Blog Posts Tagged with "Analytics"

0a8cae998f9c51e3b3c0ccbaddf521aa

Metrics, KPIs and Making Business Sense of Infosec

March 27, 2012 Added by:Rafal Los

Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defining Success for Information Security Through KPIs

March 26, 2012 Added by:Rafal Los

In the world of software development the business just wants to release fast and functional while the security team would prefer slower and more 'secure'. So as security struggles to positively impact risk, I found 5 key performance indicators that bridge the two positions...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Redefining Security Intelligence with NOC and SOC

March 09, 2012 Added by:Rafal Los

Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Quantifying Risk Reduction with an Unknown Denominator

March 07, 2012 Added by:Rafal Los

The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Infosec: Where is Our “Long Tail”?

February 20, 2012 Added by:Dave Shackleford

The “long tail” concept illustrates the subtle, often overlooked 20% market that tends to be more niche. We need those organizations that are desperate to find unusual solutions that are not available at all right now. And we need small startups to provide them...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Top Ten Java Frameworks Observed in Customer Applications

February 08, 2012 Added by:Fergal Glynn

One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...

Comments  (0)

637466d18cc35f545740244d707c0482

Achieving Network Security

February 07, 2012 Added by:Kevin Somppi

Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...

Comments  (0)

83a1969531a4f021a9f7339e222ab995

NETPeas COREvidence v1.0 Sneak Preview

February 02, 2012 Added by:Nabil Ouchn

COREvidence, a Software as a Service (SaaS) product, integrates multiple services to create a one-stop network security solution. Customers have immediate access to numerous technology leaders in vulnerability management, compliance achievement and monitoring...

Comments  (0)

E973b16363b3de77b360563237df7e32

A Failed Attempt at Optimizing an Infosec Risk Assessment

January 28, 2012 Added by:Bozidar Spirovski

Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...

Comments  (3)

7fef78c47060974e0b8392e305f0daf0

E-Meme: The Next Generation of Thought Crime Detection?

January 25, 2012 Added by:Infosec Island Admin

An Orwellian software development project that the Navy has invested in called “E-MEME” will be able to sift through the internet for ideas and meme’s to analyze them for predictive behavior assessment. Predictive behavioral analysis via meme’s... Whatever could go wrong?

Comments  (6)

68b48711426f3b082ab24e5746a66b36

Mobile Application Security: New Platforms, Old Mistakes

January 24, 2012 Added by:Fergal Glynn

While Android may be a new platform, some of the security issues we found are reminiscent of old mistakes we have seen developers make. One example of this was the practice of hard-coding cryptographic keys directly into the application...

Comments  (0)

0ff0a77035f9569943049ed3e980bb0d

Content Raven – High Speed Low Drag

January 10, 2012 Added by:

Security professionals are always struggling to get usage statistics with security products. Content Raven gives you great metrics and analytics out of the box. I can track by user and/or device and /or location what the user has looked at and for how long...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Analyzing Passwords for Patterns and Complexity

December 20, 2011 Added by:Dan Dieterle

This is a great tool to see patterns in password security. After years of users being warned about password security, it is disheartening to see the majority of users are still using simple passwords. More alarming is the number of password dumps available from compromised websites...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Network Security in the Age of Social Media

December 08, 2011 Added by:Ben Rothke

Social media is now mainstream in corporate America, and the security and privacy issues around it are hot. In the past, many firms simply said no to social media at the corporate level. But that will no longer work, as social media isn’t a choice anymore, it’s a business transformation tool...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: Analyzing a Stuxnet Memory Dump

November 29, 2011 Added by:Dan Dieterle

Take a look at a memory dump from a system with Stuxnet - this code has execute and read write permissions. We could go on and find Stuxnet registry key settings, hidden Dll’s, file objects and numerous other artifacts in this memory sample all with using Volatility...

Comments  (0)

Page « < 1 - 2 - 3 > »