Items Tagged with "Best Practices"


F29746c6cb299c1755e4087e6126a816

Losing Trust: Canadian Data Breach Spotlights Human Error

July 27, 2012 Added by:Kelly Colgan

It’s not just about protecting ourselves from identity theft or fraud like when our account number or government-issued ID numbers are exposed. It’s what I like to call privacy for the sake of privacy. Just knowing that someone could be looking at our personal histories doesn’t sit well with the public...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Countermeasures, Weather Forecasts, and Security Metrics

July 25, 2012 Added by:Tripwire Inc

Take a look at the things you measure. In particular, take a look at the things that become part of your bonus calculations or your performance reviews. If you are being measured against things that feel more like Tracking Indicators (like a weather forecast), then it’s time to renegotiate your Metrics...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

3071bd3c5c013c8c3defcccad0259c16

Is Security Awareness as Effective as We Imagine?

July 24, 2012 Added by:Hani Banayoti

We cannot relax our technical security deep-dive efforts just because we think we deliver good corporate security awareness. Did high profile technology and security companies like RSA, GlobalSign, DigiNotar, Sony, Yahoo, Linkedin etc, not have good security awareness when they got compromised? I'm sure they did...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Throwing the Baby Out with the Bath Water

July 20, 2012 Added by:Infosec Island Admin

You train employees to protect not only from clicking on links or suspect emails, but you also teach them good ethics as well as security hygiene. The cumulative effect will help you secure the environment and in tandem with your technical means, and make it all the better...

Comments  (3)

59d9b46aa00c70238bb89056cfeb96c0

The Compliance Professional as a Trusted Advisor

July 18, 2012 Added by:Thomas Fox

Compliance is ar form of risk you can measure, evaluate and then manage. If the risk becomes too great, that may create an unacceptable level which your company will not tolerate. One of your key roles of a compliance practitioner is to reduce the level of risk which your company cannot or will not tolerate...

Comments  (0)

1de705dde1cf97450678321cd77853d9

Blame the Silver Heads?

July 17, 2012 Added by:Ian Tibble

The idea that CEOs are responsible for all our problems is one of the sacred holy cows of the security industry. Security analysts, managers, self-proclaimed "Evangelists", "Subject Matter Experts", ad infinitum are responsible for the problems. Lets look at ourselves before blaming others...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

NIST Recommendations for Cryptographic Key Management

July 17, 2012

Developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the application. This Recommendation provides information and establishes frameworks to support appropriate decisions...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Cyber Attacks: Protecting National Infrastructure

July 15, 2012 Added by:Ben Rothke

Protecting “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters”...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

What Actions Do Your Security Metrics Promote?

July 12, 2012 Added by:Tripwire Inc

“It is possible to focus on a single metric and drive it up or down, but wreak havoc on the organization through unintended side effects. Some organizations have to deal with some people “gaming the metrics”, which again can lead to unintended side effects. Other organizations use metrics as a way to begin a conversation..."

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Spring Cleaning for Your Security Toolbox

July 08, 2012 Added by:Robb Reck

Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...

Comments  (0)

C64d6029dda7a794e966cb3f6f6b5534

Password Security: The Main Vein

July 02, 2012 Added by:Ahmed Saleh

Your passwords should be treated as "high sensitive information", and you are responsible for taking the appropriate steps to select and secure this information. Information system users should be aware of the characteristics of weak and strong passwords in order to ensure adequate protection of their information...

Comments  (1)

1a490136c27502563c62267354024cd5

Automated Vulnerability Assessments are not Enough

June 26, 2012

What we really need is a holistic approach to detect/validate vulnerabilities besides determining if the system complies with IS policies. An IS audit needs to be added to our set of activities to perform a complete security assessment. Let’s start by describing the IS Audit process from the very beginning...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

How to Save Your Photos from a BYOD Security Policy

June 24, 2012 Added by:Brent Huston

One of the more common rules is to enable the remote wipe and lock feature. This means that if your device was ever stolen or compromised, the IT department can remotely lock the device and then wipe any data from it. And yes, that would include all of your photos as well as other items...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Disposal Dummies Cause Privacy and Security Problems

June 21, 2012 Added by:Rebecca Herold

Information disposal is now a legal requirement for basically all businesses of all sizes, and it simply makes sense to dispose of information securely as an effective way to prevent breaches. Having effective disposal policies, procedures and technologies in place demonstrates reasonable due diligence...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

Elementary Information Security

June 21, 2012 Added by:Ben Rothke

For anyone looking for a comprehensive information security reference guide - Elementary Information Security is it. While the title may say elementary, for the reader who spends the time and effort to complete the book, they will come out with a complete overview of every significant information security topic...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »