June 19, 2013 Added by:Simon Moffatt
RESTful architectures have been the general buzz of websites for the last few years. The simplicity, scalability and statelessness of this approach to client-server communications has been adopted by many of the top social sites such as Twitter and Facebook. Why? Well, in their specific cases, developer adoption is a huge priority.
June 18, 2013 Added by:Tripwire Inc
This post is all about Control 13 of the CSIS 20 Critical Security Controls – Boundary Defense. Here we explore the (29) requirements I’ve parsed out of the control.
June 17, 2013 Added by:Rafal Los
Security Intelligence. This topic seems to come up over and over in discussions with enterprise security leaders, security professionals, writers, and pundits. There are many different facets to the topic, but ultimately what are we talking about?
June 14, 2013 Added by:Vinod Mohan
Given the expanding threat landscape for the SMB and the increased demand for affordable IT security tools, here are five valuable tips for IT pros that help shed light on managing enterprise security on a budget.
June 12, 2013 Added by:Rafal Los
If adding security to your enterprise software development methodology and lifecycle creates a significant amount of drag on the actual release deadlines —for an extended period of time — you’re doing it wrong.
June 07, 2013 Added by:Michael Fornal
Identity Management applications are slowly gaining speed in the security realm as an important tool in managing provisions of an applications or to aid in gaining a handle on compliance and identity governance.
June 04, 2013 Added by:Jon Long
"Irregardless" is not a word, and is not a substitute for irrespective or regardless. "Begging the question" is a logical fallacy, not a substitute for "...which raises the question...", and there is no such thing as an "SSAE 16 certification".
May 17, 2013 Added by:Luis Corrons
IT Departments are very often one step behind users, and unfortunately in most cases there is no real control over all devices on the corporate network. Despite perimeter solutions still being a necessity, the corporate perimeter must now expand to include new devices (mainly smartphones and tablets) that also handle confidential corporate information.
May 13, 2013 Added by:InfosecIsland News
As an Infosec Island reader, we are pleased to offer you the following complimentary IT security resources for the week of May 13, 2013.
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
May 08, 2013 Added by:Rohit Sethi
Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.
May 08, 2013 Added by:Lee Mangold
As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
Making Sense of Split Tunneling ... nat ravitz on 03-08-2014
Why Enterprises Are Struggling So Much with ... Eric Kronthal on 03-07-2014
Making Sense of Split Tunneling ... nat ravitz on 03-07-2014