Security Management

1b061b1cec6b5898e5326992d9461610

"Back to Basics": What does this mean?

May 28, 2014 Added by:Dave Shackleford

So what ARE “the very basics”? And how exactly do we “get back to them”?

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Vigilance: Maintaining an Effective Enterprise Security Posture

May 27, 2014 Added by:Tripwire Inc

So the question for us, security professionals and dabblers alike, is how do we make this moment one that makes a difference?

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

Windows Update to Fix Pass-the-Hash Vulnerability? Not!

May 27, 2014 Added by:Tal Be'ery

Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Lessons from 3 Organizations That Made 3 Privacy Mistakes

May 22, 2014 Added by:Rebecca Herold

Existing privacy laws address only a fraction of the privacy risks that exist, and new risks are emerging all the time. Don’t put your customers, and innocent children’s, privacy at risk by doing things that may be legal, but still a very bad privacy action.

Comments  (0)

022aafe7eef823af1fa3931a5539ae49

What’s New in PCI DSS v3.0 for Penetration Testing?

May 20, 2014 Added by:Nima Dezhkam

As a main area of our interest, PCI v3.0 enhances the Penetration Testing requirement by adding guidelines that help both the organizations and the auditors to better show and understand two important areas of concern in every PCI compliance effort.

Comments  (0)

0b68e5c590b3463d8fe27a4b0e9434cd

Steinhafel is Dead, Long Live Steinhafel

May 15, 2014 Added by:Sonali Shah

“The King is dead, long live the King” speaks to the inevitability of succession. It is now not a stretch to think about the inevitability of future CEOs leaving power and ascending to power as a result of cyber breaches.

Comments  (0)

D2b743b9ed2d7c357472fa8237d7adaf

Time to Say Goodbye to Admin Privileges

May 14, 2014 Added by:Andrew Avanessian

The most resilient organizations will be those that map out specific security controls that will turn their anticipation of threats into a plan of action. Increasingly, businesses are identifying an emerging theme for preventing security vulnerabilities: restricting employees and IT administrators to standard user accounts and removing the dangers associated with IT admin privileges.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Proactively Hardening Systems Against Intrusion: Configuration Hardening

May 13, 2014 Added by:Tripwire Inc

What do we mean when we talk about “hardening systems” to repel exploits and withstand intrusions? Much of this is captured in three simple concepts.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On “Defender’s Advantage”

May 12, 2014 Added by:Anton Chuvakin

“The attacker can exploit just one vulnerability to get in, while the defender needs to protect all ways in.”

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Heartbleed, Open Source and Open Sores

May 08, 2014 Added by:Tripwire Inc

Now that things are settling down after Heartbleed, I think about some of the conversations I’ve had about OpenSSL and open source software over the past couple of weeks.

Comments  (1)

201d6e4b7cd0350a1a9ef6e856e28341

DOE Cyber Security Procurement Language – Is It Comprehensive Enough

May 06, 2014 Added by:Joe Weiss

DOE recently issued their revised report on Cyber security procurement Language for Energy Delivery Systems dated April 2014.

Comments  (0)

Fafdf1720f4df1d41c6eacbd2429a06b

A Windows Authentication Flaw Allows Deleted/Disabled Accounts to Access Corporate Data

May 06, 2014 Added by:Tal Be'ery

Since Kerberos authentication and authorization is based solely on the ticket – and not on the user’s credentials, it means that disabling the user’s account has no effect on their ability to access data and services.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

The White House Big Data Report: The Good, The Bad, and The Missing

May 05, 2014 Added by:Electronic Frontier Foundation

Last week, the White House released its report on big data and its privacy implications, the result of a 90-day study commissioned by President Obama during his January 17 speech on NSA surveillance reforms.

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

ICS-ISAC: Understanding and Implementing Shared Situational Awareness

May 01, 2014 Added by:Tripwire Inc

SARA (the Situational Awareness Reference Architecture) provides applicable steps for creating local and shared situational awareness.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

When it's Time to Share Information: How Heartbleed Got it Right

April 30, 2014 Added by:Tripwire Inc

For all of the chaos and exposure that came with the Heartbleed OpenSSL vulnerability, there is one thing that the security community got right – broad, loud communication to everyone and their mother.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Security Monitoring Planning Tool?

April 24, 2014 Added by:Anton Chuvakin

The easy stuff is for wussies – how about I dedicate my time to creating a structured approach for deciding which monitoring technology to use under various circumstances?

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »