Items Tagged with "Best Practices"


B8db824b8b275afb1f4160f03cd3f733

Vulnerabilities: Context Matters

May 13, 2012 Added by:Jack Daniel

You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...

Comments  (0)

E11e506024f5d2b70f037b9af4734f33

ENISA: National Cyber Security Strategies Analysis

May 09, 2012

To assist in the important task of developing and maintaining a successful national cyber security strategy, ENISA is developing a Good Practice Guide which will present good practices and recommendations on how to develop, implement and maintain a cyber security strategy...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Breached! Now What? Seven Steps to Avoid Failure Panic

May 07, 2012 Added by:Rafal Los

To many organizations, a security breach means a catastrophic failure in security signifying a breakdown in the mechanisms installed to keep the organization secure, and by its very nature represents failure. The problem with this situation is it really represents two failures...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

NIST: Strategies to Mitigate Risk in the Federal ICT Supply Chain

May 07, 2012

Federal systems are increasingly at risk to both intentional and unintentional security risks introduced into their supply chain. The document provides a set of 10 practices intended to help federal departments and agencies manage the risk associated with the ICT supply chain...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

When Statistics Fail: Planning for Things You Can't Expect

April 27, 2012 Added by:Rafal Los

In incident preparedness, if you don't already, maybe it's time for a chapter on worst case scenarios. Lots of organizations have these, but as I pointed out, many aren't even thinking about testing their own incident response plans much less looking at the absolute worst-case...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Making Security Metrics That Matter

April 22, 2012 Added by:Robb Reck

The traditional role of security in the organization has been that of a cost-center to be minimized. Security’s success has historically been defined by internally developed measures. We work to create best-practice metrics that show how mature the security program is...

Comments  (2)

B09c361cbdc6cf629affdc7db30a186d

Positioning the Security Team Using Influence Part 2

April 22, 2012 Added by:Steven Fox, CISSP, QSA

Security engineers, analysts, and auditors are apt to use security policies or industry best practices as the foundation of their guidance rather than addressing business needs. While valid in its substance, these appeals to authority are perceived negatively...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Protecting Your Enterprise by Breaking It

April 20, 2012 Added by:Rafal Los

In a nutshell, if you (in information security) haven't broken things in your organization's networks, you're likely terribly unprepared for when things to wrong and thus are doing it wrong. Now, before you come all unhinged, read the rest of this post...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Ten Ways to Handle Insider Threats

April 18, 2012 Added by:Brent Huston

Tough economic times make it tempting for an employee to switch his white hat to a black one for financial gain. Insider threats also include contractors, auditors, and anyone who has authorized access to systems. How can you minimize the risk? Here are a few tips...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Secure Networks: Remember the DMZ in 2012

April 17, 2012 Added by:Brent Huston

Recently, I have talked to two companies who have been hit by malicious activity that compromised a web application and gave the attacker complete control over a box sitting INSIDE their primary business network with essentially unfettered access to the environment...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Three Keys to the Role of a Chief Compliance Officer

April 11, 2012 Added by:Thomas Fox

There is an ongoing debate in the compliance world about whether a company can or should combine or separate the role of the CCO from that of the General Counsel. Before a company can answer this question, it must meet No. 6 of the DOJ's minimum best practices requirement...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: Guidelines for Monitoring Cloud Computing Contracts

April 05, 2012

Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Security's Fundamental Truth and Problem

April 03, 2012 Added by:Robb Reck

It’s very nature makes security difficult for people to readily accept. Security really is hard. It is inconvenient. It takes a 10 minute process and turns it into 11, 15, 30 or 60 minutes. Why wouldn’t our people give pause when security comes with these kinds of burdens?

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Innovation and Compliance

March 26, 2012 Added by:Thomas Fox

Can compliance be innovative? Or can innovation inform your compliance program? Innovation in the compliance arena is key. As compliance programs mature and as companies mature in their approach to compliance, innovation will continue to lead best practices...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Fifteen Unsafe Security Practices that Lead to Data Breaches

March 21, 2012 Added by:Kelly Colgan

Database security is an essential element of overall security maturity at enterprise level. Underestimating its value and not dedicating sufficient attention to developing a comprehensive data security plan can, in many instances, lead to data compromise...

Comments  (1)

Page « < 3 - 4 - 5 - 6 - 7 > »