Blog Posts Tagged with "Defense in Depth"


PCI Defense In Depth

October 17, 2011 Added by:PCI Guru

It has been more than five years since the “sa” default password debacle and yet you still encounter applications that use service accounts to access their database and those service accounts have no password. The rationale? “We did not want to code the password into the application..."

Comments  (0)


Cyberspace and 4th Generation Warfare - A Marriage of Convenience

August 25, 2011 Added by:Don Eijndhoven

The lesson here is that we should prepare our online critical infrastructure for attacks ahead of time. Assume that attacks will come and that attacks will be successful. This means that critical services should be redundant and capable of providing service even while under attack...

Comments  (10)


A Better Defense in Depth Implementation

April 13, 2011 Added by:Robb Reck

As malicious actors have proven time and time again, our current security programs are insufficient to provide adequate protection. Defense in depth has come under fire as a result. But it’s not the DiD model that has failed us, it’s our own incomplete implementations...

Comments  (3)


Why Defense in Depth Will Never Be Sufficient

March 30, 2011 Added by:J. Oquendo

Defense in depth is a great approach at defending from the outside in, but far too many professionals are entrenched in getting this right while attackers are increasingly “punching holes” on their way out. Defense in Depth is not going to solve the "advanced persistent” issue...

Comments  (5)


Defense in Depth is Necessary, But Not Sufficient

March 28, 2011 Added by:Robb Reck

Cyber warfare raises the possibility that weapons may not fire when we count on them, or healthcare systems may not function properly when lives are at stake. The appropriate level of acceptable risk in these areas is extremely small and requires the very best security measures we can implement...

Comments  (0)


Why does Web App Security Continue to Stink?

February 21, 2011 Added by:Andy Willingham

Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...

Comments  (1)


Customer Security and Software Security

February 02, 2011 Added by:Danny Lieberman

What threats really count for your business? No question is more important for implementing effective security. The management, the software developers and security analysts cannot expect to mitigate risk without knowing the sources and costs of threats to products and the products’ users...

Comments  (3)


Defense in Depth: Security Strategy or Security Blanket?

January 26, 2011 Added by:Robb Reck

We have all heard that a defense in depth is required for an effective security program. But in many ways defense in depth has become a security blanket for companies, rather than a strategy. The number of different technologies may give a nice sense of security, but provides negligible added value...

Comments  (6)


Reality Check: Traditional Perimeter Security is Dead

December 15, 2010 Added by:Stefan Fouant

An all-inclusive security posture looks at the network from a holistic point of view. The principles of Defense-in-Depth will make evident the failings of the traditional perimeter model. The traditional perimeter is dead. The perimeter is wherever the data is...

Comments  (0)


If Woody Had Gone to the Police...

December 14, 2010 Added by:J. Oquendo

The entire situation could have been avoided by implementing defense in depth. Had the United States military implemented something as simple as Data Loss Protection (DLP) combined with an SIEM, those cables might not have made it to WikiLeaks...

Comments  (1)

Page « < 1 - 2 > »