Blog Posts Tagged with "Defense in Depth"
July 18, 2012 Added by:Danny Lieberman
The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...
July 10, 2012 Added by:Infosec Island Admin
A shift supervisor was using a portable flash drive for downloading information from an HMI connected to the industrial control systems. Antivirus scanners run on the removable media, the HMI machine, and other systems found the Hamweq virus on the removable media, but the other systems were clean...
July 08, 2012 Added by:Robb Reck
Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...
May 31, 2012 Added by:Danny Lieberman
In a complex healthcare organization, large scale security awareness training is a hopeless waste of resources considering the increasing number of options that people have (Facebook, smartphones..) to cause damage to the business. Security awareness will lose every time it comes up against an iPad or Facebook...
May 24, 2012 Added by:Robert Siciliano
An employee at Fannie Mae, knowing he is about to be fired, installed a logic bomb set to detonate almost 3 months after his departure. The detonation would have taken the organization off line for almost a week and cost millions and millions of dollars...
May 15, 2012 Added by:Robert Siciliano
Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...
May 10, 2012 Added by:Andrew Sanicola
Web app firewalls can be a useful ally toward greater security for those who know how to use them properly. Whether you’re in the market for a new firewall or are already an owner, understanding it is a tool designed to be driven is an important step toward increased security...
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
March 13, 2012 Added by:Fergal Glynn
Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...
February 05, 2012 Added by:James Colbert
“Even if they brilliantly secure their networks, the greatest threat that organizations face is that they are still vulnerable if their minimum wage security guards are disgruntled or their physical access control systems can be easily bypassed...”
February 01, 2012 Added by:Dave Shackleford
We’re pretty good at if-then analysis for controls in security. Let’s turn it around though and start thinking if-then in the negative sense. Prevention tools and processes need to fail gracefully and lead us into detection and response mode...
January 25, 2012 Added by:Rafal Los
There are two parts to the idea of defense in depth - there is the concept and the implementation. It's easy to talk about the concepts behind defense in depth - but to implement them effectively in today's technology landscape... well that is an entirely different cup of tea...
December 24, 2011 Added by:Jim Palazzolo
When we truly understand that every server we secure, policy enforced, card swipe device locked down, banking website code scrubbed, and public facing connection port blockaded has a human being at the end we will then fully grasp the concept of "defense-in-depth"...
December 15, 2011 Added by:Mark Baldwin
October 26, 2011 Added by:Javvad Malik
Having a long padded out password isn’t enough. Because there are a whole multitude of things that should be taken into consideration before declaring something is the answer to all your security issues. It’s a security concept called defense in depth...
October 17, 2011 Added by:PCI Guru
It has been more than five years since the “sa” default password debacle and yet you still encounter applications that use service accounts to access their database and those service accounts have no password. The rationale? “We did not want to code the password into the application..."
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013