August 03, 2010 Added by:Danny Lieberman
Threat models are not a silver bullet solution to prevent a crisis like AIG on one hand or Toyota on the other. A threat model is only a tool to implement a risk strategy by the business management. Threat modeling needs to be used in the proper way, measured in dollar values and must be reviewed...
August 02, 2010 Added by:Application Security, Inc.
There are often process issues associated with access controls to the database also. What if that one person with the keys to the kingdom was hit by a bus? Does business cease to exist as a result? Contingency planning anyone?
July 27, 2010 Added by:Niels Groeneveld
Think twice before you advice to dismiss an employee – assess all interests involved, and make a risk assessment to assess the potential business impact of your advice. And try to avoid becoming a tool of HR managers who want to get rid of people...
July 26, 2010 Added by:Theresa Payton
Now, cybercrime is undergoing a new phase by switching its focus to the susceptible assets of small businesses. According to a survey conducted by the Canadian Chamber of Commerce, 85% of all business fraud occurs in small to medium-sized businesses...
July 26, 2010 Added by:Joe Morrissey
Negligent insider breaches have decreased in number and cost most likely resulting from training and awareness programs having a positive effect on employees’ sensitivity and awareness about the protection of personal information...
July 23, 2010 Added by:Peter Abatan
Enterprise rights management software is an endpoint tool that manages and enforces information access policies and use rights of electronic documents within an enterprise; its development has been predicated on digital rights management technology...
July 22, 2010 Added by:Dejan Kosutic
Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels - they will ask you how much it costs, and if it sounds too expensive they will say no...
July 20, 2010 Added by:Bozidar Spirovski
The IT Disaster Recovery Test as part of the Business Continuity testing is becoming an annual event for most IT departments. It is mandated by a lot of regulators, nearly insisted upon by internal audit and of course a very healthy thing to do...
July 17, 2010 Added by:Thomas Fox
In April 2010 the Wall Street Journal reported that HP’s German subsidiary made payments to agents which eventually ended up in the hands of some unknown Russians, in order to obtain the contract to supply computers to the Russian Prosecutor’s Office...
July 15, 2010 Added by:Michael Menefee
As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...
July 15, 2010 Added by:Global Knowledge
Corporate spying is nothing new. What has changed is technology and the way it can be used to spy on others – like using the Internet to steal secrets. Is there a point at which spying is okay and not an ethical or legal problem?
July 15, 2010 Added by:Dejan Kosutic
The basic point is this - you might have perfect IT security measures, but only one malicious act done by the administrator can bring the whole IT system down. This risk has nothing to do with computers, it has to do with people, processes, supervision, etc...
July 12, 2010 Added by:Joe Morrissey
The irony is that whilst firms focus on preventing data spills, malicious theft is where the money is. Data security incidents related to accidental losses are unfortunately common, but by comparison with malicious theft, cause little quantifiable direct damage...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013