Blog Posts Tagged with "Analytics"
Law Of First Digits and How It Might Lead To More Trust
May 04, 2012 Added by:Alan Woodward
It might be as simple as whether an image has been altered to whether large data sets should be used to make a critical business decision. Benford's law and its generalized forms can help us decide whether or not we can trust some electronic data we may be about to rely upon...
Comments (0)
The Fort Knox Approach to Security
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
Comments (0)
Making Security Metrics That Matter
April 23, 2012 Added by:Robb Reck
The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...
Comments (1)
CIOs and Securing Data with Analytics
April 20, 2012 Added by:Bill Gerneglia
This expanding rate of potential threats call for a new way to approach corporate data security. The latest approach is one that is based on intelligence and BI tools. Security intelligence applies advanced analytics and automation technology to the collection of information from hundreds of sources across an organization...
Comments (1)
CISSP Reloaded Domain Six: Operations Security
April 19, 2012 Added by:Javvad Malik
Some argue that operations security is primarily focused around IT and bring up the old argument of IT vs infosec and the baggage that comes along with that. It’s an argument as old as whether PC’s are better than Macs, Ninja’s could beat Pirates or Cagney was better than Lacey...
Comments (0)
Filling in some Blanks on Network Segmentation Faults
April 18, 2012 Added by:Jack Daniel
A couple of thoughts on the segmentation-for-security concept are worth elaboration: grouping by OS makes sense from a management perspective, but if you do that it won’t stop the aforementioned Bad Things from running wild, so consider how best to segment for your situation...
Comments (0)
On Analyst Geometries
April 05, 2012 Added by:Wendy Nather
Sectors in security are blurring and merging, companies are building out portfolios, and everyone's adding discrete functionality from different categories. Static and dynamic analysis aren't separate revenue streams for some vendors, and it'll just get more muddled...
Comments (0)
Metrics, KPIs and Making Business Sense of Infosec
March 28, 2012 Added by:Rafal Los
Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...
Comments (0)
Defining Success for Information Security Through KPIs
March 26, 2012 Added by:Rafal Los
In the world of software development the business just wants to release fast and functional while the security team would prefer slower and more 'secure'. So as security struggles to positively impact risk, I found 5 key performance indicators that bridge the two positions...
Comments (0)
Redefining Security Intelligence with NOC and SOC
March 10, 2012 Added by:Rafal Los
Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...
Comments (0)
Quantifying Risk Reduction with an Unknown Denominator
March 08, 2012 Added by:Rafal Los
The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...
Comments (0)
Infosec: Where is Our “Long Tail”?
February 20, 2012 Added by:Dave Shackleford
The “long tail” concept illustrates the subtle, often overlooked 20% market that tends to be more niche. We need those organizations that are desperate to find unusual solutions that are not available at all right now. And we need small startups to provide them...
Comments (2)
Log Management: Debugging Security
February 19, 2012 Added by:Danny Lieberman
Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...
Comments (0)
Top Ten Java Frameworks Observed in Customer Applications
February 09, 2012 Added by:Fergal Glynn
One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...
Comments (0)
Achieving Network Security
February 08, 2012 Added by:Kevin Somppi
Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...
Comments (0)
NETPeas COREvidence v1.0 Sneak Preview
February 03, 2012 Added by:Nabil Ouchn
COREvidence, a Software as a Service (SaaS) product, integrates multiple services to create a one-stop network security solution. Customers have immediate access to numerous technology leaders in vulnerability management, compliance achievement and monitoring...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR