Enterprise Security
Problems with Defining the Scope in ISO 27001
July 07, 2010 Added by:Dejan Kosutic
The problem when the ISO 27001 scope is not the whole organization is that the Information Security Management System must have interfaces to the outside world - clients, partners, suppliers etc., but also the organization's departments that are not within the scope...
Comments (0)
Risk assessment tips for smaller companies
June 30, 2010 Added by:Dejan Kosutic
I have seen quite a lot of smaller companies (up to 50 employees) trying to apply risk assessment tools as part of their ISO 27001 implementation project. The result is that it usually takes too much time and money with too little effect.
Comments (0)
ISA to Address NATO on Global Cyber Security
June 30, 2010 Added by:Marjorie Morgan
ISA President Larry Clinton has been asked to detail the implications of the ISA Cyber Security Social Contract as it relates to the future of Cooperation and Conflict in the Global Commons at an invitation only meeting in Virginia Beach today, June 30th.
Comments (0)
Bullet Proof Hosting: A Theoretical Model
June 29, 2010 Added by:Nathaniel Markowitz
Bulletproof (BP) hosting is an increasingly important and under-researched component of cyber-criminal activities. While there are several different ways that BP hosting can be accomplished, it is generally understood as a service that promises customers that their websites will not be taken down, regardless of complaints or content.
Comments (0)
Economic Crime Vulnerabilities
June 28, 2010 Added by:Danny Lieberman
The key vulnerabilities of a business to fraud and data loss are rooted in the four sins of hubris: thinking, looking, fighting and denying. Hubris is defined as excessive pride or self-confidence, starting with the thought that fraud and data theft won’t happen to you. Most firms look in the wrong direction, by focussing on external threats and malware in...
Comments (0)
More IT complexity = More data-centric security
June 27, 2010 Added by:Eli Talmor
IT security professionals are engaged in a game of cat and mouse with hackers. As fast as they deploy security countermeasures, these rogue elements discover loopholes or entirely new avenues of attack. Traditional security methods have relied upon closely guarding the perimeter of a company's network.
Comments (0)
The Cost For Securing Your Data vs. The Cost to Replace Your Data
June 25, 2010 Added by:Allan Pratt, MBA
Computer security has been part of my best practices since I purchased my first computer way back in 1995 and experienced the Internet for the first time. All of my home systems are always protected with host-based IDS, software backups, and regular maintenance. However, I had a “wow” computer security moment recently.
Comments (1)
What could BP learn from our industry?
June 24, 2010 Added by:Jason Remillard
So do I think BP could learn from our industry on incident and emergency response? To be sure, they are very different industries, impacts and processes. However, for me, the responsibilty of business to be protective of their clients, supportive and acknowledging of client concerns and responsible for their actions.
Comments (0)
SLAML 2010 Log Analysis Workshop
June 24, 2010 Added by:Anton Chuvakin
This year, Workshop on the Analysis of System Logs (WASL) is reborn as SLAML. Please consider submitting a short paper (no need to do a full academic write-up!). The deadline is July 11.
Comments (0)
How to get certified against ISO 27001?
June 23, 2010 Added by:Dejan Kosutic
You have been implementing ISO 27001 for quite a long time, invested quite a lot in education, consultancy and implementation of various controls. Now comes the auditor from a certification body - will you pass the certification?
Comments (1)
State of International Cooperation on Cybercrime
June 23, 2010 Added by:Simon Heron
Last week’s Talinn conference was the latest in a series of international gatherings to discuss cybercrime. Unfortunately, although international cooperation is an essential element in defeating cybercrime, these discussions have so far been unable to find an actionable agreement.
Comments (0)
Battling the Information Security Paradox
June 22, 2010 Added by:Anthony M. Freed
Information security is still not garnering appropriate attention from the executive level at some of the largest companies in the world, many of whom are engaged in business activity considered critical to the nation's infrastructure.
Comments (1)
ISAlliance Priority Projects for 2010
June 22, 2010 Added by:Marjorie Morgan
In conjunction with the American National Standards Institute (ANSI), ISA published its first handbook for enterprises which examines corporate cyber security from an economic perspective as much as the technical one.
Comments (0)
Does SaaS Diminish the Need for Enterprise Architecture?
June 22, 2010 Added by:Lauren Twele
This is a good question, but we have to understand what is meant by Enterprise Architecture (EA). It is generally accepted to be a discipline and sometimes a role or organization responsible for those activities that strategically align an organization to its technology and business goals.
Comments (0)
SIEM and Log Management
June 21, 2010 Added by:Anton Chuvakin
A few weeks ago week I did this fun webcast with NitroSecurity (recording) on Log Management and SIEM; here are some belated Q&A we got there:
Comments (0)
CIOs: Shunning Primitive Application Infrastructure
June 21, 2010 Added by:Rahul Neel Mani
It is high time the CIOs should look at modernising their application infrastructure and move on to cost-effective and faster platforms. In an exclusive conversation, Stuart McGill, CTO, Micro Focus shares his thoughts with Rahul Neel Mani.
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!