Security Training


The Three Human Failures Behind Remote Access Shortcomings

November 26, 2014 Added by:Patrick Oliver Graf

Whenever news of a network security breach reaches the public airwaves, observers are quick to assign blame to some combination of technological shortcomings and human error that allowed an attacker to slip through the victim’s cyber defenses.

Comments  (1)


Data Classification for a Stronger Security Outlook

November 26, 2014 Added by:Steve Martino

While data must be protected, not all data is of equal importance and therefore not in need of the same level of protection. Security teams should consider the types of data that exist within their organizations and what security measures will work best for each.

Comments  (0)


Security or Checking a Box?

November 20, 2014 Added by:PCI Guru

What is your organization interested in? Security or checking a box? Not surprisingly, most people answer “security” and then go on to prove with their actions and words that they are only interested in checking a box.

Comments  (1)


Access Governance 101: Job Changes and Elevated Permissions

November 20, 2014 Added by:Identropy

Depending on the functionality and importance of your applications, databases and document folders, access should be reviewed periodically to ensure your organization is secure.

Comments  (0)


MSSP Client Onboarding – A Critical Process!

November 17, 2014 Added by:Anton Chuvakin

Many MSSP relationships are doomed at the on-boarding stage when the organization first becomes a customer.

Comments  (0)


Tips for Writing Good Security Policies

November 13, 2014 Added by:Brent Huston

Almost all organizations dread writing security policies. When I ask people why this process is so intimidating, the answer I get most often is that the task just seems overwhelming and they don’t know where to start.

Comments  (1)


Three Danger Signs I Look for when Scoping Risk Assessments

November 12, 2014 Added by:Brent Huston

Scoping an enterprise-level risk assessment can be a real guessing game.

Comments  (0)


7 Security Threats You May Have Overlooked

November 11, 2014 Added by:Patrick Oliver Graf

In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks.

Comments  (0)


Preventing and Recovering From Cybercrime

November 10, 2014 Added by:Pierluigi Paganini

Prevention means to secure every single resource involved in the business processes, including personnel and IT infrastructure.

Comments  (2)


What Makes a Good Security Audit?

November 10, 2014 Added by:Electronic Frontier Foundation

In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.

Comments  (0)


MSSP: Integrate, NOT Outsource!

November 06, 2014 Added by:Anton Chuvakin

My early research conversations with both MSSP customers and providers themselves reveal the theme: those who think “integrate, NOT outsource” usually get much more value out of the MSSP relationship.

Comments  (0)


Remote Access No More: Reddit Requires Worker Relocation Before End of Year

November 05, 2014 Added by:Patrick Oliver Graf

To make sure remote workers are able to safely access their corporate network, administrators need to make sure that all endpoints – the company-owned devices employees use for remote work – are secure.

Comments  (1)


Risk Management is more than a Risk Assessment

November 04, 2014 Added by:Rebecca Herold

Every business, no matter how small, needs to have a risk management process in place to be able to effectively mitigate information security risks.

Comments  (0)


Is There a Business Case in Planning for Data Breaches?

October 30, 2014 Added by:Neohapsis

Sadly, even with sophisticated layers of defense, many organizations are facing similar thought processes of what to do “when” a data breach takes place rather than “if”.

Comments  (0)


On MSSP Personnel

October 30, 2014 Added by:Anton Chuvakin

A wise CSO once told me that in order to outsource a security process (such as security monitoring or device management) and achieve a great result, you have to know precisely how a great process of that kind looks like.

Comments  (1)


Compliance-Based Infosec Vs Threat-Based Infosec

October 29, 2014 Added by:Brent Huston

Compliance-based infosec, when implemented correctly, is really the best kind of defense there is. The problem is, the only place I’ve ever seen it really done right is in the military.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »