Latest Blog Posts

6f611188ad4a81ffc2edab83b0705d76

A Loss of One of Our Own

October 29, 2009 Added by:Sandra Avery

I am still shocked and saddened by the very sudden loss of David Taylor, founder of PCI knowledgebase.  David passed away on Tuesday after suffering a sudden heart attack. Those of us who have anything to do with PCI compliance either know or know of David Taylor.

Comments  (1)

B32b392ce3a707f05f4838c48c67d9cf

Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)

B038fefd7a19c26505d1f0671609d8ce

IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)

14a516a8718c6b0a09598ac4f2777124

Why Infosec Languishes, Part II

October 28, 2009 Added by:Jim Anderson

Although external forces including economic downturn and market specific slowdowns do have their impact, these external forces alone often cannot explain why information security makes so little progress.   This phenomenon is often true even in situations where senior infosec leadership is experienced, holds multiple certifications, and otherwise commands an excellent grasp of the multip...

Comments  (0)

C7159a557369b66632c4b54bf746b69e

Sun Tzu quotes from The Art of War compared to Information Security

October 26, 2009 Added by:Sean Inman

I just finished up this great book The Art of War, by Sun Tzu.  There are many different versions the one I read was “The Art of War for Managers; 50 Strategic Rules”.  I wanted to share some quotes from Sun Tzu and how I think they tie to Information Security.

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 1)

October 26, 2009 Added by:Stephen Primost

With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as to what constitutes an “application problem”. One j...

Comments  (2)

8d04c13e080ecc73656118e7650fbb4c

Lies, Damn Lies, Statistics & Risk Management

October 24, 2009 Added by:Todd Zebert

Past willful risky behavior, and then outright foolishness, we have Risk Mismanagement. We’ve all head the quote “Lies, damned lies, and statistics” (author unknown) with its intention that statistics can be used to lie persuasively or lend credence to otherwise suspect arguments. With Risk Management we’ve layered Management on top of statistics - this is where things can ...

Comments  (0)

Abceedf5017915685f379075f00a5ccd

Useless Account Control

October 22, 2009 Added by:Sudha Nagaraj

In these days of heightened security awareness, I would think any and every operating system should boast of a robust anti-virus software suite. The fact that Microsoft released its much-awaited and highly proclaimed Windows 7 OS today without built-in anti-virus software continues to puzzle me.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

A Host of Insecurities about Security

October 21, 2009 Added by:Sudha Nagaraj

Security concerns will continue to dominate the IT sphere for a while. Governments are crying hoarse to put in preventive measures, the security industry is struggling to make up for losses suffered in a recessionary environment, enterprises are growing paranoid about the ‘insider threat’ and the small and medium enterprises are waking up to the need for security management.

Comments  (0)

B038fefd7a19c26505d1f0671609d8ce

Mitigating Risks by Leveraging a Core Business Process

October 20, 2009 Added by:Mike Cuppett

When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.

Comments  (0)

B32b392ce3a707f05f4838c48c67d9cf

Should SSL be enabled on every website?

October 14, 2009 Added by:Christopher Hudel

Using SSL to secure all websites may seem like an odd choice; most websites contain no "nuggets" worth taking, SSL apparently slows the page load time (especially on over provisioned hosting platforms), and it's not clear if doing so will kibosh any search engine optimizations. 

Comments  (10)

Abceedf5017915685f379075f00a5ccd

My Mind is Wave-ering on the Utility, Security and Privacy Aspects

October 14, 2009 Added by:Sudha Nagaraj

Like many other Wave-wannabes, I am also awaiting an invite from Google to try out their all-in-one communication solution Google Wave. But I have my trepidations: over making my private work public, over opening up for comment work that is still being worked out, over messing up “my thoughts” with a thousand other theories, over starting something with the full knowledge that it could...

Comments  (0)

C7159a557369b66632c4b54bf746b69e

The parallels between Information Security & Sun Tzu’s-The Art of War

October 13, 2009 Added by:Sean Inman

Correlations between Sun Tzu's Art of War and Information Security from Steve Pinman. "I think most organizations can demonstrate a well thought out plan(s) for dealing with “predictable” security attacks such as viruses and DDoS attacks, but how many organizations are actively engaged in planning for new threats and new attack vectors?"

Comments  (1)

Abceedf5017915685f379075f00a5ccd

Spammers Feasting on the East

October 13, 2009 Added by:Sudha Nagaraj

In India, Diwali or the ‘Festival of Lights’ is round the corner. As the D-day draws closer, Indians are flocking to malls and travel operators to shop and make reservations for the up-coming holidays. At this juncture, Symantec has released an advisory warning users against emails that offer discounts, holiday deals and other enticing subject lines which feature the word Diwali.

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Preventative Measures for Drive-by Malware

October 12, 2009 Added by:Ron Lepofsky

This article identifies preventative measures that both end users and web site managers can implement to protect all concerned from the dangers of drive-by malware.

Comments  (0)

Abceedf5017915685f379075f00a5ccd

Squinting at Cloud Formations

October 12, 2009 Added by:Sudha Nagaraj

The problem with the cloud is that it can evaporate leaving no trace behind! The weekend thunderbolt that hit over a million subscribers of T-Mobile Sidekick, operated by the Microsoft subsidiary, Danger Inc in the US, is standing testimony to the whimsical nature of cloud computing.

Comments  (0)


« First < Previous | 471 - 472 - 473 - 474 - 475 | Next > Last »