Blog Posts Tagged with "Rafal Los"

0a8cae998f9c51e3b3c0ccbaddf521aa

Doing Biz with Hackers: Do Bad Guys Make the Best Good Guys?

March 06, 2012 Added by:Rafal Los

The significance of quality talent can't be overlooked - having a second-rate individual watching your virtual piggy-bank is as good as having none. It's not like there are thousands of ex-con hackers out there looking for work - but I suspect there are more than you think...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud - Security and Incentives

March 04, 2012 Added by:Rafal Los

A cloud service provider who isn't doing well at meeting security controls and requirements has two options - ignore the voluntary attestation and stay off the STAR registry, or only answer certain parts. This makes it impossible to have a level playing field...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Cross-Border Sovereignty Issues in the Cloud

March 02, 2012 Added by:Rafal Los

It's about due care, process, and not rushing into a cloud computing migration. Take a rational approach and first understand the parameters you need to operate. Then enforce with prejudice those requirements on your vendors and know the way cloud computing is delivered...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Continuous Patching: Is it Viable in the Enterprise?

February 28, 2012 Added by:Rafal Los

The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Abandon FUD, Scare Tactics and Marketing Hype

February 25, 2012 Added by:Rafal Los

Perhaps it is security professionals' diminished tolerance for FUD, or perhaps there is a collective awakening to the bigger picture, or it was just time for the chickens to come to roost. No matter, this drastic anti-FUD backlash is strong and I for one say it's about time...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud Part 1: An Overview

February 23, 2012 Added by:Rafal Los

Cloud computing isn't a paradigm every organization will follow whole-hog, nor should it be. Public cloud, hybrid cloud, private cloud, these are all terms need to be understood first and have some sort of rational approaches to security and risk management around them...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Cybersecurity Act of 2012 - Cybersecurity Collides with Risk

February 19, 2012 Added by:Rafal Los

This is just a chance to create some new regulatory-agency office, hire a bunch of new auditors, attorneys, experts, and waste more time rather than actually making critical infrastructure more risk-averse...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Dangers of Non-Contextual Pattern Matching

February 15, 2012 Added by:Rafal Los

Even a system inconsistency such as an abnormal page transition velocity on your flagship web application can be overlooked - until you put all those together and realize you're being SQL Injected and someone is stealing your multi-terabyte database out from under you...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Difference Between Spreading Information and Enabling Crime

February 14, 2012 Added by:Rafal Los

Most people don't get prosecuted or charged for distributing or re-tweeting a link to an Anonymous pastebin dump. Where is the line drawn then, and why are some incidents bigger than others? The question ultimately goes to the contents of the cache of information...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Will the Real IT Security Researcher Please Stand Up?

February 12, 2012 Added by:Rafal Los

Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Enterprise Security and the Battle Over Productivity

February 11, 2012 Added by:Rafal Los

The trick is, when security can't clearly and absolutely get definition on what employees should and shouldn't be allowed to do, they have to implement the law of least privilege overly aggressively and then things get slow, tedious, and everyone complains about security...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Straight Talk about Compliance from a Security Viewpoint

February 09, 2012 Added by:Rafal Los

Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defending the Enterprise - Five Corporate Security Challenges

February 08, 2012 Added by:Rafal Los

You have to keep close tabs on your employees, your friends, your enemies and those you would never suspect, because threats are ever-present and overwhelming. Keep a level-head, because the evolution of threat doesn't mean it's any more scary today than yesterday...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Data Loss Prevention Step 6: Encrypting Data at Rest

February 06, 2012 Added by:Rafal Los

Even if you did know where all your critical information is, you'd probably be powerless to control its sprawl. Let's face it, systems consume data and then become mobile - which is hardly something you can do anything about in a world where mobility is a key business driver...

Comments  (3)

Page « < 1 - 2 > »