Blog Posts Tagged with "Enterprise Security"
Deconstructing Defensible - Defensible is not the Same as Secure
April 02, 2013 Added by:Rafal Los
This post and the few that follow will go through the five basic ideas behind defensibility and why defensible is a state we should be striving for as enterprise security professionals.
Comments (0)
Defending the Corporate Domain: Strategy and Tactics
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
Comments (0)
The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal
March 19, 2013 Added by:Rafal Los
It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'
Comments (0)
Enterprise Software Security - The 2 Major Viable Models
March 16, 2013 Added by:Rafal Los
I can't even express how good it is to be back in the field, solving problems and working with the enterprises again. It's interesting how little the landscape changes in software security and how many of the same challenges that existed during my GE days (2003-2008) are still around today.
Comments (0)
Ensuring Continuity of Services During Change Incidents
January 25, 2013 Added by:Bozidar Spirovski
Services are most vulnerable during change. Continuity of service needs to be ensured during change, and large portions of several ISO and BSI standards are focused on proper management of change. However well controlled, an incident can occur during the change, thus causing failure of service...
Comments (2)
Are you meeting your perceived security obligations?
January 19, 2013 Added by:Tripwire Inc
Security professionals today identify lack of qualified talent and lack of organizational funding as a key problem to their daily job; which probably implies that they are doing what they can with what they have; which likely may not meet expectations...
Comments (0)
The Importance of Sample Size in Social Engineering Tests
January 16, 2013 Added by:Matt Neely
Information security has a problem. We make far too many decisions without having reliable data to assist in our decision making process. Because of this, far too many information security professionals use what I call Gut 1.0 to make decisions based on gut feel...
Comments (0)
What's Next For BYOD - 2013 And Beyond
December 30, 2012 Added by:Ian Tibble
The business case is inconclusive, with plenty in the "say no to BYOD" camp. The security picture is without foundation - we have a security nightmare with user devices, regardless of who owns the things...
Comments (0)
ESB Security Spotlighted At ZeroNights 2012
December 25, 2012 Added by:Alexander Polyakov
ERP systems, which store the information about finances, employees, materials, wages, and so on, are rightfully considered to be the most critical of such systems. Unauthorized access to those systems can lead to espionage, sabotage, or fraud...
Comments (0)
Prediction: BYOD May Go Away in 2013
December 25, 2012 Added by:Paul Kenyon
Considering this speed of change, taking a moment to reflect on the security risks ahead is not only prudent, but could save your organization from being blindsided. From my view, here's what I'd recommend organizations, from SMBs to the enterprise, prepare for in 2013...
Comments (3)
The Ultra-Legacy Problem - Systems so old...
December 19, 2012 Added by:Rafal Los
Say you're a sizeable institution here and that over the last two decades you've amassed lots of platforms that run your business, in a time before the Information Security organization did much more than install anti-virus on your desktop... and now that technical debt has come back to haunt you...
Comments (3)
Managing the Social Impact of Least Privilege
December 10, 2012 Added by:Paul Kenyon
In organizations where IT policy hasn’t been enforced or where users expect to have full autonomy over PCs, the transition to least privilege desktops must be carefully planned, so the IT department doesn’t face a user revolt. Make sure to set users’ expectations accordingly...
Comments (0)
Flipping Malware: A Profit Opportunity for Corporate IT Departments
December 09, 2012 Added by:Jeffrey Carr
Some of the more forward-looking DOD contractors who have robust internal CERT with engineers who do reverse-engineering could be in the best position to offer free or low-cost network defense to corporations who want to "flip" the malware found on their network for a nice profit...
Comments (1)
Information Security: Why Bother?
December 09, 2012 Added by:Simon Moffatt
The question, often raised as a bargaining tool, is often focused on the, ‘well I understand what you propose and I know it will increase the security of scenario X, but why should I do it?’. In honesty, it is a good question...
Comments (3)
How I Learned to Love Incident Management
December 08, 2012 Added by:Tripwire Inc
Incident Management is particularly interesting in the light of the recent attacks on Vmware, Symantec and a host of other companies and internet properties. It all boils down to a fairly straight forward question…when an incident occurs, how does your security team respond?
Comments (0)
Focus on the Host
December 06, 2012 Added by:Matthew McWhirt
The traditional concept of enterprise security monitoring typically encompasses observing and mitigating threats at the perimeter of the organization. While there is still a necessity for this model of security monitoring, the true notion of enterprise continuous monitoring practices must include a focus on the host...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox