Blog Posts Tagged with "Security Audits"
Cybersecurity Problems Found in Electrical Infrastructure
April 07, 2012 Added by:Joel Harding
DOE is in charge of locating and fixing critical infrastructure problems within the energy sector. Do they, in turn, report to DHS if it has to do with critical infrastructure? Does DHS oversee DOE’s cybersecurity problems, their critical infrastructure problems or...?
Comments (2)
Online Tool Assesses Intellectual Property Awareness
April 06, 2012 Added by:Infosec Island Admin
The NIST and the USPTO have teamed up to create new online tool to help small companies and entrepreneurs evaluate their awareness of intellectual property, trade secrets, company data and more - and learn how to protect it...
Comments (0)
Assurance : Don't Worry, I've Got This...
April 06, 2012 Added by:Jon Long
There is nothing that changes faster than technology, and if you are not ahead of it, you are ancient history. Within the category of technology, security is at the forefront of rapid change, and there is nothing more critical to ensure that we understand as auditors...
Comments (0)
On PCI DSS Compliance Certificates
March 28, 2012 Added by:PCI Guru
All of you processors and acquiring banks that think the only proof of PCI compliance is some mystical PCI DSS Compliance Certificate, stop demanding them. They do not exist and never have. The document you need for proof of PCI compliance is the Attestation Of Compliance, period...
Comments (0)
Application Security: Why is Everybody Always Picking on Me?
March 19, 2012 Added by:Fergal Glynn
The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...
Comments (0)
Improving Compliance Performance in Your Supply Chain
March 05, 2012 Added by:Thomas Fox
One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...
Comments (0)
Log Management: Debugging Security
February 18, 2012 Added by:Danny Lieberman
Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...
Comments (0)
AdiOS: Say Goodbye to Nosy iPhone Apps
February 16, 2012 Added by:Fergal Glynn
I put together a free utility called AdiOS (Addressbook Detector for iOS) that lets Mac users scan the iOS apps in your iTunes directory to see if they have the potential to dump your phone book externally. AdiOS detects apps that access your address book using a binary grep...
Comments (0)
Best Practices to Prevent Document Leaks
February 16, 2012 Added by:Peter Weger
Unfortunate consequences occur when companies lose control over confidential assets and experience intentional or unintentional disclosure of the information. In some cases, even the possibility of information leakage can damage reputations and stock prices...
Comments (0)
Build Your Security Portfolio Around Attack Scenarios
February 14, 2012 Added by:Danny Lieberman
In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...
Comments (1)
Straight Talk about Compliance from a Security Viewpoint
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
Comments (0)
Twelve Security Best Practices for USB Drives
February 07, 2012 Added by:Kelly Colgan
Portable and mobile storage devices are significant players in most corporate offices. Ensuring proper protection with a best practices policy and strict enforcement offers significant risk reduction—and can prevent long nights on data breach investigations...
Comments (1)
Time for a Change in our Attitude Around Risk
February 05, 2012 Added by:Norman Marks
When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...
Comments (2)
GSA Final Rule Requires Vendor Proof of Security
January 10, 2012 Added by:Headlines
The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...
Comments (1)
Data Loss Prevention: Step 2 - Manage Privileges
December 13, 2011 Added by:Rafal Los
Getting back to basics is critical, and one of the most basic of basics is managing the rights to your data, your systems, and your critical operations. Let's take a critical, step-by-step look at how managing privileges can greatly decrease your likelihood of leaking data...
Comments (0)
Case Study: A Cloud Security Assessment
December 13, 2011 Added by:Danny Lieberman
A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....
Comments (1)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)