Blog Posts Tagged with "IT Security"
Secure Networks: Remember the DMZ in 2012
April 17, 2012 Added by:Brent Huston
Recently, I have talked to two companies who have been hit by malicious activity that compromised a web application and gave the attacker complete control over a box sitting INSIDE their primary business network with essentially unfettered access to the environment...
Comments (0)
The Security Poverty Line and Junk Food
April 16, 2012 Added by:Wendy Nather
Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...
Comments (2)
Shadow IT - Why Security is Scrambling to Reinvent Itself
April 16, 2012 Added by:Rafal Los
Shadow IT is the leading cause of many of the "reinventions" that IT organizations across the globe are going through. For many CIOs the ground is moving underneath their feet, and if they're not actively moving to counter it, there are some very serious consequences...
Comments (0)
What the Titanic Teaches Techies
April 15, 2012 Added by:Allan Pratt, MBA
No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...
Comments (0)
On Data Breach Containment
April 12, 2012 Added by:Rafal Los
You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...
Comments (0)
Credit Unions and Small Banks Need Strong Security Relationships
April 05, 2012 Added by:Brent Huston
Smaller organizations need to leverage simple, effective and scalable solutions to achieve success. They simply won’t have the manpower to manage overwhelming alerts, too many log entries or some of the other basic mechanisms of infosec...
Comments (0)
EU: Possession of Hacking Tools to Become a Criminal Offense
April 04, 2012 Added by:Headlines
Cyber attacks on IT systems would become a criminal offense punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee. Possessing or distributing hacking software and tools would also be an offense...
Comments (5)
The Information Security OODA Loop Part Three - Orient
April 03, 2012 Added by:Rafal Los
In infosec, if you've worked at companies who are doing security poorly and getting ravaged by hackers your first inclination may be desperation when your digital assets are under attack. It's hard to completely wipe the slate clean from previous experiences...
Comments (0)
Shackleford: What’s RIGHT with Infosec
April 02, 2012 Added by:Dave Shackleford
We are coming to the realization that we will be breached. This is a huge, fundamental shift in mindset that’s actually healthy, not redolent of defeatism. We have too much surface area to cover, not enough people and technology, and dammit, defense is hard...
Comments (2)
From Obstacle to Ally - Repositioning the Security Team
March 30, 2012 Added by:Steven Fox, CISSP, QSA
Rarely are non-security staff engaged in risk control discussions – a lack of interaction that disenfranchises those who will interact with the controls. This engenders a sense of powerlessness that leads to passive sabotage of initiatives intended to further the business...
Comments (0)
Cloud Services Strategy: Security First - Growth Second
March 30, 2012 Added by:Richard Stiennon
Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?
Comments (0)
Metrics, KPIs and Making Business Sense of Infosec
March 27, 2012 Added by:Rafal Los
Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...
Comments (0)
The Role of Penetration Testing in the Infosec Strategy
March 26, 2012 Added by:Ian Tibble
For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...
Comments (2)
Changing of the Guard: A Perspective on the Changing CISO Role
March 19, 2012 Added by:Rafal Los
Security means different things to different people - but by and large we can agree on the need to defend our organizations against those bad guys who wish to do it harm whether it's from a purely destructive perspective or something more sinister...
Comments (0)
Security Depends on IT Maturity
March 18, 2012 Added by:Robb Reck
Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...
Comments (3)
Malware Development Exceeding IT Security Capabilities
March 16, 2012 Added by:Headlines
"Organizations that do plan to beef up their security capabilities will have a difficult time this year. Just under half believe it will be harder this year than in the past to find malware analysts and a similar number state they will have less time to train analysts this year..."
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox