Blog Posts Tagged with "IT Security"

1de705dde1cf97450678321cd77853d9

The Role of Penetration Testing in the Infosec Strategy

March 26, 2012 Added by:Ian Tibble

For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Changing of the Guard: A Perspective on the Changing CISO Role

March 19, 2012 Added by:Rafal Los

Security means different things to different people - but by and large we can agree on the need to defend our organizations against those bad guys who wish to do it harm whether it's from a purely destructive perspective or something more sinister...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Security Depends on IT Maturity

March 18, 2012 Added by:Robb Reck

Signs of an organization’s security fitness in metrics like patch levels, web application vulnerabilities, and firewall configurations. But in order to see the real state of our security programs, we need to include measures that capture the state of IT governance overall...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Malware Development Exceeding IT Security Capabilities

March 16, 2012 Added by:Headlines

"Organizations that do plan to beef up their security capabilities will have a difficult time this year. Just under half believe it will be harder this year than in the past to find malware analysts and a similar number state they will have less time to train analysts this year..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CyLab Report: Corporate Boards Neglecting Cyber Security

March 13, 2012 Added by:Headlines

"Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Is it Time to Reinvent the CISO?

March 13, 2012 Added by:Rafal Los

Is the CISO willing to take on more business-focused responsibilities, and look at information security from a less technical solution-oriented perspective - and if so is that sustainable? If you're looking for advice I have a little bit here for you...

Comments  (1)

Af9c34417f8e5e0d240850bb353b5d40

Why Less Emphasis On Software Security?

February 23, 2012 Added by:Keith Mendoza

The only real fix for this is a mindset shift. At the minimum, software developers need to code defensively regardless of the scope of the project, because this needs to become a habit. Coding standards should include requirements that all compiler warnings should be resolved...

Comments  (4)

0a8cae998f9c51e3b3c0ccbaddf521aa

The CISO as a Capable Catalyst

February 22, 2012 Added by:Rafal Los

"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."

Comments  (2)

01ceb9281b3fb3dbb90c3efbe327717e

Algorithms: When is Random Really Random?

February 21, 2012 Added by:Alan Woodward

The fact that we rely upon pseudorandom numbers is a potential problem for IT security. If a machine is using a known algorithm to generate a number that your system then treats as random, what is to stop an attacker from calculating that same number if he knows your algorithm...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Responsibility vs Capability in the CISO Role

February 17, 2012 Added by:Rafal Los

Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Dangers of Non-Contextual Pattern Matching

February 15, 2012 Added by:Rafal Los

Even a system inconsistency such as an abnormal page transition velocity on your flagship web application can be overlooked - until you put all those together and realize you're being SQL Injected and someone is stealing your multi-terabyte database out from under you...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

Ebe141392ea3ebf96ba918c780ea1ebe

Insecure At Any Speed

February 09, 2012 Added by:Wendy Nather

Security is an afterthought, and a bad one at that. As long as it remains separate from the systems it's supposed to protect, instead of an attribute, and requires users to maintain an abnormal level of awareness, security is going to continue to be as bad as it is today...

Comments  (0)

637466d18cc35f545740244d707c0482

Achieving Network Security

February 07, 2012 Added by:Kevin Somppi

Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Valley of Death Between IT and Security

February 03, 2012 Added by:Danny Lieberman

Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Spending Your 2012 IT Security Budget - Beware of Cheap

January 28, 2012 Added by:Rafal Los

If you can't be good, be cheap - the battle cry of the second-rate vendor. After spending 4 years as part of a world-class sales organization, I can tell you that with no uncertainty that I've seen some of my competitors do some absolutely insane things to compete...

Comments  (3)

Page « < 1 - 2 - 3 - 4 - 5 > »