April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
April 15, 2013 Added by:Tripwire Inc
Security teams need the right skills in order to ‘ready’ themselves for action, and before we get to engage in some some really advanced security intelligence, big data analysis, haddop, threat intelligence and a myriad of other buzz words, we will need to be able to accomplish the basics first.
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
April 05, 2013 Added by:Simon Moffatt
As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?
April 02, 2013 Added by:Rafal Los
This post and the few that follow will go through the five basic ideas behind defensibility and why defensible is a state we should be striving for as enterprise security professionals.
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
March 27, 2013 Added by:Paul Kenyon
Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations.
March 21, 2013 Added by:Oliver Rochford
In an enterprise environment, a computer comes preloaded with Antivirus. For businesses, this is of course a good thing. It has sadly also had some unintended consequences – mainly to be found in the perception and expectations that customers and end-users have developed because of the commoditization of antivirus.
March 20, 2013 Added by:Ian Tibble
The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.
March 19, 2013 Added by:Rafal Los
It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'
March 18, 2013 Added by:Tripwire Inc
There are five habits of highly secure organizations, said Ben Rothke (@benrothke), Manager – Corporate Services Information Security at Wyndham Worldwide.
March 16, 2013 Added by:Rafal Los
I can't even express how good it is to be back in the field, solving problems and working with the enterprises again. It's interesting how little the landscape changes in software security and how many of the same challenges that existed during my GE days (2003-2008) are still around today.
March 07, 2013 Added by:Stephen Marchewitz
While PCI DSS compliance has been a requirement for several years now, it’s been fairly subjective as to what a compliant program looks like and how an organization actually goes about it. While that can still look to be the case, here are a few things to consider.
Mass Disclosure of Vulnerabilities in SAP... john niko on 12-09-2013
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013