Security Awareness
Managing My Company’s Security is a Nightmare
May 17, 2013 Added by:Luis Corrons
IT Departments are very often one step behind users, and unfortunately in most cases there is no real control over all devices on the corporate network. Despite perimeter solutions still being a necessity, the corporate perimeter must now expand to include new devices (mainly smartphones and tablets) that also handle confidential corporate information.
Comments (0)
Do You Have a Vendor Security Check List? You Should!
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
Comments (0)
Bore Them With Death-by-Awareness: That’ll Teach em!
May 08, 2013 Added by:Lee Mangold
As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?
Comments (0)
On Dutch Banking Woes and DDoS Attacks
April 25, 2013 Added by:Don Eijndhoven
If you don't live in the Netherlands or don't happen to have a Dutch bank account, you can certainly be forgiven for not having caught wind of the major banking woes that have been plaguing the Dutch.
Comments (0)
Raising the Bar on Application Security Due Diligence
April 24, 2013 Added by:Rohit Sethi
Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.
Comments (0)
Google: Black Hat or White Hat?
April 23, 2013 Added by:Larry Karisny
Google has a perfect opportunity to be a leader in cybersecurity. Google’s recent network -- and acquisitions and hires -- in Austin, Texas, is an opportunity to do security right the first time.
Comments (1)
Don’t Let Your Guard Down: Tragedies Pave Way for Phishing Attacks
April 16, 2013 Added by:Jake Garlie
Tragic events such as what happened during the Boston Marathon creates an opportunity for attackers in the digital world as well. With everyone scrambling for more information, the success rate of a phishing attack at this time can skyrocket.
Comments (0)
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
Debunking Myths: Penetration Testing is a Waste of Time
April 04, 2013 Added by:Rohit Sethi
Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.
Comments (0)
Defending the Corporate Domain: Strategy and Tactics
March 27, 2013 Added by:Rafal Los
Strategy without accompanying tactics is a lost cause. Tactics without a solid footing in strategy is an expensive lost cause. The maturity of an organization's security team is directly proportional to their ability to have a foundational strategy and be able to implement tactical measures and feedback to adjust to changing conditions in order to defend adequately.
Comments (0)
The Five-Step Privilege Management Checklist for Financial Organizations
March 27, 2013 Added by:Paul Kenyon
Financial institutions sit at the top end of the scale for security and reputational risk, with their databases of customer information making them especially vulnerable to criminal interception and subject to regulatory obligations.
Comments (0)
Security; The non-commodity
March 21, 2013 Added by:Oliver Rochford
In an enterprise environment, a computer comes preloaded with Antivirus. For businesses, this is of course a good thing. It has sadly also had some unintended consequences – mainly to be found in the perception and expectations that customers and end-users have developed because of the commoditization of antivirus.
Comments (2)
Hardening Is Hard If You're Doing It Right
March 20, 2013 Added by:Ian Tibble
The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.
Comments (0)
Ben Rothke on the Five Habits of Highly Secure Organizations
March 18, 2013 Added by:Tripwire Inc
There are five habits of highly secure organizations, said Ben Rothke (@benrothke), Manager – Corporate Services Information Security at Wyndham Worldwide.
Comments (1)
So APT Is China *snicker* Now What?
February 28, 2013 Added by:Krypt3ia
As RSA comes to a close and the corridors of the hall stop ringing with the acronym APT, I find myself once again looking at the problem as opposed to the hype.
Comments (0)
China's PLA Behind Massive Cyber Espionage Operation
February 19, 2013 Added by:Mike Lennon
In a fascinating, unprecedented, and statistics-packed report, security firm Mandiant made direct allegations and exposed a multi-year, massive cyber espionage campaign that they say with confidence is the work of China.
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform