Blog Posts Tagged with "Security Strategies"
Who Are You Preaching to Anyway?
May 16, 2012 Added by:Neira Jones
Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...
Comments (1)
Securing Your Company Against BYOD-Created Threats
May 14, 2012 Added by:Ashley Furness
The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...
Comments (2)
Breached! Now What? Seven Steps to Avoid Failure Panic
May 08, 2012 Added by:Rafal Los
To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...
Comments (1)
Information Security is More than Prevention
May 04, 2012 Added by:Brent Huston
One of the biggest signs that an organization’s infosec program is immature is they have an obsessive focus on prevention and equate it with security through knee-jerk reactions to vulnerabilities, never-ending emergency patching situations and a continual fire-fighting mode...
Comments (0)
Try Application White Listing to Mitigate Malware
May 04, 2012 Added by:Paul Paget
Unless you run a network that has no Internet connection and a “no disks” policy, the only way to against malware is to employ application white listing, which protects the software that controls the behavior of your computers. If the software is not on the white list, it won’t run...
Comments (2)
The Fort Knox Approach to Security
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
Comments (0)
The Security Poverty Line and Junk Food
April 17, 2012 Added by:Wendy Nather
Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...
Comments (2)
Shadow IT - Why Security is Scrambling to Reinvent Itself
April 17, 2012 Added by:Rafal Los
Shadow IT is the leading cause of many of the "reinventions" that IT organizations across the globe are going through. For many CIOs the ground is moving underneath their feet, and if they're not actively moving to counter it, there are some very serious consequences...
Comments (0)
Helpdesk to the Boardroom
April 16, 2012 Added by:Daniel Blander
As security professionals, we eagerly hone our skills and immerse ourselves in the latest research. Yet too many of us feel that we are marginalized, and become frustrated at our lack of professional advancement. What could be the problem and how can we overcome it?
Comments (0)
Information Sharing and the ICS-ISAC
April 16, 2012 Added by:Chris Blask
The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...
Comments (2)
What the Titanic Teaches Techies
April 16, 2012 Added by:Allan Pratt, MBA
No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...
Comments (0)
On Data Breach Containment
April 12, 2012 Added by:Rafal Los
You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...
Comments (0)
Why Security is in Trouble
April 10, 2012 Added by:Rafal Los
Everything you do as an infosec leader needs to be aligned to your organization's mission statement and goals. Everything you do, every security-related decision you make, and every purchase and project you sign off on must first and foremost be aligned to the organization...
Comments (1)
The Infosec Investment Equation - Can You Solve It?
April 10, 2012 Added by:Neira Jones
Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...
Comments (0)
The Information Security OODA Loop Part 5: Act
April 07, 2012 Added by:Rafal Los
Practicing the OODA Loop for incident response is critical to making sure you avoid panic-induced decisions which could be catastrophic. If you're already formulating excuses as to why you won't be able to practice - just forget this altogether...
Comments (0)
The Information Security OODA Loop Part 4: Decide
April 05, 2012 Added by:Rafal Los
There are any number of possible decisions to be made in an infosec OODA Loop cycle. Sometimes the most basic decision to be made is whether to act or to hold your position. Too often infosec tends to look at a potential event and assume that the response must be action...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR