Enterprise Security
Preventative -v- Detective Security
December 02, 2012 Added by:Simon Moffatt
Security has several issues from a proactive implementation perspective. Like anything, a detailed return on investment, including both tangible and non-tangible benefits, is required...
Comments (0)
Don't be a Petraeus: A Tutorial on Anonymous Email Accounts
November 28, 2012 Added by:Electronic Frontier Foundation
How do you exchange messages with someone without leaving records with your webmail provider? This is an important practical skill, whether you need to talk confidentially with a journalist, or because you're engaged in politics in a country where the authorities use surveillance...
Comments (0)
Resource Scarcity in Information Security - Part 2
November 19, 2012 Added by:Robb Reck
In our last post we discussed how to deal with resource scarcity and why the only effective strategy involves reducing the team’s scope. In this post I will dive into how we can reduce the information security team’s scope of work while preserving the value delivered to the business to the greatest extent possible...
Comments (0)
Suing our way to Better Security... Redux
November 14, 2012 Added by:Jayson Wylie
One of the latest publicly known Government Data Breaches has incurred yet another lawsuit for the people by the people’s lawyers. Monetary and punitive damages that can be incurred through Personal Identifiable Information (PII) loss resulting in fraud or victimization...
Comments (0)
Why Least Privilege Management is Essential to the new NIST Risk Assessment Guidelines
November 13, 2012 Added by:Paul Kenyon
NIST guidelines that were updated last mont, make multiple references to privileged users and/or administrators, who are deemed both major threat sources and enablers of risky events. When it comes to these standards, taking a least privilege approach to security is a major step towards protecting organizations...
Comments (1)
Automatic security response: What will it take for you to trust it?
November 13, 2012 Added by:Tripwire Inc
We need to evolve our security capabilities to a point where both the detection and the countermeasures can be automated and automatic. That is the only way we’ll get fast enough to prevent or at least significantly limi) the damage from unexpected attacks. The problem? We don’t tend to trust automation...
Comments (0)
BYOD savings may be lost by security and admin costs
November 12, 2012 Added by:Rainer Enders
Companies need to mobilize, that is without question -- but for too long BYOD has become nearly synonymous with this effort. In reality, BYOD is just one of the ways enterprises can mobilize, and in many cases, it is not the most secure, or necessarily the most cost-efficient way to do so...
Comments (0)
Security and Privacy Concerns for Mobile Devices
November 11, 2012 Added by:Dan Dieterle
BYOD (Bring your own Device) is one of the latest tech fads. Bring in that tablet or smart phone from home and we will hook it right up to our corporate network for you! What a great thing, and the IT staff just loves it too. But there are some serious concerns about mobile devices...
Comments (0)
BYOD Costs are Rising
November 11, 2012 Added by:Bill Gerneglia
Recent research demonstrates some of the quantifiable benefits and complexities associated with allowing employees to use their own mobile devices on their employers' networks. Most organizations are now enabling BYOD in the enterprise...
Comments (0)
Why traditional approaches for securing Industrial Control Systems Fail
November 09, 2012 Added by:Mikko Jakonen
Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...
Comments (2)
Six Sneaky Ways to Bring Down Your Company
November 08, 2012 Added by:Pete Herzog
This article will give you some ideas on how you can quickly put yourself out of a job using the Internet. If you're careful and a little lucky, you won't end up in jail either! At the very least, this article shows how doing things that are good for an office may not necessarily be good for the security of your company...
Comments (0)
From Trick or Treat through Thanksgiving: Examining the Past to Prepare for the Future
November 04, 2012 Added by:Mary Shaddock Jones
In my experience, companies need to be closely reviewing what little case law or factual allegations exist with regard to the FCPA so that they too know where to find any potential problems that may exist within their own company. There are only so many ways to hide the dollar...
Comments (0)
Companies Must Consider Travel Providers’ Data Practices or Risk Being Harmed
November 04, 2012 Added by:David Navetta
A company responsible for handling billing and settlement for the International Air Transport Association (IATA) has been selling flight booking information about corporate travelers — on a travel agency level — to airlines, hotels and others...
Comments (0)
Admin Rights - Your Achilles Heel
October 31, 2012 Added by:Paul Kenyon
Every organization experiences user frustrations and complications that result in support calls to the help desk. While each call may seem to suggest a unique problem, there could be a common root cause amongst them. Help desk calls often seem to be black and white – the machine works and now it doesn’t...
Comments (0)
Why doesn't your VPN work on the road?
October 29, 2012 Added by:Rainer Enders
With the ubiquity of mobile devices, staying securely connected to work - in theory - should require nothing more than an internet connection, and seemingly everywhere you travel, whether that be in hotels, airports, or conference trade shows, offer such connections. But the reality is more complicate...
Comments (0)
Rethinking the consumer/enterprise operating system
October 28, 2012 Added by:Rafal Los
When Microsoft converged their kernel and made a single version of Windows most people were relieved, especially Microsoft developers and security types. It was now going to be easier to maintain the code base - but was that the right call? I think the jury may still be out...
Comments (3)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)