Blog Posts Tagged with "vendors"
It's Time to Evolve How We Protect Our Data
January 24, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
Comments (0)
The Death of Antivirus Software
January 23, 2012 Added by:Danny Lieberman
Who needs an anti-virus? If I have a solid operating system like Ubuntu 11.10, IP tables, good control of the services on my notebook and practice safe email, why should I add additional layers of content security and feed the Symantec stock price?
Comments (12)
Shopper Trust and the Zappos Ordeal
January 23, 2012 Added by:Bill Mathews
Often merchants just sell your information outright to make revenue off the data they’ve collected. Usually this is reserved for more nefarious merchants, and sometimes it is done out of ignorance of their own policies. But make no mistake – it DOES happen...
Comments (0)
The Proliferation of Cyber Janitors
January 20, 2012 Added by:
What we really need in this industry is a complete shake up. We need true innovative thought that uses cyber intelligence, counterintelligence and active defense and offensive measures in our programs. No more sitting around waiting for the penetration...
Comments (3)
GSA Final Rule Requires Vendor Proof of Security
January 10, 2012 Added by:Headlines
The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...
Comments (1)
Gartner: Top Predictions for 2012 and Beyond
January 02, 2012 Added by:Bill Gerneglia
"Instead of requesting that a third-party security vendor conduct testing on the enterprise's behalf, the enterprise will be satisfied by a cloud provider's certificate stating that a reputable third-party security vendor has already tested its applications."
Comments (0)
NIST Guidelines: Protecting Computers at Start-Up
December 29, 2011 Added by:Headlines
SP 800-155 explains the fundamentals of BIOS integrity measurement to determine if the BIOS has been modified and how to report changes. The publication provides detailed guidelines to vendors that develop products to support secure BIOS integrity measurement mechanisms...
Comments (0)
Change Management and Process Improvement
December 19, 2011 Added by:Rafal Los
I don't know of a bigger detractor to security than a broken enterprise change management process... whether you work for a million node global corporation, or a company with 100 laptops and an outsourced IT - poor change management will be the death of your security posture, period...
Comments (0)
Three Things Experts Won't Tell You About Cloud Security
December 14, 2011 Added by:Mike Meikle
Carefully crafted and monitored SLAs to keep vendors in check, mandating FIPS 140-2 certification of potential vendors and benefiting from vendor technology investments (economies of scale) can add significant weight to cloud solution providers being more secure than in-house solutions...
Comments (1)
Infosec: Homer Simpson or George Washington?
November 28, 2011 Added by:Ali-Reza Anghaie
Consider three fields when pondering infosec strategies: Defense, Economics, and Healthcare. All three have grasped nonlinear preventative and swarm tactics in a way we would be wise to consider. And like infosec, all three also have snake oil salesmen and demons to satiate...
Comments (1)
Does Software Security Suffer When the Customer is No Longer Master?
November 22, 2011 Added by:Josh Shaul
When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...
Comments (2)
Decrypting QSA Qualifications in a Diluted Market Place
November 21, 2011 Added by:Andrew Weidenhamer
One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...
Comments (0)
Three Words to Describe Enterprise Security
November 16, 2011 Added by:Rafal Los
We're cynical. Many security professionals and information security management alike are getting fed up with vendors who don't take the time to understand the issues they're facing - and simply to to sell, sell, sell...
Comments (0)
Are Web Services a Dumb Idea?
November 16, 2011 Added by:Joel Langill
First, you need to expand your concept of an “embedded web server” beyond something that a user would use when launching a browser and entering a URL for the device. Vendors actually use embedded web servers for a number of reasons, and many of these vendors are leaders in the industry...
Comments (0)
Infosec: The World's Largest Rube Goldberg Device
November 15, 2011 Added by:Scot Terban
I am sure there are many of you out there who feel like you are being branded the “Security Cassandra”. You come to them with dark prognostications of compromise, and they look upon you as either a paranoid delusional individual or someone to just be patted on the head...
Comments (5)
INFOPOCALYPSE: You Can Lead Them to the Security Trough...
November 08, 2011 Added by:Scot Terban
We have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company. The net effect is that those paying for such products and services may as well be buying a handful of magic beans instead...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)