Blog Posts Tagged with "Controls"
Why Security Through Obscurity Still Does Not Work
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
Comments (0)
What is the Value of a Good Name?
May 15, 2012 Added by:Jon Long
What is the value of a good name? Do you want a firm that has little to lose, or one who has much to lose. I guarantee you that the firm with the most to lose will be the most thorough in their examination of your internal controls. It's time we take a stand against cheap risk assurance...
Comments (0)
Keeping Security Relevant: From Control to Governance in the Cloud
May 12, 2012 Added by:Rafal Los
When someone mentions public cloud, you quickly see the polarizing effects the topic has, generating a very negative reaction to the idea of putting anything corporate in the public cloud. What does that mean for the future of corporate information security and risk management?
Comments (0)
The Great Compliance Conundrum
May 10, 2012 Added by:Mark Gardner
The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...
Comments (0)
Five Conversations that will Shape Your Cloud Security Model
May 03, 2012 Added by:Rafal Los
We need to move away from the control model into a governance model and acknowledge we're not going to have control over all of our risk. Any notion that you have control is a delusion. Assuming that if you control the environment you have better security is a fallacy...
Comments (0)
The Security, Privacy and Legal Implications of BYOD
April 24, 2012 Added by:David Navetta
Some organizations believe that BYOD will allow them to avoid significant costs. Other companies believe that company data on personal devices is inevitable. Unfortunately, BYOD raises significant data security concerns which can lead to potential legal risk...
Comments (0)
Good Security Starts at Home
April 24, 2012 Added by:Ben Rothke
Not a day goes by without yet another spate of privacy and security issues. Threats to the security, privacy and personal information continue to increase in scope and complexity. To maintain competitive edge, vendors and service providers are scrambling to keep up...
Comments (0)
Ten Ways to Handle Insider Threats
April 19, 2012 Added by:Brent Huston
Tough economic times make it tempting for an employee to switch his white hat to a black one for financial gain. Insider threats also include contractors, auditors, and anyone who has authorized access to systems. How can you minimize the risk? Here are a few tips...
Comments (1)
Why Data Centers Have to Choose Between SSAE 16 and SOC 2
April 18, 2012 Added by:Jon Long
Why do Data Centers Have to Choose Between SSAE 16 and SOC 2? If SSAE 16 is applied correctly, non-ICFR controls should not be included in the report. This means that at the very least Physical Security and Environmental Controls have to be removed from the SSAE 16 report...
Comments (0)
Disagreement on Password Vault Software Findings
April 12, 2012 Added by:Brent Huston
Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...
Comments (0)
On Network Segmentation Faults
April 11, 2012 Added by:Jack Daniel
Why should you segment? Network and systems management can be enhanced by segmentation and isolation, as can performance- patch and systems management servers, departmental servers, printers and more can be placed in the most advantageous segment of the network...
Comments (0)
NIST Workshop on SCADA - ICS Security
April 05, 2012 Added by:Headlines
Securing against unlawful and malicious attacks is especially vital when the computers control major physical systems—manufacturing plants, transportation systems, power grids. Cybersecurity for physical systems is the topic of an upcoming NIST workshop...
Comments (0)
Data Classification: Why it is Important for Information Security
April 03, 2012 Added by:Christopher Rodgers
Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...
Comments (0)
Vague Cybersecurity Legislation Threatens Civil Liberties
April 02, 2012 Added by:Electronic Frontier Foundation
Using cryptography to protect communications could be taken as a way to defeat an operational control. Measuring the performance of one's ISP or analyzing whether packets are being modified maliciously could all be seen as security threats under this definition...
Comments (1)
Eating the Security Dog Food
March 23, 2012 Added by:Wendy Nather
It's harder to be accused of nefarious activities if you are completely above-board, show you're willing to be subject to appropriate limits, and make a point of relinquishing any powers you might have. Call it CYA, call it leading by example, whatever. It's ethically important...
Comments (0)
CISSP Reloaded - Domain Two: Access Controls
March 08, 2012 Added by:Javvad Malik
Understand who’s trying to get access and choose the control that will really protect you. Or rather, I should say, the control should protect you long enough for you to do something about it. Otherwise you might find yourself as the person holding a knife in a gunfight...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR