Blog Posts Tagged with "Vendor Management"


How To Choose A Security Vendor

January 16, 2012 Added by:Brent Huston

Variations exist in depth, skill level, scope, reporting capability, experience, etc. Selecting security testing vendors based upon price is a bad idea. Matching specific experience, reporting styles and technical capabilities to your environment is a better solution...

Comments  (0)


Ten Steps to Protect Your Organization's Data

January 13, 2012 Added by:Danny Lieberman

Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...

Comments  (0)


Data Center Complexity and Clarity Around Outages

December 28, 2011 Added by:Ben Kepes

Things like physical security, multiple redundant power and networks to incredibly complex networking and load balancing components – the modern data center is an incredibly complex beast. And yet they still suffer outages...

Comments  (0)


SSAE 16 "First to Fail"?

December 27, 2011 Added by:david barton

So if First to File® is in the business of document management, how do their services have any relevance to a user entity’s financial statements? They are merely storing intellectual property (IP) in a web-based environment for their customers...

Comments  (0)


Transparency in Cloud Services from the Security Perspective

December 16, 2011 Added by:Rafal Los

There is an operational perspective in terms of provider transparency. We are now starting to see cases where a SaaS service offering is built on top of a PaaS service, built using multiple IaaS services and that is enough to make anyone's head spin...

Comments  (0)


Importance of a Secure Supply Chain in Selecting IT Vendors

December 07, 2011 Added by:Emmett Jorgensen

There have been numerous reports of rootkits and trojans that have been installed on component level chips designed to infiltrate networks from the inside. Government agencies have stepped up their diligence regarding what products are allowed to protect infrastructure at high security levels...

Comments  (0)


Getting Past Security's Fuzzy Math ROI

December 05, 2011 Added by:Rafal Los

It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...

Comments  (0)


Cloud Security – It’s All About Partnership

November 28, 2011 Added by:Ben Kepes

Cloud security is a two way street – both vendors and customers have a part to play in keeping it safe, and both parties need to bring something to the table. But, notwithstanding this fact, Cloud is still the best option for a number of SMB use cases...

Comments  (0)


Ineffective CISOs Foster Shady Vendor Practices

November 23, 2011 Added by:Boris Sverdlik

The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...

Comments  (0)


To iTrust or Not?

October 31, 2011 Added by:Enno Rey

Recently Apple launched its new offering iCloud. At this point, most infosec people start to worry a little bit: The common cloud concept of centralized data storage on premise of a third party does not cope well with the usual control focused approach of most technical infosec guys...

Comments  (0)


A CISO's Security Vendor Bill of Rights

October 20, 2011 Added by:Ron Baklarz

Current economic times are tough, budgets are tight and security spending is either down or flat. Security vendors still have to make a buck, however here is a top ten list of annoyances I personally have with security vendors, now codified in my Ciso's Security Vendor Bill of Rights...

Comments  (4)


Keys To Successful Cloud Application Deployment

October 05, 2011 Added by:Bill Gerneglia

It is imperative to select and deploy a proven set of cloud core services. These include storage management controls, hypervisors, security policies and security software including firewalls, disaster recovery and governance, and database administration and replication services...

Comments  (0)


Maintaining Quality in Outsourcing Telco Services

September 30, 2011 Added by:Bozidar Spirovski

The issue with telco services is that quality is difficult to define because there are parameters that are difficult to track: sound quality, response of system to tone-dial menu selection of an IVR, intermittent interruptions of communications, and temporarily unavailable service...

Comments  (0)


WikiLeaks: An Insider's Perspective

September 08, 2011 Added by:John Linkous

Many asked why, given that Agencies had the latest incident and event management technologies, the breach had not at least been spotted sooner - even if they were unable to prevent it completely. What followed is a response unlike any I've seen to date in the commercial sector...

Comments  (0)


Seven Areas of Concern With Cloud Security

August 18, 2011 Added by:Brent Huston

Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls...

Comments  (0)


The Great Cloud Blockage: 80/20

August 16, 2011 Added by:Ben Kepes

The Catch 22 situation – IT cannot free up sufficient dollars to move legacy applications to the Cloud. And because they therefore have to focus a significant proportion of their budget on keeping the lights on, the opportunities for investment in these activities are eroded...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »