Blog Posts Tagged with "Security Strategy"
Common Criteria Evaluation Assurance Level (ISO 15408)
January 30, 2011 Added by:Jamie Adams
Common Criteria is a framework in which computer system users can specify their security and assurance requirements. Vendors then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims...
Comments (0)
Defense in Depth: Security Strategy or Security Blanket?
January 26, 2011 Added by:Robb Reck
We have all heard that a defense in depth is required for an effective security program. But in many ways defense in depth has become a security blanket for companies, rather than a strategy. The number of different technologies may give a nice sense of security, but provides negligible added value...
Comments (6)
Complexity - A Sure Way to Fail
January 11, 2011 Added by:Rafal Los
Almost every single product's marketing page has "Ease of Use" as one of the checkbox features, it's rare that this actually manifests itself in the real products. The end result of difficult to use security products is clear - security breaches are rampant. You don't have to take my word for it...
Comments (4)
Getting Off the Patch
January 10, 2011 Added by:Pete Herzog
Patching is just one small part of the solution that includes Anti-virus, firewalls, intrusion detection systems, strong authentication, encryption, physical locks, disabling of scripting languages, reduced personal information on social networks,as part of a healthy lifestyle solution...
Comments (13)
CIOs Must Keep the Focus on the Big Picture
January 07, 2011 Added by:Rahul Neel Mani
A smart CIO knows when to stay out of tactical initiatives within the company, let his team get on with it, and keeps the focus on the big picture, says Anjan Bose, CIO Haldia Petrochemicals Ltd. Bose equips himself to see IT as a component of business, and never business as means to deploy IT...
Comments (0)
Information Security: A New Year Resolution
January 05, 2011 Added by:Javvad Malik
Information security is not unlike most professional industries. Whenever anything goes wrong, it’s never really our fault. With a large number of people to point the finger at, it’s almost too easy to shift the blame. So, this year, I’d like to set off on a more positive and accountable route...
Comments (0)
Getting Results the Wrong Way
January 03, 2011 Added by:Andy Willingham
Right results are not the measurement of success. How you arrive at the results is more important. It is not all about results. Of course results are important, done the right way. Lots of us in the community have been saying that the industry is broke and that we’re looking for ways to fix it...
Comments (0)
FTC Guidelines for Securing Digital Copiers
January 03, 2011 Added by:David Navetta
Seemingly innocuous and common digital copiers once again flag just how many locations potentially sensitive data can be found in a typical business that result in a data breach or inadvertent release or disclosure of protected or confidential information...
Comments (0)
CIOs: Stop Talking Jargon - Start Talking Solutions
January 01, 2011 Added by:Rahul Neel Mani
CIOs need to stop talking jargon to their business colleagues, says Harvey Koeppel, Executive Director, Center for CIO Leadership. Have conversations around the business benefits behind that jargon and you will immediately get active support right up to the CEO...
Comments (0)
Less Privacy, Better Security
December 18, 2010 Added by:Rahul Neel Mani
Information is the lifeblood of not just corporations but organized crime and terrorism, says Steve Durbin of the Information Security Forum. Durbin says we may have to give up some individual privacy in return for security...
Comments (0)
Security Strategy: From Requirements to Reality
December 13, 2010 Added by:Ben Rothke
Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws...
Comments (0)
My My Commisioner, What Nice Teeth You Have
December 07, 2010 Added by:Javvad Malik
Sarbanes Oxley, an almost bottomless pit of money poured into achieving compliance. And then we wonder why people view security in a negative light. It’s because all they ever hear is do this or you’ll get fined, do that or you’ll be sent to jail, threats threats threats. It’s all about negative threats...
Comments (0)
What Security Issues Should You Worry About?
December 02, 2010 Added by:Robert Siciliano
For many of the issues we worry about the chances of them happening might be 1 in a 100,000 or 1 in 10 million. Your chances of something bad happening may equate to the same statistics as winning the lottery, which is very slim, but you still might play the number...
Comments (0)
Choosing a Security Consultancy
November 23, 2010 Added by:Javvad Malik
You cannot outsource blame. You HAVE to take responsibility for your organization's mistakes. Whether they be IT, vendor, even mistakes made by your most trusted employees. You don’t have to be an expert in security, you just have to make informed decisions to control your organization...
Comments (1)
Protecting Your Organization Against White Collar Crime
November 23, 2010 Added by:Peter Abatan
Technology must play a vital role in protecting confidential data and intellectual property, but the most important way to achieve a high degree of success in securing an organization's information assets is through training and awareness programs...
Comments (0)
Project Honeynet Log Mysteries Challenge Lessons
November 23, 2010 Added by:Anton Chuvakin
We just finished grading the results of Project Honeynet Log Mysteries” Challenge, and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere. If you look at the challenge at high level, things seem straight forward...
Comments (0)
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider
- SecurityWeek Extends ICS Cyber Security Conference Call for Presentations to August 31, 2020
- SecurityWeek to Host Cloud Security Summit Virtual Event on August 13, 2020
- Avoiding Fuelling the Cyber-Crime Economy
- Expect Behavioral Analytics to Trigger a Consumer Backlash
- Holding public cloud security to account
- No Silver Bullet for Addressing Cybersecurity Challenges During Pandemic