Blog Posts Tagged with "vendors"

3750d420f6c2a9844b529978894dc0be

It's Time to Evolve How We Protect Our Data

January 24, 2012 Added by:Josh Shaul

Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Death of Antivirus Software

January 23, 2012 Added by:Danny Lieberman

Who needs an anti-virus? If I have a solid operating system like Ubuntu 11.10, IP tables, good control of the services on my notebook and practice safe email, why should I add additional layers of content security and feed the Symantec stock price?

Comments  (12)

D03c28fd5a80c394905c980ee1ecdc88

Shopper Trust and the Zappos Ordeal

January 23, 2012 Added by:Bill Mathews

Often merchants just sell your information outright to make revenue off the data they’ve collected. Usually this is reserved for more nefarious merchants, and sometimes it is done out of ignorance of their own policies. But make no mistake – it DOES happen...

Comments  (0)

0ff0a77035f9569943049ed3e980bb0d

The Proliferation of Cyber Janitors

January 20, 2012 Added by:

What we really need in this industry is a complete shake up. We need true innovative thought that uses cyber intelligence, counterintelligence and active defense and offensive measures in our programs. No more sitting around waiting for the penetration...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

GSA Final Rule Requires Vendor Proof of Security

January 10, 2012 Added by:Headlines

The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...

Comments  (1)

44fa7dab2a22dc03b6a1de4a35b7834a

Gartner: Top Predictions for 2012 and Beyond

January 02, 2012 Added by:Bill Gerneglia

"Instead of requesting that a third-party security vendor conduct testing on the enterprise's behalf, the enterprise will be satisfied by a cloud provider's certificate stating that a reputable third-party security vendor has already tested its applications."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Guidelines: Protecting Computers at Start-Up

December 29, 2011 Added by:Headlines

SP 800-155 explains the fundamentals of BIOS integrity measurement to determine if the BIOS has been modified and how to report changes. The publication provides detailed guidelines to vendors that develop products to support secure BIOS integrity measurement mechanisms...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Change Management and Process Improvement

December 19, 2011 Added by:Rafal Los

I don't know of a bigger detractor to security than a broken enterprise change management process... whether you work for a million node global corporation, or a company with 100 laptops and an outsourced IT - poor change management will be the death of your security posture, period...

Comments  (0)

49afa3a1bba5280af6c4bf2fb5ea7669

Three Things Experts Won't Tell You About Cloud Security

December 14, 2011 Added by:Mike Meikle

Carefully crafted and monitored SLAs to keep vendors in check, mandating FIPS 140-2 certification of potential vendors and benefiting from vendor technology investments (economies of scale) can add significant weight to cloud solution providers being more secure than in-house solutions...

Comments  (1)

Bd623fa766512fdf6b57db66f522b741

Infosec: Homer Simpson or George Washington?

November 28, 2011 Added by:Ali-Reza Anghaie

Consider three fields when pondering infosec strategies: Defense, Economics, and Healthcare. All three have grasped nonlinear preventative and swarm tactics in a way we would be wise to consider. And like infosec, all three also have snake oil salesmen and demons to satiate...

Comments  (1)

3750d420f6c2a9844b529978894dc0be

Does Software Security Suffer When the Customer is No Longer Master?

November 22, 2011 Added by:Josh Shaul

When you measure the impact on share price, it’s not worth it to build secure software. Buyers are gobbling up the vulnerable stuff as quickly as they can get their hands on it, and the people who pay the price are those whose data is stolen and whose lives are turned upside down in the aftermath...

Comments  (2)

Ad5130e786d13531cc0f2cde32dacd0f

Decrypting QSA Qualifications in a Diluted Market Place

November 21, 2011 Added by:Andrew Weidenhamer

One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Three Words to Describe Enterprise Security

November 16, 2011 Added by:Rafal Los

We're cynical. Many security professionals and information security management alike are getting fed up with vendors who don't take the time to understand the issues they're facing - and simply to to sell, sell, sell...

Comments  (0)

7b072d611db66025d89ff3137dcddfb3

Are Web Services a Dumb Idea?

November 16, 2011 Added by:Joel Langill

First, you need to expand your concept of an “embedded web server” beyond something that a user would use when launching a browser and entering a URL for the device. Vendors actually use embedded web servers for a number of reasons, and many of these vendors are leaders in the industry...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Infosec: The World's Largest Rube Goldberg Device

November 15, 2011 Added by:Infosec Island Admin

I am sure there are many of you out there who feel like you are being branded the “Security Cassandra”. You come to them with dark prognostications of compromise, and they look upon you as either a paranoid delusional individual or someone to just be patted on the head...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

INFOPOCALYPSE: You Can Lead Them to the Security Trough...

November 08, 2011 Added by:Infosec Island Admin

We have seen this from the perspective of magic boxes that promise to negate security vulnerabilities as well as teams of consultants who will “securitize” the company. The net effect is that those paying for such products and services may as well be buying a handful of magic beans instead...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »
Most Liked