Items Tagged with "Security Strategies"


Helpdesk to the Boardroom

April 16, 2012 Added by:Daniel Blander

As security professionals, we eagerly hone our skills and immerse ourselves in the latest research. Yet too many of us feel that we are marginalized, and become frustrated at our lack of professional advancement. What could be the problem and how can we overcome it?

Comments  (0)


Information Sharing and the ICS-ISAC

April 15, 2012 Added by:Chris Blask

The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...

Comments  (2)


What the Titanic Teaches Techies

April 15, 2012 Added by:Allan Pratt, MBA

No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...

Comments  (0)


Javvad Malik Interviews Rafal Los at Black Hat EU 2012

April 12, 2012

We were fortunate to get an interview with HP's Global Software Security Evangelist Rafal Los at Black Hat Europe where he speaks about threat modeling and how we can stop determined attackers. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...

Comments  (0)


On Data Breach Containment

April 12, 2012 Added by:Rafal Los

You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...

Comments  (0)


Why Security is in Trouble

April 10, 2012 Added by:Rafal Los

Everything you do as an infosec leader needs to be aligned to your organization's mission statement and goals. Everything you do, every security-related decision you make, and every purchase and project you sign off on must first and foremost be aligned to the organization...

Comments  (1)


The Infosec Investment Equation - Can You Solve It?

April 09, 2012 Added by:Neira Jones

Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...

Comments  (0)


The Information Security OODA Loop Part 5: Act

April 06, 2012 Added by:Rafal Los

Practicing the OODA Loop for incident response is critical to making sure you avoid panic-induced decisions which could be catastrophic. If you're already formulating excuses as to why you won't be able to practice - just forget this altogether...

Comments  (0)


The Information Security OODA Loop Part 4: Decide

April 04, 2012 Added by:Rafal Los

There are any number of possible decisions to be made in an infosec OODA Loop cycle. Sometimes the most basic decision to be made is whether to act or to hold your position. Too often infosec tends to look at a potential event and assume that the response must be action...

Comments  (0)


Security's Fundamental Truth and Problem

April 03, 2012 Added by:Robb Reck

It’s very nature makes security difficult for people to readily accept. Security really is hard. It is inconvenient. It takes a 10 minute process and turns it into 11, 15, 30 or 60 minutes. Why wouldn’t our people give pause when security comes with these kinds of burdens?

Comments  (0)


The Information Security OODA Loop Part Three - Orient

April 03, 2012 Added by:Rafal Los

In infosec, if you've worked at companies who are doing security poorly and getting ravaged by hackers your first inclination may be desperation when your digital assets are under attack. It's hard to completely wipe the slate clean from previous experiences...

Comments  (0)


The Information Security OODA Loop Part Two - Observe

April 01, 2012 Added by:Rafal Los

Infosec is in a constant chess match with the opposition. In order to have some way of fighting this asymmetric digital warfare, we need to have an organized, formalized way of identifying current threats and reacting in near-real-time in order to reach a state of detente...

Comments  (0)


From Obstacle to Ally - Repositioning the Security Team

March 30, 2012 Added by:Steven Fox, CISSP, QSA

Rarely are non-security staff engaged in risk control discussions – a lack of interaction that disenfranchises those who will interact with the controls. This engenders a sense of powerlessness that leads to passive sabotage of initiatives intended to further the business...

Comments  (0)


The Information Security OODA Loop: An Introduction

March 29, 2012 Added by:Rafal Los

The OODA loop was invented by a military strategist, and the idea is that in order to win any given incursion you must go through your OODA loop faster than your opponent. Failing to do so can mean the difference between an incident and a catastrophic breach...

Comments  (0)


ENISA: Security Through a Public-Private Partnership

March 28, 2012 Added by:Infosec Island Admin

Cooperation in the form of Public Private Partnerships (PPPs) has evolved in many Member States. The European Commission has proposed concrete policy and regulations for improving the security and resilience of public telecommunications...

Comments  (0)


The Role of Penetration Testing in the Infosec Strategy

March 26, 2012 Added by:Ian Tibble

For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...

Comments  (2)

Page « < 2 - 3 - 4 - 5 - 6 > »