Enterprise Security
What is the Value of a Trade Secret?
May 30, 2010 Added by:Danny Lieberman
My guess is that the value of software patents is on the decline, taking value as the net of the economic upside of the software patent less the cost of patent development, application and enforcement.
Comments (3)
Document Management for ISO 27001 and BS 25999-2
May 28, 2010 Added by:Dejan Kosutic
Why is it that ISO 27001 and BS 25999-2 put such an emphasis on the control of documents? Both standards define very strictly how the documents must be managed, and require that the organization must have a documented procedure for managing documents – even worse, you won’t get certified unless you have such a procedure.
Comments (0)
Information security policy – how detailed should it be?
May 26, 2010 Added by:Dejan Kosutic
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to how many numerical digits a password should contain. The only problem with such policies is that they contain 50 or more pages, and - no one is really taking them seriously. They usually end up serving as artificial documents whose sole purpose is to satisfy the ...
Comments (4)
How to deal with failure to keep the bad guys out.
May 26, 2010 Added by:Eli Talmor
More money is now being made from cybercrime than the billions that come from drug trafficking, AT&T's Chief Security Officer Edward Amoroso has told a US Senate Commerce Committee. Some $1 trillion annually is being siphoned off by cyber criminals according to the security chief.
Comments (0)
Giving information security a KISS!
May 25, 2010 Added by:Security Ninja
The KISS I’m talking about giving to information security is the KISS principle: Keep It Short and Simple (or Keep It Simple Stupid)
Comments (6)
Defining Identity Standards and the Cloud
May 22, 2010 Added by:Lauren Twele
With the formation of the Open Identity Exchange and OASIS Identity in the Cloud TC there is a renewed interest in Identity Management Standards and a new focus on the Cloud model. This has led to some recent discussions such as "What standards to use?", "How to derive value from standards (old and new)?", and "What resources to leverage in delivering standard...
Comments (1)
Reasons to love infosec
May 22, 2010 Added by:Javvad Malik
Infosec sometimes unfairly gets a lot of bad press for being a barrier to business goals and objectives. How infosec professionals don’t understand business needs and drivers. How pouring money into security is about as good as burning it. But infosec has improved the quality of working and the lives of workers the world over.
Comments (0)
ALL Security is Local
May 22, 2010 Added by:Ron Baklarz
Thomas P. O’Neill, former speaker of the US House of Representatives Tip O’Neill’s father, once said that “all politics is local.” He postulated this axiom upon his son’s experiencing his first, and last, political loss. What the wise father was advising his son was that he needed to be aware of and work harder on the political issues in his ow...
Comments (0)
CFOs Need To Sober Up to Security Realities
May 19, 2010 Added by:Anthony M. Freed
For many organizations, network security issues are still considered technical cost-centers that are approached from the standpoint of compliance and the anticipated return on investment, with little consideration of the very real threat to overall enterprise risk.
Comments (9)
Why do you work in Infosec?
May 19, 2010 Added by:Javvad Malik
I was at a social event the other day and got chatting to a few people sat around my table. People are curious creatures, so the topic of conversation quickly moves onto what you do for a living. I tend to adopt a formula to determine if they are worth continuing having a conversation with. A lot of times people reply with "oh I work in banking". So I take a look at them, T.M Lewin ...
Comments (6)
Standardize Screening for Network Security Risks
May 18, 2010 Added by:Danny Lieberman
Best practices for data security are still evolving – as there are no industry-standard data security metrics and a confusing array of regulatory compliance and industry standards – PCI DSS 1.2, Sarbanes-Oxley, FISMA, ISO2700x – just to name a few.
Comments (0)
Becoming the ultimate CISO
May 18, 2010 Added by:Javvad Malik
Every organisation has one. The ones that don’t; definitely need one. We’re talking about a Chief Information Security Officer. The alpha dog of security professionals within any given organisation. The person who sits at the board and convinces all them other executives to make sure the company protects their and their customers information.
Comments (5)
Impact of Online Intelligence Searches part II
May 17, 2010 Added by:Bozidar Spirovski
In our previous article - "Open Source Intelligence Operations" we looked at the generic process of information gathering. But what is this process looking for? The answer to this question is important to all parties..
Comments (0)
Data Mining Analysis vs. Predictive Modeling
May 16, 2010 Added by:Michael O'Connor
Fraud prevention and risk management professionals are familiar with both data mining/analysis and predictive modeling as tools of the trade, and the two are often discussed in conjunction with each other.
Comments (0)
A history of bot fraud
May 16, 2010 Added by:Javvad Malik
Back in the old days before computers were invented or the Internet was discovered, everything was black and white and there were good guys and bad guys. The bad guys back in the day weren’t too different from those of today. Yeah sure they chewed tobacco, but their motives were the same, they wanted power and money.
Comments (0)
Cybersecurity Act of 2010 is Bad Medicine
May 15, 2010 Added by:Richard Stiennon
There are a bunch of cybersecurity bills trickling through Congress right now; some of them several years in the making. Senator Rockefeller’s Cybersecurity Act of 2010(S.773) is deemed the most likely to get voted on by the Senate as it was just unanimously passed through the Senate Committee that he chairs, Commerce Science and Transportation.
Comments (2)
- SAP Cyber Threat Intelligence Report – April 2018
- Cloud Security Alert – Log Files Are Not the Answer
- Avoiding Holes in Your AWS Buckets
- The Three Great Threats to Modern Civilization
- 2020 Vision: How to Prepare for the Future of Information Security Threats
- Why Data Loss Prevention Will Suffer the Same Fate as Anti-Virus
- Unconventional Thinking — Four Practices to Help Mitigate Risk
- The Night the Lights Went out in Georgia (Almost)
- Is Blockchain Really Disruptive in Terms of Data Security?
- Half-Baked Security Approaches: What Cybersecurity Can Learn from Legal Weed