Blog Posts Tagged with "Vendor Management"
How To Choose A Security Vendor
January 16, 2012 Added by:Brent Huston
Variations exist in depth, skill level, scope, reporting capability, experience, etc. Selecting security testing vendors based upon price is a bad idea. Matching specific experience, reporting styles and technical capabilities to your environment is a better solution...
Comments (0)
Ten Steps to Protect Your Organization's Data
January 13, 2012 Added by:Danny Lieberman
Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...
Comments (0)
Data Center Complexity and Clarity Around Outages
December 28, 2011 Added by:Ben Kepes
Things like physical security, multiple redundant power and networks to incredibly complex networking and load balancing components – the modern data center is an incredibly complex beast. And yet they still suffer outages...
Comments (0)
SSAE 16 "First to Fail"?
December 27, 2011 Added by:david barton
So if First to File® is in the business of document management, how do their services have any relevance to a user entity’s financial statements? They are merely storing intellectual property (IP) in a web-based environment for their customers...
Comments (0)
Transparency in Cloud Services from the Security Perspective
December 16, 2011 Added by:Rafal Los
There is an operational perspective in terms of provider transparency. We are now starting to see cases where a SaaS service offering is built on top of a PaaS service, built using multiple IaaS services and that is enough to make anyone's head spin...
Comments (0)
Importance of a Secure Supply Chain in Selecting IT Vendors
December 07, 2011 Added by:Emmett Jorgensen
There have been numerous reports of rootkits and trojans that have been installed on component level chips designed to infiltrate networks from the inside. Government agencies have stepped up their diligence regarding what products are allowed to protect infrastructure at high security levels...
Comments (0)
Getting Past Security's Fuzzy Math ROI
December 05, 2011 Added by:Rafal Los
It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...
Comments (0)
Cloud Security – It’s All About Partnership
November 28, 2011 Added by:Ben Kepes
Cloud security is a two way street – both vendors and customers have a part to play in keeping it safe, and both parties need to bring something to the table. But, notwithstanding this fact, Cloud is still the best option for a number of SMB use cases...
Comments (0)
Ineffective CISOs Foster Shady Vendor Practices
November 23, 2011 Added by:Boris Sverdlik
The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...
Comments (0)
To iTrust or Not?
October 31, 2011 Added by:Enno Rey
Recently Apple launched its new offering iCloud. At this point, most infosec people start to worry a little bit: The common cloud concept of centralized data storage on premise of a third party does not cope well with the usual control focused approach of most technical infosec guys...
Comments (0)
A CISO's Security Vendor Bill of Rights
October 20, 2011 Added by:Ron Baklarz
Current economic times are tough, budgets are tight and security spending is either down or flat. Security vendors still have to make a buck, however here is a top ten list of annoyances I personally have with security vendors, now codified in my Ciso's Security Vendor Bill of Rights...
Comments (4)
Keys To Successful Cloud Application Deployment
October 05, 2011 Added by:Bill Gerneglia
It is imperative to select and deploy a proven set of cloud core services. These include storage management controls, hypervisors, security policies and security software including firewalls, disaster recovery and governance, and database administration and replication services...
Comments (0)
Maintaining Quality in Outsourcing Telco Services
September 30, 2011 Added by:Bozidar Spirovski
The issue with telco services is that quality is difficult to define because there are parameters that are difficult to track: sound quality, response of system to tone-dial menu selection of an IVR, intermittent interruptions of communications, and temporarily unavailable service...
Comments (0)
WikiLeaks: An Insider's Perspective
September 08, 2011 Added by:John Linkous
Many asked why, given that Agencies had the latest incident and event management technologies, the breach had not at least been spotted sooner - even if they were unable to prevent it completely. What followed is a response unlike any I've seen to date in the commercial sector...
Comments (0)
Seven Areas of Concern With Cloud Security
August 18, 2011 Added by:Brent Huston
Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls...
Comments (0)
The Great Cloud Blockage: 80/20
August 16, 2011 Added by:Ben Kepes
The Catch 22 situation – IT cannot free up sufficient dollars to move legacy applications to the Cloud. And because they therefore have to focus a significant proportion of their budget on keeping the lights on, the opportunities for investment in these activities are eroded...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)