Items Tagged with "Best Practices"


Error Logs and Apollo 11: One Giant Step For Risk Management

September 09, 2012 Added by:Tripwire Inc

Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...

Comments  (0)


DMTF's Cloud Infrastructure Standard

September 07, 2012 Added by:Ben Kepes

CIMI is arguably more complex than a simple standard – it reflects that people want to rubber stamp a standard, but also want to deliver proprietary functionality as a point of differentiation from the competition. CIMI is a positive initiative, but the proof is in the pudding...

Comments  (0)


Finishing the Security Automation Job

September 06, 2012 Added by:Tripwire Inc

SACM needs to grow upward and outward from where the SCAP efforts have gotten – move from controls into control frameworks and support the policies, processes, and procedures derived from Operational Risk Management. We’ve got a lot of work ahead. It’s all worth it...

Comments  (3)


How I Learned about File Encryption the Hard Way

September 06, 2012 Added by:Scott Thomas

Learn about file versus whole disk encryption, as well as where keys are stored. Also learn to move the keys if you're going to wipe a drive. If I can offer anything to anyone about file encryption it would be to completely understand how it works before you play with live data...

Comments  (0)


Best Practices for the Destruction of Digital Data

August 31, 2012 Added by:Ben Rothke

The need for effective media destruction is imperative given that digital media is the crown jewels of most organizations. From payroll, financial records, to personal information and company/trade secrets, there are terabytes of data that at the end of its lifecycle, needs to be effectively sanitized...

Comments  (0)


How Do You Change an Unhealthy Compliance Culture?

August 29, 2012 Added by:Thomas Fox

The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."

Comments  (0)


Your Organizational Chart Tells a Security Story

August 28, 2012 Added by:Tripwire Inc

The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...

Comments  (1)


The Seven Qualities of Highly Secure Software

August 23, 2012 Added by:Ben Rothke

Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...

Comments  (0)


Mobile Security: Surfing the Paradox

August 22, 2012

The basis of the paradox – how can a device that is so small, open, innovative, tactile, easy to use and readily available retain mass-market appeal while at the same time remaining secure? This is the challenge not just from a software or hardware perspective, but also a cultural one...

Comments  (0)


Lessons in the Evolution of Compliance in China

August 16, 2012 Added by:Thomas Fox

As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...

Comments  (0)


What Information Security Can Learn from Waiting Tables

August 12, 2012 Added by:Robb Reck

What makes an organization effective is in knowing what their customer-base needs or wants. We are only as valuable as the service we give to our customers. For many of us, our primary customers are internal. The business leaders, the IT department, our vendors, and many others are the customers who are served...

Comments  (0)


Why Effective Awareness Training Matters

August 12, 2012 Added by:Brent Hutfless

Training and education are key elements to securing data. The advances in detection and monitoring solutions have placed more capable tools in the security professional’s toolbox, but APT attacks have grown in sophistication and perseverance – often leading to successful attacks and subsequent data loss...

Comments  (2)


Silly Putty and Compliance: Remember It’s Not Always About You

August 08, 2012 Added by:Thomas Fox

This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...

Comments  (1)


Ticking Time-Bombs: Production Data in Non-Production Systems

August 03, 2012 Added by:Rafal Los

While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...

Comments  (0)


No Infosec Sacred Cows

August 02, 2012 Added by:Dave Shackleford

Most security awareness programs SUCK. I bet the majority of the awareness proselytizers are doing the same old crap with some stupid Web-based Flash thingie that people click through as fast as they can, and a little printout goes in their HR folder. UGH. That doesn’t work, never has, and never will...

Comments  (3)


Wireless Network Security: A Beginner's Guide

August 02, 2012 Added by:Ben Rothke

The T.J. Maxx data breach was due to insecure wireless connectivity. Estimates of the costs for this security fiasco are a staggering $4.5 billion. Had the staff at T.J. Maxx had this book at hand and used it, they may have been able to save themselves a significant amount of money...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »