Items Tagged with "Security Strategies"
Mobile Security Experts on BYOD
August 08, 2012 Added by:Fergal Glynn
Devices aren’t the main problem in a BYOD strategy: employees are. That’s why BYOD is not just a technical issue. It needs a holistic approach that includes HR, data security and legal stakeholders. Organizations adopting a BYOD strategy should put in place a strategy that includes policies and technical constraints...
Comments (0)
What You Should Know When Choosing a FIM Solution
August 07, 2012
Before selecting a file integrity monitoring (FIM) solution, organizations must understand the technical differences between agentless and agent-based FIM. It’s actually these differences that deliver the benefits organizations want from their file integrity monitoring solution while minimizing the issues...
Comments (0)
BYOD - Challenges of Protecting Data - Part 4
August 07, 2012 Added by:Rafal Los
When it comes down to it, BYOD is only possible if you've got the basics of data-centric security right. You know, protecting the actual data rather than trying to build elaborate structures around the things that work with that data in order to compensate. Let me explain...
Comments (0)
On Security Awareness Training
August 05, 2012 Added by:PCI Guru
Security awareness training has its place, but it is not a silver bullet. The world is full of risks and a security professional’s job is to minimize those risks and manage the remaining residual risk. This is why security is done in layers, so that when people make that mistake you minimize the impact...
Comments (0)
BYOD: Challenges of Protecting Data - Part Two
August 01, 2012 Added by:Rafal Los
Productivity is nice to talk about when you can sit at home and read your corporate email on your tablet, or mobile phone - but what if that device is ridden with malware, or hijacked to be part of a botnet, there are very serious security and productivity implications there. Let's expand on this a bit...
Comments (0)
Don’t Freak Out, It was Only DefCon
July 31, 2012 Added by:Brent Huston
Disregard tales of drunken hackers menacing Vegas hotels, changing signs and doing social engineering attacks. They are good for amusement and awareness, but they are NOT really useful as a lens for viewing your organization’s risk or the steps you should be taking to protect your data. Instead, stick to the basics...
Comments (1)
BYOD: Challenges of Protecting Data - Part One
July 30, 2012 Added by:Rafal Los
Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...
Comments (1)
UK Intelligence and Security Committee Annual Report
July 20, 2012 Added by:Stefano Mele
"There appears to have been some progress on developing cyber capabilities. However, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage. We are therefore concerned that much of the work to protect UK interests in cyberspace is still at an early stage..."
Comments (0)
English Translation of the Dutch Defense Cyber Strategy
July 18, 2012 Added by:Matthijs R. Koot
The biggest threat in the digital domain is due to high-end and complex digital offensive capabilities that are targeted at a specific targets that can severely limit the the armed forces' ability to act. A lack of insight into digital possibilities to carry out attacks is a real risk to the armed forces...
Comments (0)
On Government Strategies to Mitigate Growing Cyber Threats
July 16, 2012 Added by:Pierluigi Paganini
We have witnessed the recruitment of hackers on the part of governments to carry out offensive actions and to train personnel in the use of deadly new weapon... the keyboard. Not with bullets, but with bits we must now battle, and who better than a hacker can transfer their knowledge on the subject matter?
Comments (0)
Spring Cleaning for Your Security Toolbox
July 08, 2012 Added by:Robb Reck
Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...
Comments (0)
The Resilient Enterprise: Taming Chaos with Automation
June 20, 2012 Added by:Rafal Los
Whatever the incident or failure, the system can detect and respond in an automated fashion as long as its within the realm of known things. When things fail or break in a new way that has never been seen before, the system will take corrective action to restore service to the best of its ability...
Comments (0)
Insider Threats Confound Enterprise Security Efforts
June 20, 2012 Added by:Headlines
"The majority of staff within any organization are trustworthy and honest. But businesses must understand the scale of the threat posed by the small proportion of staff who act dishonestly and defraud their employer and the numerous ways in which an organization can be targeted"...
Comments (1)
Companies Focus on Growth But Lag Behind Threats
June 20, 2012 Added by:Bob Radvanovsky
Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...
Comments (0)
Stability is Bad for Your Business
June 19, 2012 Added by:Rafal Los
In really re-evaluating what my whole push behind enterprise resiliency is all about - I've come to realize that the stability / resiliency tradeoff is actually quite intuitive, it's just that not many of us were taught to think this way. What we're really saying is that stability is bad...
Comments (0)
CISSP Reloaded Domain Eight: BCPs and DRs
June 14, 2012 Added by:Javvad Malik
Some companies are not factoring cloud-based or 3rd party hosted applications into their DR plans because contractually the cloud provider is responsible. What would you do if your cloud-provider got hit by a disaster they couldn’t recover from. What would you do in order to continue your business operations?