Items Tagged with "Best Practices"


4c1c5119b03285e3f64bd83a8f9dfeec

DMTF's Cloud Infrastructure Standard

September 07, 2012 Added by:Ben Kepes

CIMI is arguably more complex than a simple standard – it reflects that people want to rubber stamp a standard, but also want to deliver proprietary functionality as a point of differentiation from the competition. CIMI is a positive initiative, but the proof is in the pudding...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Finishing the Security Automation Job

September 06, 2012 Added by:Tripwire Inc

SACM needs to grow upward and outward from where the SCAP efforts have gotten – move from controls into control frameworks and support the policies, processes, and procedures derived from Operational Risk Management. We’ve got a lot of work ahead. It’s all worth it...

Comments  (3)

8e6e3972318ff74b194801340248199e

How I Learned about File Encryption the Hard Way

September 06, 2012 Added by:Scott Thomas

Learn about file versus whole disk encryption, as well as where keys are stored. Also learn to move the keys if you're going to wipe a drive. If I can offer anything to anyone about file encryption it would be to completely understand how it works before you play with live data...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Best Practices for the Destruction of Digital Data

August 31, 2012 Added by:Ben Rothke

The need for effective media destruction is imperative given that digital media is the crown jewels of most organizations. From payroll, financial records, to personal information and company/trade secrets, there are terabytes of data that at the end of its lifecycle, needs to be effectively sanitized...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

How Do You Change an Unhealthy Compliance Culture?

August 29, 2012 Added by:Thomas Fox

The best way to effect culture “is to combine strong leadership with the existing internal elements of a healthy corporate culture... while it may take as long to create a good culture as it does to establish a good reputation, a strong set of values is usually harder to destroy unless the company is itself dismantled..."

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Your Organizational Chart Tells a Security Story

August 28, 2012 Added by:Tripwire Inc

The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

The Seven Qualities of Highly Secure Software

August 23, 2012 Added by:Ben Rothke

Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...

Comments  (0)

1a490136c27502563c62267354024cd5

Mobile Security: Surfing the Paradox

August 22, 2012

The basis of the paradox – how can a device that is so small, open, innovative, tactile, easy to use and readily available retain mass-market appeal while at the same time remaining secure? This is the challenge not just from a software or hardware perspective, but also a cultural one...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Lessons in the Evolution of Compliance in China

August 16, 2012 Added by:Thomas Fox

As Chinese companies engage with partners, globally and locally, their internal and external business practices are evolving. The article “The Myths of Gift Giving” found that many Chinese companies now put greater emphasis on professionalism and building trust and confidence in business capabilities...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

What Information Security Can Learn from Waiting Tables

August 12, 2012 Added by:Robb Reck

What makes an organization effective is in knowing what their customer-base needs or wants. We are only as valuable as the service we give to our customers. For many of us, our primary customers are internal. The business leaders, the IT department, our vendors, and many others are the customers who are served...

Comments  (0)

2e4d1e4bb6b5e2d5901e2ede8065fb24

Why Effective Awareness Training Matters

August 12, 2012 Added by:Brent Hutfless

Training and education are key elements to securing data. The advances in detection and monitoring solutions have placed more capable tools in the security professional’s toolbox, but APT attacks have grown in sophistication and perseverance – often leading to successful attacks and subsequent data loss...

Comments  (2)

59d9b46aa00c70238bb89056cfeb96c0

Silly Putty and Compliance: Remember It’s Not Always About You

August 08, 2012 Added by:Thomas Fox

This is not the problem where the legal department or compliance department is viewed as the Land of No, inhabited by only Dr. No. It is, instead, the perception that legal or compliance simply institutes requirements without even talking to the people they affect the most, the business unit employees...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Ticking Time-Bombs: Production Data in Non-Production Systems

August 03, 2012 Added by:Rafal Los

While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...

Comments  (0)

1b061b1cec6b5898e5326992d9461610

No Infosec Sacred Cows

August 02, 2012 Added by:Dave Shackleford

Most security awareness programs SUCK. I bet the majority of the awareness proselytizers are doing the same old crap with some stupid Web-based Flash thingie that people click through as fast as they can, and a little printout goes in their HR folder. UGH. That doesn’t work, never has, and never will...

Comments  (3)

3e35900ae6facc6c146a85c435c71d82

Wireless Network Security: A Beginner's Guide

August 02, 2012 Added by:Ben Rothke

The T.J. Maxx data breach was due to insecure wireless connectivity. Estimates of the costs for this security fiasco are a staggering $4.5 billion. Had the staff at T.J. Maxx had this book at hand and used it, they may have been able to save themselves a significant amount of money...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

BYOD too Big for Twitter...

July 29, 2012 Added by:Boris Sverdlik

It's not a question of technology, it really isn't. The one problem that we keep running into is that user's don't want us installing things on their personal devices. It's the whole entitlement mentality that our users have somehow attained through all of our babying. That's the cost of using their resources...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »