June 18, 2013 Added by:Tripwire Inc
This post is all about Control 13 of the CSIS 20 Critical Security Controls – Boundary Defense. Here we explore the (29) requirements I’ve parsed out of the control.
June 14, 2013 Added by:Vinod Mohan
Given the expanding threat landscape for the SMB and the increased demand for affordable IT security tools, here are five valuable tips for IT pros that help shed light on managing enterprise security on a budget.
June 12, 2013 Added by:Ian Tibble
The notion that VA tools really can be used to give a decent picture of vulnerability is still heavily embedded, and that notion in itself presents a serious vulnerability for businesses.
June 07, 2013 Added by:Michael Fornal
Identity Management applications are slowly gaining speed in the security realm as an important tool in managing provisions of an applications or to aid in gaining a handle on compliance and identity governance.
May 17, 2013 Added by:Luis Corrons
IT Departments are very often one step behind users, and unfortunately in most cases there is no real control over all devices on the corporate network. Despite perimeter solutions still being a necessity, the corporate perimeter must now expand to include new devices (mainly smartphones and tablets) that also handle confidential corporate information.
May 16, 2013 Added by:Anthony M. Freed
The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, recently issued an advisory warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.
May 13, 2013 Added by:InfosecIsland News
As an Infosec Island reader, we are pleased to offer you the following complimentary IT security resources for the week of May 13, 2013.
May 10, 2013 Added by:Steve Ragan
Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
May 07, 2013 Added by:Jarno Limnéll
In reality, a well-prepared cyber attack does not need to last for 15 minutes to succeed. After preparations it takes only seconds to conduct the attack which may hit targets next door as well as those on the other side of the world.
May 07, 2013 Added by:InfosecIsland News
A new report from the Pentagon marked the most explicit statement yet from the United States that it believes China's cyber spying is focused on the US government, as well as American corporations.
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
April 16, 2013 Added by:Jarno Limnéll
Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
April 15, 2013 Added by:Tripwire Inc
Security teams need the right skills in order to ‘ready’ themselves for action, and before we get to engage in some some really advanced security intelligence, big data analysis, haddop, threat intelligence and a myriad of other buzz words, we will need to be able to accomplish the basics first.
Student Pleads Guilty to Counterfeiting Coup... on 06-18-2013
Starting to Clean Up the Mess from PCAnywher... Peggy Patterson on 06-18-2013