Consulting

0a8cae998f9c51e3b3c0ccbaddf521aa

The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal

March 19, 2013 Added by:Rafal Los

It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'

Comments  (1)

Default-avatar

New York Times Attacks Show Need For New Security Defenses

February 01, 2013 Added by:Infosec Island

The recent attacks against the New York Times allegedly carried out by the Chinese military highlight the importance of layered security to protect sensitive systems and data.

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

UP and to the RIGHT: Strategy and Tactics of Analyst Influence

July 23, 2012 Added by:Ben Rothke

If up and to the right is the desired Magic Quadrant location, how does one get there? For many tech firms, they often are clueless. In this book, Stiennon provides clear direction. For those looking to make the expedition to the land of Gartner, this book is a veritable Berlitz Guide on how to make the journey...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Business Continuity for SMB's – A Necessity or Not?

April 13, 2011 Added by:Dejan Kosutic

There is no difference between large organizations and small with regard to business continuity framework - they both have to think in detail what preparations they need to perform in order to survive a disaster. The difference is SMB's can do it with very little investment...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

She Blinded Me With Infosec...

April 11, 2011 Added by:Infosec Island Admin

One must admit that no matter how many times an assessment is carried out and things are found/exploited there are ALWAYS more vulnerabilities being introduced. You will never get them all and the client, if they understand this, will become inured to it...

Comments  (0)

40567eb686e5eaad55cf6f07f6e5b317

OSSTMM 2.2 to 3 - a long trail!

December 13, 2010 Added by:Joerg Simon

Nearly every Standard who implements Security Management into Business Processes, require, that the results from security tests, as base for risk assessment, ensures to have comparable and reproducible results. How to ensure that? The OSSTMM is the perfect Guide. And the auditing department will love the results out of the OSSTMM Metric - the Risk Assessment Values (rav).

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Most annoying consultants

June 13, 2010 Added by:Javvad Malik

Infosec would have a better reputation if all consultants were perfect like me. When speaking to a project manager, we should have completed our research. Scoured the internet, finding out what a particular application does and how many security vulnerabilities are out there. The list goes on, but suffice to say a good consultant always does their homework before they actually start talking t...

Comments  (3)

34200746591339726df9791b17bc885c

In Rebuke of China

February 02, 2010 Added by:Tom Schram

In the current issue of Foreign Affairs, former NATO Commander General Wesley K. Clark and current Department of Veteran Affairs CTO Peter Levin write:  “There is no form of military combat more irregular than an electronic attack: It is extremely cheap, is very fast, can be carrier out anonymously, and can disrupt or deny critical servi...

Comments  (3)

B426b30042abbc15e363cb679bbc937d

More COFEE Please, on Second Thought…

November 09, 2009 Added by:Daniel Kennedy

The forensics tool provided to law enforcement officials created by Microsoft called COFEE  (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement.  Let’s see if the big deal is warranted.

Comments  (0)

B32b392ce3a707f05f4838c48c67d9cf

Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)

B038fefd7a19c26505d1f0671609d8ce

IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

Where are the DBAs?

October 07, 2009 Added by:Infosec Island Admin

What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.

Comments  (3)


Most Liked