Enterprise Security
Inside Operational Risk Management
August 03, 2010 Added by:Danny Lieberman
Threat models are not a silver bullet solution to prevent a crisis like AIG on one hand or Toyota on the other. A threat model is only a tool to implement a risk strategy by the business management. Threat modeling needs to be used in the proper way, measured in dollar values and must be reviewed...
Comments (0)
On the Ground at Burton Catalyst 2010
August 02, 2010 Added by:Application Security, Inc.
There are often process issues associated with access controls to the database also. What if that one person with the keys to the kingdom was hit by a bus? Does business cease to exist as a result? Contingency planning anyone?
Comments (0)
Security - A Reason to Fire Employees or an Excuse?
July 27, 2010 Added by:Niels Groeneveld
Think twice before you advice to dismiss an employee – assess all interests involved, and make a risk assessment to assess the potential business impact of your advice. And try to avoid becoming a tool of HR managers who want to get rid of people...
Comments (8)
Still Using Excel for Risk Assessments?
July 27, 2010 Added by:Danny Lieberman
Risk assessment data and analysis with Excel is a collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional modeling...
Comments (0)
ISO - It's a Bit Emotional
July 26, 2010 Added by:Javvad Malik
It’s funny how even the most rational persons body stops co-operating when things get emotional. Your decision making ability is impaired and simple things such as walking in a straight line become quite challenging...
Comments (1)
Small Business - The New Target for Cybercriminals
July 26, 2010 Added by:Theresa Payton
Now, cybercrime is undergoing a new phase by switching its focus to the susceptible assets of small businesses. According to a survey conducted by the Canadian Chamber of Commerce, 85% of all business fraud occurs in small to medium-sized businesses...
Comments (0)
Prevention is More Cost Effective Than the Cure
July 26, 2010 Added by:Joe Morrissey
Negligent insider breaches have decreased in number and cost most likely resulting from training and awareness programs having a positive effect on employees’ sensitivity and awareness about the protection of personal information...
Comments (2)
A Strong Case for Enterprise Rights Management
July 23, 2010 Added by:Peter Abatan
Enterprise rights management software is an endpoint tool that manages and enforces information access policies and use rights of electronic documents within an enterprise; its development has been predicated on digital rights management technology...
Comments (2)
Four key benefits of ISO 27001 implementation
July 22, 2010 Added by:Dejan Kosutic
Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels - they will ask you how much it costs, and if it sounds too expensive they will say no...
Comments (0)
Threats to Your Information Security
July 20, 2010 Added by:Theresa Payton
Threats to your information and computer security may be closer than you think. This applies to businesses and individuals alike. If you own a company the threat may be as close as your own employees...
Comments (4)
Mitigating Risks of the IT Disaster Recovery Test
July 20, 2010 Added by:Bozidar Spirovski
The IT Disaster Recovery Test as part of the Business Continuity testing is becoming an annual event for most IT departments. It is mandated by a lot of regulators, nearly insisted upon by internal audit and of course a very healthy thing to do...
Comments (0)
Hewlett Packard and Lots of FCPA Red Flags
July 17, 2010 Added by:Thomas Fox
In April 2010 the Wall Street Journal reported that HP’s German subsidiary made payments to agents which eventually ended up in the hands of some unknown Russians, in order to obtain the contract to supply computers to the Russian Prosecutor’s Office...
Comments (0)
An Introduction to OSSTMM Version 3
July 15, 2010 Added by:Michael Menefee
As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...
Comments (12)
Corporate Espionage in the Cyber Age
July 15, 2010 Added by:Global Knowledge
Corporate spying is nothing new. What has changed is technology and the way it can be used to spy on others – like using the Internet to steal secrets. Is there a point at which spying is okay and not an ethical or legal problem?
Comments (0)
Information Security or IT Security?
July 15, 2010 Added by:Dejan Kosutic
The basic point is this - you might have perfect IT security measures, but only one malicious act done by the administrator can bring the whole IT system down. This risk has nothing to do with computers, it has to do with people, processes, supervision, etc...
Comments (10)
CISOs Unable to Quantify Security Controls
July 12, 2010 Added by:Joe Morrissey
The irony is that whilst firms focus on preventing data spills, malicious theft is where the money is. Data security incidents related to accidental losses are unfortunately common, but by comparison with malicious theft, cause little quantifiable direct damage...
Comments (2)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!