Policy

0a8cae998f9c51e3b3c0ccbaddf521aa

Why QA Doesn't Do Security Testing

January 06, 2011 Added by:Rafal Los

Just because you're checking for the existence of the password requirement, or making sure pages aren't accessible without authentication doesn't actually mean you're doing security testing. In reality, this is just a small part of the overall security testing that applications require...

Comments  (1)

C787d4daae33f0e155e00c614f07b0ee

False Positives: The Best Way to Kill a Good Initiative

January 05, 2011 Added by:Robb Reck

The more we raise alerts about issues that either don't exist, or aren't worth the attention we give them, the less interested people are in hearing what we have to say. If we do it too much, eventually when we scream that the wolf is at the door, we will be ignored, and see our data get eaten up...

Comments  (0)

F520f65cba281c31e29c857faa651872

CIOs: Stop Talking Jargon - Start Talking Solutions

January 01, 2011 Added by:Rahul Neel Mani

CIOs need to stop talking jargon to their business colleagues, says Harvey Koeppel, Executive Director, Center for CIO Leadership. Have conversations around the business benefits behind that jargon and you will immediately get active support right up to the CEO...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

The U.N. and Government Control of the Internet

December 30, 2010 Added by:Headlines

"We have to be careful about what institutions take the lead. The Chinas, the Irans, the Saudi Arabias of the world want to impose a territorial vision of control over cyberspace -- and if the ITU got its wishes, that's essentially what would happen..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

America's “There is No Security Anymore” Policy

December 28, 2010 Added by:Dan Dieterle

This is a change in policy from trying to keep people out, to monitoring and limiting the damage done when they do get in. And get in they have, numerous reports of large corporations, government, and military breaches have made headline news over the years...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

National Defense Authorization Act Omits Cybersecurity

December 22, 2010 Added by:Headlines

The omitted language includes the creation of White House based office to coordinate cybersecurity efforts and the creation of a Federal Cybersecurity Practice Board to enforce Federal Information Security Management Act compliance and implementation of NIST recommendations...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

How Do You Translate Information Security?

December 22, 2010 Added by:Allan Pratt, MBA

The bottom line is that we, as information security professionals, must speak with other business units in their own languages in order to explain the threats we deal with on a daily basis. Business units need to understand how their work can, and will, be affected when breaches happen...

Comments  (2)

49afa3a1bba5280af6c4bf2fb5ea7669

How to Weather the Outsourcing Storm

December 03, 2010 Added by:Mike Meikle

A quick overview, 2.8 million business support jobs lost since 2000, a large chunk of that being IT. Also IT stands to lose another 450k-500K jobs by the time 2014 rolls around. This is discussed in the eWeek article. InfoWorld points to the 500k IT jobs lost in 2008-2009 alone...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US and EU Partner on Cyber Wargames and Security Plans

November 24, 2010 Added by:Headlines

The US and EU recently conducted cyber wargames, and have announced plans to cooperate on addressing a range of cyber security issues. The security exercises included participants from the private sector, and were focused on coordinated responses to cyber-related threat scenarios...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Legislation to Give DHS Power Over Private Networks

November 19, 2010 Added by:Headlines

Proposed legislation in the House of Representatives would give the Department of Homeland Security new authority to enforce cyber security standards aimed at shoring up private sector computer networks considered critical to national security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Internet Kill Switch Debate Still Very Alive

November 17, 2010 Added by:Headlines

Regardless of the outcome of the proposed legislation, in the case of a national emergency, Internet access will be marginal at best, and business continuity plans that rely heavily on the notion that employees will be able to login to corporate networks from home are severely flawed...

Comments  (0)

E2c407e8f2b2f7e67cf000863bd588da

Computer Security Incident Response - Part 3

November 16, 2010 Added by:John McGloughlin

The efficiency and effectiveness of the Security Operations Center (SOC) team depends on disciplined conduct, continuous communication, uniformed approach, low defect rates and positive attitudes. This team is the basis of a continuous effort to protect the assets of the corporation...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Irony - Administration Proposes Internet Privacy Czar

November 14, 2010 Added by:Headlines

It is ironic to think that an increase in government monitoring and policing of online activities will do anything to increase privacy for consumers. As a free society, we need to be careful about empowering federal bureaucracies in order to preserve individual freedoms...

Comments  (1)

16443e0c6f6e4a400fd0164b3c406170

Are You a Demanding User?

November 12, 2010 Added by:Christopher Burgess

When we raise our heads and look into our infrastructure, at times we are thwarted due to the lack of similar technology being availed or an information technology implementation policy standing between us and the new capability. The reality is, we aren't alone...

Comments  (0)

E2c407e8f2b2f7e67cf000863bd588da

Computer Security Incident Response - Part 2

November 10, 2010 Added by:John McGloughlin

If you’re part of a policy making body and maybe don’t have very much real world cyber-combat experience - don’t put together a flow chart for how to deal with a reconnaissance threat and hand it to the operational team. You’ll just piss them off and the objective will be lost...

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Federal Cyber Security: Are We Winning or Losing?

November 09, 2010 Added by:Jon Stout

The state of our cyber defense was summarized by Michael Chertoff when he concluded that it may take a digital 9-11 to get business, consumers and governments to fortify their cyber security defenses. In effect we are fighting an asymmetrical war and, at present, we appear to be losing...

Comments  (0)

Page « < 32 - 33 - 34 - 35 - 36 > »