Security Training
New Training Model for Advanced Persistent Threat Detection and Mitigation
June 28, 2013 Added by:Edwin Covert
Organizations face a new threat to their information systems and intellectual property: advanced persistent threats, or APT. In order to detect and mitigate these attacks, organizations must develop a cyber-security capability that allows them to defend themselves.
Comments (0)
Speaking with the VP of Enterprise Security at Scotiabank
June 25, 2013 Added by:InfoSec Institute
Greg Thompson has his work cut out for him as Scotiabank’s highest level security professional. Thompson, vice president of enterprise security services at the Toronto, Ontario-based entity, oversees a team responsible for ensuring that hackers, cyber terrorists and hacktivists don’t get bragging rights at company’s expense.
Comments (1)
Cyber Attacks the Reality, the Reason and the Resolution Part 3
June 24, 2013 Added by:Larry Karisny
Knowing the reality and reasons behind cyberattacks, it’s time to stop talking and start offering resolution to these serious problems. There is no "it won’t happen to me" anymore. We must immediately deploy prevention and detection technologies to our critical processes or frankly, we could lose it all.
Comments (0)
Irregardless, Begs the Question, and SSAE 16 Certified
June 04, 2013 Added by:Jon Long
"Irregardless" is not a word, and is not a substitute for irrespective or regardless. "Begging the question" is a logical fallacy, not a substitute for "...which raises the question...", and there is no such thing as an "SSAE 16 certification".
Comments (0)
Do You Have a Vendor Security Check List? You Should!
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
Comments (0)
Bore Them With Death-by-Awareness: That’ll Teach em!
May 08, 2013 Added by:Lee Mangold
As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?
Comments (0)
On Dutch Banking Woes and DDoS Attacks
April 25, 2013 Added by:Don Eijndhoven
If you don't live in the Netherlands or don't happen to have a Dutch bank account, you can certainly be forgiven for not having caught wind of the major banking woes that have been plaguing the Dutch.
Comments (0)
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
Defending the Corporate Domain: Strategy and Tactics
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
Comments (0)
The Five-Step Privilege Management Checklist for Financial Organizations
March 27, 2013 Added by:Paul Kenyon
Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations.
Comments (0)
Hardening Is Hard If You're Doing It Right
March 20, 2013 Added by:Ian Tibble
The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.
Comments (1)
Ben Rothke on the Five Habits of Highly Secure Organizations
March 18, 2013 Added by:Tripwire Inc
There are five habits of highly secure organizations, said Ben Rothke (@benrothke), Manager – Corporate Services Information Security at Wyndham Worldwide.
Comments (1)
So APT Is China *snicker* Now What?
February 28, 2013 Added by:Krypt3ia
As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT, I find myself once again looking at the problem as opposed to the hype.
Comments (0)
China's PLA Behind Massive Cyber Espionage Operation
February 19, 2013 Added by:Mike Lennon
In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.
Comments (0)
What We Learned About Digital Security In 2012
February 12, 2013 Added by:Robert Siciliano
Sometimes it’s the worst things that can happen that become the eye-opening best things that effect positive change. The year 2012 saw numerous high-profile data breaches, epic hacks, full-on hacktivism and lots of major identity theft ring busts.
Comments (0)
New York Times Attacks Show Need For New Security Defenses
February 01, 2013 Added by:Infosec Island
The recent attacks against the New York Times allegedly carried out by the Chinese military highlight the importance of layered security to protect sensitive systems and data.
Comments (0)
- An Open Letter to Executives
- FAQs Concerning the Legal Implications of the Heartbleed Vulnerability
- Security Pros Need Better Security Awareness Training Options
- Would a Proprietary OpenSSL Have Been More Secure than Open Source?
- Is User Experience Part of Your Security Plan?
- SIEM Webinar Questions – Answered
- Electric Grid Safety Hinges on Partnership and Information Sharing
- Rx for Incorrect Compliance Claims and XP
- FBI Plans to Have 52 Million Photos in its NGI Face Recognition Database by Next Year
- NSA vs. Cloud Encryption: Which is Stronger?