December 04, 2013 Added by:Rohit Sethi
My colleague, Andre Harricharran, security consultant with Security Compass, offers a closer look at the mobile application assessment process and requirements, and what organizations should consider when procuring this type of service
November 19, 2013 Added by:Rohit Sethi
An information security training program is crucial for ensuring and maintaining a good security posture; in order to effectively manage this program you have to be able to measure it. This article introduces a concept recommended by NIST in their Special Publication 800-16, for evaluating training effectiveness.
November 18, 2013 Added by:Vince Schiavone
To achieve advance warning of risks and threats, corporations now require social intelligence as the backbone of their crisis management strategy. This is no different than the way military or intelligence organizations operate – knowledge is power and propagates effective response.
November 12, 2013 Added by:Jason Clark
Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.
October 22, 2013 Added by:Vince Schiavone
As the “social age,” “mobile age” and “consumer age” converge, enterprise risk is experiencing a evolutionary shift due to the array of complex emerging threats that are challenging corporations on various levels. With billions upon billions of daily social discussions from consumers, influencers, competitors, activists, journalists and regulators, an entirely new social dimension of r...
October 03, 2013 Added by:Vince Schiavone
To help executives understand and address the growing dangers of social risks threatening their revenue and reputation, I assembled a consortium of academic and commercial experts spanning social intelligence, enterprise risk, digital privacy, communications and security to write the industry’s first comprehensive handbook on the topic.
September 11, 2013 Added by:Rohit Sethi
Let’s say you’ve just had a pen test or security scan performed on your application. You review the list of findings and get to work on remediation. Apart from obvious shortcomings of any individual single assessment technique, you may also be doing a disservice to meeting your business goals.
August 08, 2013 Added by:Jon Stout
he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.
August 01, 2013 Added by:Jon Stout
There are powerful integrated security dashboards that can be installed and modified to meet each user’s particular needs. Now a company can create hundreds if not thousands of employee cyber warriors with a relatively small investment.
July 30, 2013 Added by:Jon Stout
You can be doing all the right things, adding immense value to your customer and helping your company build a great brand. When a contract changes even incumbents are suddenly “on the bench” or “between projects” or “on overhead” . You are no longer billable. As a result you have now moved from a profit-generator to a cost center. When this happens you are at risk.
July 29, 2013 Added by:Mikko Jakonen
‘DOUBLE TWINS‘ is deception scheme combining modern world speed, easiness to run anonymous with Internet and difficulties with real corporate and personal identity verification. What makes it most interesting; it was ‘quick in – quick out’ – job, completed within 3 weeks from the start.
July 08, 2013 Added by:Brad Bemis
Introducing the term "Contextual-Relevance" into the security lexicon: For information security to function properly, it MUST take into account the unique organizational context that applies in any given situation. This fundamental concept is so crucial to the underlying fabric of a successful security program, that is pervades all aspects of the security function.
June 28, 2013 Added by:Edwin Covert
Organizations face a new threat to their information systems and intellectual property: advanced persistent threats, or APT. In order to detect and mitigate these attacks, organizations must develop a cyber-security capability that allows them to defend themselves.
June 25, 2013 Added by:InfoSec Institute
Greg Thompson has his work cut out for him as Scotiabank’s highest level security professional. Thompson, vice president of enterprise security services at the Toronto, Ontario-based entity, oversees a team responsible for ensuring that hackers, cyber terrorists and hacktivists don’t get bragging rights at company’s expense.
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013
Projectile Dysfunction... ryan mccarthy on 12-01-2013
Mobile Security: Tips for Using Personal Dev... Shah Alam on 11-30-2013