Security Management

D36d0936f0c839be7bf2b20d59eaa76d

Can Hackers Get Past Your Password?

November 05, 2014 Added by:Steve Durbin

Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.

Comments  (2)

65be44ae7088566069cc3bef454174a7

Risk Management is more than a Risk Assessment

November 04, 2014 Added by:Rebecca Herold

Every business, no matter how small, needs to have a risk management process in place to be able to effectively mitigate information security risks.

Comments  (0)

93c815429fc1ab15a9295a4f55989ae0

Is There a Business Case in Planning for Data Breaches?

October 30, 2014 Added by:Neohapsis

Sadly, even with sophisticated layers of defense, many organizations are facing similar thought processes of what to do “when” a data breach takes place rather than “if”.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On MSSP Personnel

October 30, 2014 Added by:Anton Chuvakin

A wise CSO once told me that in order to outsource a security process (such as security monitoring or device management) and achieve a great result, you have to know precisely how a great process of that kind looks like.

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Compliance-Based Infosec Vs Threat-Based Infosec

October 29, 2014 Added by:Brent Huston

Compliance-based infosec, when implemented correctly, is really the best kind of defense there is. The problem is, the only place I’ve ever seen it really done right is in the military.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Healthcare Data Today: In Motion or Out of Control?

October 28, 2014 Added by:Patrick Oliver Graf

From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On MSSP SLAs

October 28, 2014 Added by:Anton Chuvakin

SLAs play a role here as well, and – you guessed it – what you need here also depends on the maturity of your change management processes.

Comments  (0)

E11e506024f5d2b70f037b9af4734f33

Distinguishing Acts of War in Cyberspace

October 27, 2014 Added by:Stefano Mele

Determining an act of war in the traditional domains of land, sea, and air often involves sophisticated interactions of many factors that may be outside the control of the parties involved.

Comments  (1)

Ffc4103a877b409fd8d6da8f854f617e

Webcast: How Gaps In SSH Security Create an Open Door for Attackers

October 27, 2014 Added by:InfosecIsland News

Please join us on Thursday, Oct. 30th at 1PM ET for a special webcast on how Gaps In SSH Security Create an Open Door for Attackers.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Cyber Security Careers: What You Need To Know To Advance In The Security Field

October 23, 2014 Added by:Tripwire Inc

Skilled people make the difference in protecting sensitive data, so it’s more critical than ever that public and private sectors begin training and hiring cyber security professionals.

Comments  (1)

65be44ae7088566069cc3bef454174a7

6 Actions Businesses Should Take During Cyber Security Awareness Month

October 22, 2014 Added by:Rebecca Herold

October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Hacker Myths Debunked

October 20, 2014 Added by:Tripwire Inc

Ethical hacking can improve the security of various products, whereas malicious hacking seeks to undermine data integrity. It’s how people hack which shapes the nature of a particular incident.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Acting on MSSP Alerts

October 16, 2014 Added by:Anton Chuvakin

Security incidents call for an immediate incident response (by definition), while alerts need to be reviewed via an alert triage process in order to decide whether they indicate an incident, a minor “trouble” to be resolved immediately, a false alarm or a cause to change the alerting rules in order to not see it ever again.

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Introducing the Shoulders of InfoSec Project

October 15, 2014 Added by:Jack Daniel

In information security we have a very bad habit of ignoring the past; many times it isn’t even a failure to remember, it is a failure to ever have known who and what came before.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Do Not Jump To Conclusions

October 08, 2014 Added by:PCI Guru

The take away from this post is to think through the implications of the Council’s directives before you go off advising organizations that certain technologies are not PCI compliant

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Shellshock(ed)? How Did Your Security Program Do?

October 07, 2014 Added by:Tripwire Inc

All we should hear from security professionals is glee as their well-oiled machines switch into gear and they get to prove that they are able to operate at times when mere mortals quake in fear. For many though this is not the reality.

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »