Blog Posts Tagged with "Vendor Management"
If you are not serious enough about your security don’t expect your IT service provider to care
December 10, 2012 Added by:Hani Banayoti
Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...
Comments (0)
CIOs Seek Value But See Challenges with Cloud Computing
September 16, 2012 Added by:Bill Gerneglia
The face of corporate IT changes dramatically with a move to the cloud – no longer do people need to spend time racking and stacking servers, patching software and other low level tasks – the fact is that in the long run individual organizations will not have email server administrators, desktop software support personnel or systems administrators...
Comments (0)
Security Mistakes You Will Make on Your Next Cloud Project
July 18, 2012 Added by:Danny Lieberman
The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...
Comments (0)
Navigating the Minefield of Mobile Technology Purchasing
July 10, 2012 Added by:Patrick Oliver Graf
In organizations, there is a constant struggle between satisfying the technological needs of workers while maintaining an adherence to compliance and security. Remote access represents the next major iteration of this battle. This complexity also means there’s far more overlap between the pain points...
Comments (0)
Security Vendors: Absit Reverentia Vero
July 09, 2012 Added by:
Vendors are driven to sell and sell at all costs. Product features stagnate, services under perform. We the customers suffer and the security postures of all organizations plummets. Adversaries can spend less on penetration innovation while at the same time more easily bypass our defenses...
Comments (0)
Five Reasons Why You Need an Application Security Program
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
Comments (0)
Center for Internet Security Unveils Trusted Purchasing Alliance
June 28, 2012 Added by:Headlines
“The mission of the Alliance is to maximize buying power to improve the cyber security posture of governments and not-for-profits... to help organizations in the public sector procure solutions to address cyber security... [a] trusted environment public sector organizations can turn to for expert guidance..."
Comments (0)
Breached! Now What? Seven Steps to Avoid Failure Panic
May 07, 2012 Added by:Rafal Los
To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...
Comments (1)
Reaching for the Cloud: A Contemporary Infosec Perspective
March 21, 2012 Added by:Hani Banayoti
We need to entrust information security to professionals who not only know the fundamental principles and technologies, but are also able to understand and support the business's goals in order to influence and contribute positively to the ongoing infosec challenge...
Comments (0)
The Patchwork Cloud - What's the Deal with Cloud Security?
March 14, 2012 Added by:Rafal Los
Since everything I've been reading from the press, my colleagues, and analysts I know has been telling me security is ranked high in the top five concerns for cloud computing adoption - an article on ARN by Spandas Lui was like a bucket of ice water to the face...
Comments (0)
Improving Compliance Performance in Your Supply Chain
March 05, 2012 Added by:Thomas Fox
One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...
Comments (0)
The Patchwork Cloud - Security and Incentives
March 04, 2012 Added by:Rafal Los
A cloud service provider who isn't doing well at meeting security controls and requirements has two options - ignore the voluntary attestation and stay off the STAR registry, or only answer certain parts. This makes it impossible to have a level playing field...
Comments (1)
Cross-Border Sovereignty Issues in the Cloud
March 02, 2012 Added by:Rafal Los
It's about due care, process, and not rushing into a cloud computing migration. Take a rational approach and first understand the parameters you need to operate. Then enforce with prejudice those requirements on your vendors and know the way cloud computing is delivered...
Comments (0)
Cyber Insurance: Efficient Way to Manage Risk in the Cloud?
February 27, 2012 Added by:David Navetta
While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want - especially where Cloud providers refuse to accept that risk contractually). Cyber insurance may be a solution to help solve the problem...
Comments (0)
Database Security TLAs Make Me LOL
February 15, 2012 Added by:Josh Shaul
I can only imagine what folks go through when they’re shopping for solutions to improve databases security. Do you want DAM? DAP? DAMP? DSP? DLP? WAF? To improve the security of your databases, you’re probably going to need some or all of the following capabilities...
Comments (0)
Penny Wise, Pound Foolish: Avoiding Security Spend Pitfalls
February 07, 2012 Added by:Fergal Glynn
Knowing how much money you’re going to spend upfront is a challenge until you have the application inventory, until you know what your risk tolerances are, and until you have a fair idea of what the problems are. You’ll have to start slow and realize the number may grow...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers