance checklist for evaluating web application firewalls.
2017 Cyberthreat Defense Report
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
eBook: When Your “Office” is in the Cloud, You Need Security in the Cloud
While businesses are ramping up their Office 365 usage, many IT professionals see the cloud juggernaut adding more security headaches and potential threats to the mix. That’s why cloud access security brokers (CASBs) are now the must-have solution for companies using cloud apps. Read this eBook to get up-to-speed quickly on the security gaps inherent in the Office 365 cloud app model and how a CASB can help your organization fill those gaps effectively.
eBook: Cyber Security is the Board’s Business
Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?
In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.
Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks
Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.
In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.
Plugging the Security Gaps of Cloud File Sharing Services
This paper examines seven items to consider when it comes to security and compliance of cloud file sharing services like Box, Dropbox, OneDrive, and Google Drive, and how you can mitigate the risks with a Cloud Access Security Broker (CASB) solution such as Imperva Skyfence. Learn why Gartner says a CASB is a required security platform for organizations using cloud services.
Top 5 Solution Requirements for Account Takeover Protection
Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.
This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.
Office 365 Playbook: How to Ensure Security through Cloud Access Security Brokers
This playbook provides you with a practical guide for defining, developing, and executing an Office 365 security plan. It includes choosing and optimizing the appropriate solution to mitigate your Office 365 risk while also meeting all of your compliance obligations, be they regulatory requirements or best practice guidelines from organizations such as the Cloud Security Alliance.
Delivering Cyber Security Confidence for the Modern Enterprise
Traditional network and endpoint security alone are not enough to keep pace with the rapid evolution and growing sophistication of cyber threats, user mobility, and the changes cloud computing is bringing to enterprise security. Read the eBook to discover a new approach to cyber security that’s focused on protecting business-critical data and applications wherever they are located, in the cloud or on-premises.
Securing and Monitoring Access to Office 365
Microsoft provides basic security features for Office 365, but it’s ultimately up to the customer to protect Office 365 admin and user accounts from external threats and malicious insiders. This paper looks at the challenges of securing access to Office 365 and what you can do to protect your data.
Securing Administrator Access for the Amazon Web Services Management Console
AWS provides the foundational security infrastructure for its customers, but the ultimate responsibility to secure the application running on AWS lies with the customer. This paper looks at the importance and challenges of securing access to the AWS console and what you can do to protect your data.
The Cloud App Visibility Blind Spot
Traditional security controls weren’t designed with the cloud in mind. Read this white paper to learn about the challenges created by “Shadow IT” and what you can do to mitigate those risks and safely enable the use of cloud apps in your organization.
IaaS Reference Architectures: for AWS
Data center, IT and Operations Architects can now secure their web applications whether those are on-premise, in a virtual environment or in the most popular public cloud, Amazon Web Services (AWS). This Blueprint document provides guidance on architecting security for cloud-based web applications using the leading WAF solution in the market today, Imperva SecureSphere, along with other Imperva security solutions for Amazon Web Services (AWS).
DDoS Response Playbook
This handbook provides you with a practical guide for planning and executing a DDoS response plan. It outlines pragmatic steps and best practices for choosing and setting up the right mitigation solution for your organization, how to authoritatively respond to an attack, and conduct a thorough post-attack analysis for developing follow-up defense strategies.
Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security
A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.
Data Protection Under POPI
6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill
Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.
Data Privacy: The High Cost of Unprotected Sensitive Data
Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.
Five Steps for Protecting Australian Government Information
According to the Information Security Manual (ISM), the primary cyber threat to Australia is cyber exploitation: malicious activities designed to silently gather information from ICT systems. The disclosure of sensitive commercial or government information can threaten national interests. The disclosure of sensitive personal information can enable malicious activities against individuals. The security of sensitive government and commercial information is critical for ensuring that Australia continues to be a safe place to do business online. This paper outlines Five Steps to protect critical information.
Information Security Risk Management for Australian Financial Service Organizations
Published in 2010 by the Australian Prudential Regulation Authority (APRA), the prudential practice guide PPG 234 aims to assist regulated financial institutions in the management of security risk in information and information technology. The guide targets areas where APRA continues to identify weaknesses as part of its ongoing supervisory activities. PPG 234 reflects the need for sound risk management disciplines and solid business understanding to evaluate and manage the IT security risk profile. This paper identifies how SecureSphere enables financial institutions to incrementally address the PPG 234 security recommendations and mitigate risks to their information and information systems.
Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements
The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.
Security for PCI Compliance
Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers
For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.
This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.
Implementing Sarbanes-Oxley Audit Requirements
The Sarbanes-Oxley Act (SOX) of 2002 set requirements for the integrity of the source data related to financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications such as SAP, Oracle E-Business Suite, PeopleSoft, and other Web Applications. In this White Paper, Imperva presents the range of functions that need to take place to achieve and demonstrate compliance with SOX.