Blog Posts Tagged with "Security Management"
Can You Sell Information Security?
September 15, 2010 Added by:Bob McGrath
When you place Information Security under the control of the technologists, their accountability is greater than their influence which equates to expensive, inefficient and often ill-conceived ad-hoc solutions. Rarely are we stronger as a result...
Comments (3)
What is a System Baseline?
September 14, 2010 Added by:Jamie Adams
System administrators should periodically perform a baseline comparison to identify changes that could potentially become a fault. In the case of authorized, expected changes the baseline comparison can be used as evidence to your change management process that a specific change has been completed...
Comments (0)
Surviving the DISA UNIX STIGs
September 10, 2010 Added by:Jamie Adams
Understanding the DISA UNIX STIGs is difficult for first-timers and sends chills down the spines of system administrators who have used them before. They are probably the most detailed set of security controls available which apply to a wide variety of operating systems...
Comments (0)
The CIO, CFO, and CEO Reporting Circle
September 09, 2010 Added by:Bill Gerneglia
IT spending typically represents the biggest single area of capital expenditures. Couple that with the clout CFOs typically gain during tough times along with the increase in regulations and it stands to reason why a most of CIOs and IT organizations now fall under the CFO’s watch...
Comments (1)
Understanding Computer Security: Compromise Vector
September 08, 2010 Added by:Mister Reiner
The most important concept to understand is compromise vector. It is the key concept to understanding everything about computer security and hacking. Once you get your mind wrapped around the concept, you will view computer security from a completely different perspective...
Comments (4)
The Secret Life of Data
August 31, 2010 Added by:Joe Morrissey
Trading in corporate secrets is more lucrative than ever, and companies strive to maintain competitive advantage by increasing their IP, and securing the IP already in their domain. This is in line with what was found in Forrester research, that 80% of security budgets are spent on 2 priorities...
Comments (0)
Fighting Second Stage Compromises
August 27, 2010 Added by:Brent Huston
Malware, bots and client side attacks are eating many security programs alive. Security teams focused on traditional perimeter security postures and the idea of keeping the bad guys out are likely unaware that these threats are already active inside their networks...
Comments (0)
IT Security History and Architecture Part 5 of 6
August 24, 2010 Added by:Dr. Steve Belovich
Business requires secure systems, but the marketplace is only listening to the consumer side. Effective security is just not possible without fundamentally changing the desktop. That can't happen due to the size of the installed base and the corresponding economics that prevent change...
Comments (3)
Are You Gutting Your In-House Expertise?
August 22, 2010 Added by:Rahul Neel Mani
Looking for and retaining talented techies is not terribly difficult if they work for a company that treats IT with great respect. But at the same time, talented techies want to work for companies that make money delivering IT products and services. And that’s where the dichotomy begins – to outsource your non-core IT to MSPs or not...
Comments (0)
IT Security History and Architecture Part 4 of 6
August 19, 2010 Added by:Dr. Steve Belovich
A lot of research was done in the 1960s to figure out how to deal with multi-user protection and preventing unauthorized system access. The results of this research revealed the necessary components of a secure, trustworthy system. These components are summarized here...
Comments (0)
4 Steps to Managing Your Security Documents
August 18, 2010 Added by:Sean Inman
There are many document management systems out there, both proprietary and open-source. Document management isn’t just storing documents, its a process of reviews, approvals, storage and communication . So lets dissect these processes...
Comments (4)
IT Security History and Architecture Part 3 of 6
August 16, 2010 Added by:Dr. Steve Belovich
Quick History of Computer and OS Technology: Early on, the need for security did not exist because there was no remote access, and physical security of the computer hardware equated to IT system security. Physical access meant that you were authorized – simple and effective...
Comments (0)
Conducting After Hours Security Reviews
August 15, 2010 Added by:Rebecca Herold
There are many instances of security guards doing bad things with the information they come across, along with the cleaning staff, maintenance workers and other employees. Here are eighteen common vulnerabilities to get you started...
Comments (2)
Maintaining Information Privacy and Security
August 13, 2010 Added by:Lindsay Walker
Regular evaluation of training programs and internal procedures related to information security must be undertaken to ensure each employee is completing the necessary steps to safeguard information...
Comments (0)
IT Security History and Architecture Part 2 of 6
August 12, 2010 Added by:Dr. Steve Belovich
The DoD security standards are incomplete and difficult to apply. Few organizations are skilled at application of these standards. Such certifications are more for legal defense against negligence than they are for actual cyber defense...
Comments (0)
3 Basic Elements to Network Forensics Solutions
August 11, 2010 Added by:Ray Tan
The information forensic analysis provides can lead to an informed and efficient security posture within an organization to deter similar attacks in the future. As criminals get smarter and savvier, being able to detect and characterize attacks is crucial...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)