Blog Posts Tagged with "Best Practices"
Password Protection Pointers
June 12, 2012 Added by:Jayson Wylie
The best password is the one that only you know. Even better one is one that nobody else can find out. Crackers are getting away from massive rainbow tables and moving on to graphics processors for quick password compromise. It is possible to categorize your passwords to define the sensitivity of their purpose....
Comments (0)
Pink Floyd’s "The Wall" and Compliance
June 12, 2012 Added by:Thomas Fox
Compliance: One of the most important things is that sometimes you just hit a brick wall. You can carefully plan a strategy, implement the planned strategy and then measure the results, but it can still fall completely flat. In other words, you hit the proverbial wall...
Comments (0)
Forecast 2012–Enterprise Cloud Best Practices Panel
June 11, 2012 Added by:Ben Kepes
Some cloud vendors are engaged with IT and following a top down adoption approach while others are aiming for a more viral bottom up adoption. What issues do these different approaches raise and how do we navigate this path while ensuring agility and compliance?
Comments (0)
It’s Time to Convert from Passwords to Passphrases
June 08, 2012 Added by:Stacey Holleran
The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...
Comments (0)
LinkedIn Fails Security Due Diligence
June 07, 2012 Added by:Marc Quibell
Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...
Comments (0)
Ensuring Data Integrity via Checks, Tests, and Best Practices
June 04, 2012 Added by:Fergal Glynn
As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...
Comments (0)
NIST Workshop: Safeguarding Health Information
May 30, 2012 Added by:Infosec Island Admin
The HIPAA Security Rule sets federal standards to protect the confidentiality, integrity and availability of electronic protected health information by requiring HIPAA covered entities and their business associates to implement and maintain administrative, physical and technical safeguards...
Comments (0)
Spring Cleaning Your PC
May 18, 2012 Added by:Robert Siciliano
If your PC is bogged down with software and your desktop is jammed with icons and documents, then your PC is next to useless as a productivity tool. Even scarier is you have lost track of your files have sensitive information exposed. Follow these tips for a cleaner, faster machine...
Comments (2)
Logging: Opening Pandora's Box - Part 3 - Paralysis
May 17, 2012 Added by:Rafal Los
Paralysis can come from over-dependence on analysis. You've heard the term "analysis paralysis" where someone spends so much time trying to make the perfect decision while factors change that ultimately no decision is made before the deadline passes or some event happens...
Comments (0)
Vulnerabilities: Context Matters
May 13, 2012 Added by:Jack Daniel
You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...
Comments (0)
Breached! Now What? Seven Steps to Avoid Failure Panic
May 07, 2012 Added by:Rafal Los
To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...
Comments (1)
When Statistics Fail: Planning for Things You Can't Expect
April 27, 2012 Added by:Rafal Los
In incident preparedness, if you don't already, maybe it's time for a chapter on worst case scenarios. Lots of organizations have these, but as I pointed out, many aren't even thinking about testing their own incident response plans much less looking at the absolute worst-case...
Comments (0)
Making Security Metrics That Matter
April 22, 2012 Added by:Robb Reck
The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...
Comments (2)
Positioning the Security Team Using Influence Part 2
April 22, 2012 Added by:Steven Fox, CISSP, QSA
Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...
Comments (0)
Reflections on Ten years of Software Security
April 21, 2012 Added by:Rafal Los
Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...
Comments (0)
Protecting Your Enterprise by Breaking It
April 20, 2012 Added by:Rafal Los
In a nutshell, if you (in information security) haven't broken things in your organization's networks, you're likely terribly unprepared for when things to wrong and thus are doing it wrong. Now, before you come all unhinged, read the rest of this post...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!