Blog Posts Tagged with "Defense in Depth"

Fc152e73692bc3c934d248f639d9e963

PCI Defense In Depth

October 17, 2011 Added by:PCI Guru

It has been more than five years since the “sa” default password debacle and yet you still encounter applications that use service accounts to access their database and those service accounts have no password. The rationale? “We did not want to code the password into the application..."

Comments  (0)

44a2e0804995faf8d2e3b084a1e2db1d

Cyberspace and 4th Generation Warfare - A Marriage of Convenience

August 25, 2011 Added by:Don Eijndhoven

The lesson here is that we should prepare our online critical infrastructure for attacks ahead of time. Assume that attacks will come and that attacks will be successful. This means that critical services should be redundant and capable of providing service even while under attack...

Comments  (10)

C787d4daae33f0e155e00c614f07b0ee

A Better Defense in Depth Implementation

April 13, 2011 Added by:Robb Reck

As malicious actors have proven time and time again, our current security programs are insufficient to provide adequate protection. Defense in depth has come under fire as a result. But it’s not the DiD model that has failed us, it’s our own incomplete implementations...

Comments  (3)

850c7a8a30fa40cf01a9db756b49155a

Why Defense in Depth Will Never Be Sufficient

March 30, 2011 Added by:J. Oquendo

Defense in depth is a great approach at defending from the outside in, but far too many professionals are entrenched in getting this right while attackers are increasingly “punching holes” on their way out. Defense in Depth is not going to solve the "advanced persistent” issue...

Comments  (5)

C787d4daae33f0e155e00c614f07b0ee

Defense in Depth is Necessary, But Not Sufficient

March 28, 2011 Added by:Robb Reck

Cyber warfare raises the possibility that weapons may not fire when we count on them, or healthcare systems may not function properly when lives are at stake. The appropriate level of acceptable risk in these areas is extremely small and requires the very best security measures we can implement...

Comments  (0)

11146d62a6c31fb9fac8ac8ac991e08d

Why does Web App Security Continue to Stink?

February 21, 2011 Added by:Andy Willingham

Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Customer Security and Software Security

February 02, 2011 Added by:Danny Lieberman

What threats really count for your business? No question is more important for implementing effective security. The management, the software developers and security analysts cannot expect to mitigate risk without knowing the sources and costs of threats to products and the products’ users...

Comments  (3)

C787d4daae33f0e155e00c614f07b0ee

Defense in Depth: Security Strategy or Security Blanket?

January 26, 2011 Added by:Robb Reck

We have all heard that a defense in depth is required for an effective security program. But in many ways defense in depth has become a security blanket for companies, rather than a strategy. The number of different technologies may give a nice sense of security, but provides negligible added value...

Comments  (6)

065b7cfbbb03ac9d18cbf5ed0615b40a

Reality Check: Traditional Perimeter Security is Dead

December 15, 2010 Added by:Stefan Fouant

An all-inclusive security posture looks at the network from a holistic point of view. The principles of Defense-in-Depth will make evident the failings of the traditional perimeter model. The traditional perimeter is dead. The perimeter is wherever the data is...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

If Woody Had Gone to the Police...

December 14, 2010 Added by:J. Oquendo

The entire situation could have been avoided by implementing defense in depth. Had the United States military implemented something as simple as Data Loss Protection (DLP) combined with an SIEM, those cables might not have made it to WikiLeaks...

Comments  (1)

Page « < 1 - 2 > »