Blog Posts Tagged with "IT Security"


Password Policy: Sharing Passwords

May 02, 2012 Added by:benson dana

I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?

Comments  (0)


Evolution vs. Revolution in the Enterprise Mainframe

April 25, 2012 Added by:Bill Gerneglia

Mainframe technology can become dated quickly, and as application complexity increases, more space and increased mainframe functionality is required. If a mainframe fails to support advancing technology, application performance is put at stake...

Comments  (0)


More on the IT Business Boiling Point

April 22, 2012 Added by:Ben Kepes

This tension between old and new is interesting to watch and has some interesting parallels within organizations. I’m talking about the tension that exists between IT and business units. The former who want to ensure security and control, the latter who simply want to get stuff done...

Comments  (0)


Cloud Adoption Tension: IT vs Business

April 19, 2012 Added by:Ben Kepes

On the side of IT it’s all about security, control and transparency. On the side of the business, it’s years of frustration at slow and cumbersome IT procurement processes – they want to get stuff done. It’s fair to say that we’re still in the Wild West of cloud adoption...

Comments  (0)


Secure Networks: Remember the DMZ in 2012

April 17, 2012 Added by:Brent Huston

Recently, I have talked to two companies who have been hit by malicious activity that compromised a web application and gave the attacker complete control over a box sitting INSIDE their primary business network with essentially unfettered access to the environment...

Comments  (0)


The Security Poverty Line and Junk Food

April 16, 2012 Added by:Wendy Nather

Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...

Comments  (2)


Shadow IT - Why Security is Scrambling to Reinvent Itself

April 16, 2012 Added by:Rafal Los

Shadow IT is the leading cause of many of the "reinventions" that IT organizations across the globe are going through. For many CIOs the ground is moving underneath their feet, and if they're not actively moving to counter it, there are some very serious consequences...

Comments  (0)


What the Titanic Teaches Techies

April 15, 2012 Added by:Allan Pratt, MBA

No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...

Comments  (0)


On Data Breach Containment

April 12, 2012 Added by:Rafal Los

You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...

Comments  (0)


Credit Unions and Small Banks Need Strong Security Relationships

April 05, 2012 Added by:Brent Huston

Smaller organizations need to leverage simple, effective and scalable solutions to achieve success. They simply won’t have the manpower to manage overwhelming alerts, too many log entries or some of the other basic mechanisms of infosec...

Comments  (0)


EU: Possession of Hacking Tools to Become a Criminal Offense

April 04, 2012 Added by:Headlines

Cyber attacks on IT systems would become a criminal offense punishable by at least two years in prison throughout the EU under a draft law backed by the Civil Liberties Committee. Possessing or distributing hacking software and tools would also be an offense...

Comments  (5)


The Information Security OODA Loop Part Three - Orient

April 03, 2012 Added by:Rafal Los

In infosec, if you've worked at companies who are doing security poorly and getting ravaged by hackers your first inclination may be desperation when your digital assets are under attack. It's hard to completely wipe the slate clean from previous experiences...

Comments  (0)


Shackleford: What’s RIGHT with Infosec

April 02, 2012 Added by:Dave Shackleford

We are coming to the realization that we will be breached. This is a huge, fundamental shift in mindset that’s actually healthy, not redolent of defeatism. We have too much surface area to cover, not enough people and technology, and dammit, defense is hard...

Comments  (2)


From Obstacle to Ally - Repositioning the Security Team

March 30, 2012 Added by:Steven Fox, CISSP, QSA

Rarely are non-security staff engaged in risk control discussions – a lack of interaction that disenfranchises those who will interact with the controls. This engenders a sense of powerlessness that leads to passive sabotage of initiatives intended to further the business...

Comments  (0)


Cloud Services Strategy: Security First - Growth Second

March 30, 2012 Added by:Richard Stiennon

Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?

Comments  (0)


Metrics, KPIs and Making Business Sense of Infosec

March 27, 2012 Added by:Rafal Los

Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »