July 10, 2013 Added by:InfosecIsland News
With APTs leveraging these weaknesses, it’s critical to have visibility and control of enterprise key and certificate inventories. Cyber criminals understand that the easy targets are those organizations that have little visibility into their threat surface and cannot respond quickly. We need to gain control over trust; we need to plug the gap related to key & certificate-based exploits. (Re...
July 02, 2013 Added by:Rafal Los
Very few companies are actively using security intelligence for better defense. What gives? This post will describe for you what I believe it means to extract value from security intelligence. And more important, why I believe three out of four enterprises are still failing to get that value.
July 01, 2013 Added by:Brad Bemis
Why are you always so negative about the state of the security industry and how we're fairing in the information protection game?
June 25, 2013 Added by:Paul Lipman
Relying on traditional security measures to catch the bad guy in action or prevent being the victim of a breach doesn’t cut it in today’s threat landscape, and IT teams don’t have the time and resources to address each threat vector in isolation, nor should they have to.
June 20, 2013 Added by:Rafal Los
Private industry and corporations alike are talking about “hack-back.” It’s no secret I believe that “hack-back” is a bad idea, for many reasons.
June 20, 2013 Added by:Eric Chiu
In a competitive business environment, reputation is a critical differentiator. Any company that suffers from a major data breach, instigated by an employee with a small grudge and big access, could face devastating consequences to the corporate brand, and to the bottom line.
June 18, 2013 Added by:Tripwire Inc
This post is all about Control 13 of the CSIS 20 Critical Security Controls – Boundary Defense. Here we explore the (29) requirements I’ve parsed out of the control.
June 14, 2013 Added by:Vinod Mohan
Given the expanding threat landscape for the SMB and the increased demand for affordable IT security tools, here are five valuable tips for IT pros that help shed light on managing enterprise security on a budget.
June 12, 2013 Added by:Ian Tibble
The notion that VA tools really can be used to give a decent picture of vulnerability is still heavily embedded, and that notion in itself presents a serious vulnerability for businesses.
June 07, 2013 Added by:Michael Fornal
Identity Management applications are slowly gaining speed in the security realm as an important tool in managing provisions of an applications or to aid in gaining a handle on compliance and identity governance.
May 17, 2013 Added by:Luis Corrons
IT Departments are very often one step behind users, and unfortunately in most cases there is no real control over all devices on the corporate network. Despite perimeter solutions still being a necessity, the corporate perimeter must now expand to include new devices (mainly smartphones and tablets) that also handle confidential corporate information.
May 13, 2013 Added by:InfosecIsland News
As an Infosec Island reader, we are pleased to offer you the following complimentary IT security resources for the week of May 13, 2013.
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-17-2014
On Secure and Agile Collaboration... Kylie Wilson on 04-17-2014
Achieving Code Compliance in an Agile Enviro... Kylie Wilson on 04-17-2014