Items Tagged with "Enterprise Security"
Why Does Software Security Keep Falling off your Budget?
May 22, 2012 Added by:Rafal Los
Approximately 3 out of 4 attacks against your enterprise or organization come at your applications. Whether it's at your website, at the mobile app you've deployed, or your enterprise API - you're being attacked where the lowest defenses are - the application...
Comments (0)
CISO 2.0: Enterprise Umpire or Wide Receiver?
May 22, 2012 Added by:Robb Reck
In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...
Comments (0)
Malware Threats: Save Your Company Now
May 21, 2012 Added by:Bill Gerneglia
As the severity of cyber-crimes continues to grow, it’s important to understand the types of malware involved and how they work. Many forms of malware might be familiar, but they evolve as counter measures force adaptation. Today, the adaptation is driven by professional criminals...
Comments (0)
Logging: Opening Pandora's Box - Part 4 - Awareness
May 21, 2012 Added by:Rafal Los
Awareness is the ability to know, understand and react to various types of events in near-real-time in order to defend your enterprise. Whether you're defending it from performance failures, functionality failures, or security failures is dependent on the group you work in...
Comments (0)
Companies Hit in Targeted Attacks
May 18, 2012 Added by:Gregory Hale
If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system. Companies in specific industries could band together and share information on attacks that target their industries...
Comments (1)
Achieving Compliance in the Post-Acquisition Context
May 17, 2012 Added by:Thomas Fox
Trust cascades down each level of a company from the Board of Directors to employees and then to customers. Trust is equally important in the M&A context. These ideas are useful for the compliance practitioner when integrating a new acquisition into an existing compliance culture...
Comments (0)
China's Intelligence Apparatus: Implications for Foreign Firms
May 17, 2012
A business does not need to be located in the PRC to fall victim to espionage. This problem includes old fashioned spying outside of China, sometimes by a classic sleeper agents or by a PRC-owned or invested firm that assesses, develops, and recruits an agent inside your firm...
Comments (0)
BYOD - It's a Personal Matter
May 17, 2012 Added by:Phil Klassen
When you own something, especially a mobile device, there is a sense of entitlement that the individual has. So it's critical that you establish the fact that using a personal device to do company business is a privilege, not a right, and that privilege can be taken away...
Comments (0)
Big Opportunities in the Cloud
May 16, 2012 Added by:Ben Kepes
Purists were adamant that the Private Cloud was flawed and that it could not deliver the benefits of the Public Cloud. On the other hand organizations were highly skeptical of the Public Cloud, listing its shortcomings in terms of security, reliability, compliance and control...
Comments (0)
On Proper System Hardening
May 16, 2012
When a system or device has been properly hardened, all unnecessary bells and whistles are turned off, disabled, or simply ripped out, leaving only the bare minimum needed to run the service. This creates a much smaller surface area to attack...
Comments (0)
Security BSides Detroit Announces its June Schedule
May 15, 2012 Added by:Steven Fox, CISSP, QSA
The BSides conference is billed as a un-conference where practitioners go for clear unfiltered view of the industry. The conference features two tracks and thirty-two talks of local and national experts on a variety technical and non-technical subjects...
Comments (0)
Software Security: A Chief Financial Officer’s Perspective
May 15, 2012 Added by:Fergal Glynn
Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...
Comments (0)
The Patchwork Cloud: Portability of Security in Cloud Computing
May 15, 2012 Added by:Rafal Los
Portability is important not just across your various cloud providers but also internally. What are we talking about here? First is the acknowledgement that security isn't exclusively about the perimeter anymore. The move to cloud computing environments hastens this awareness...
Comments (0)
FBI Guidance of Combating the Insider Threat
May 15, 2012 Added by:Infosec Island Admin
The thief who is harder to detect and who could cause the most damage is the insider — the employee with legitimate access. They may steal solely for personal gain or be a “spy”—someone who is stealing company information or products in order to benefit another organization or country...
Comments (0)
Cybercrime Does(n't?) Pay
May 15, 2012 Added by:Beau Woods
Although many studies fail at basic science, I'm hopeful that the information security industry will get better both at true academic research and at coming up with accurate metrics for the most important data. We'll get there as we mature as an industry, but it will take a while...
Comments (0)
What is the Value of a Good Name?
May 15, 2012 Added by:Jon Long
What is the value of a good name? Do you want a firm that has little to lose, or one who has much to lose. I guarantee you that the firm with the most to lose will be the most thorough in their examination of your internal controls. It's time we take a stand against cheap risk assurance...
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!