Blog Posts Tagged with "Processes"
CIOs Seek Value But See Challenges with Cloud Computing
September 16, 2012 Added by:Bill Gerneglia
The face of corporate IT changes dramatically with a move to the cloud – no longer do people need to spend time racking and stacking servers, patching software and other low level tasks – the fact is that in the long run individual organizations will not have email server administrators, desktop software support personnel or systems administrators...
Comments (0)
Change Management and Process Improvement
December 19, 2011 Added by:Rafal Los
I don't know of a bigger detractor to security than a broken enterprise change management process... whether you work for a million node global corporation, or a company with 100 laptops and an outsourced IT - poor change management will be the death of your security posture, period...
Comments (0)
Memory Forensics: Pull Process and Network Connections from a Memory Dump
November 23, 2011 Added by:Dan Dieterle
From the output of the command, we see the physical memory location, process name and the PID number of all processes that were running. This helps deduce if something was running that should not have been and allows you to view programs that may be running under the process...
Comments (0)
Security Metrics and the Balanced Scorecard
October 13, 2011 Added by:Steven Fox, CISSP, QSA
The business process metric ensures processes are meeting business requirements. The security team can use this information to identify where threats may have the greatest impact, to identify risks that are relevant, and to plan controls from the perspective of an attacker...
Comments (0)
Using Trust Maps to Manage Critical Systems
August 04, 2011 Added by:Brent Huston
The purpose of a trust map is to graphically demonstrate trust between components of your organization. It is a graphic of how authentication occurs, what systems share accounts and what systems trust other systems in an environment. Done properly, they become a powerful tool with a real payoff...
Comments (0)
Too Many Tools, Not Enough Glue?
July 26, 2011 Added by:Rafal Los
The difficult part with handling information security seems to be memory, applicability, and planning. Can I recall where that tool is and how it works? Do I have enough actionable intelligence right now? Did I leave enough breadcrumbs to prepare me for this need? Is there a plan?
Comments (0)
Infosec and Internal Audit Working Together
July 11, 2011 Added by:Robb Reck
The difference between security and internal audit is slight, but significant. We are both looking to address risk, but security is considered a part of the business, and audit must be an impartial third party. By working together both teams can become better at what they do...
Comments (3)
Three Things Good Security Processes Won’t Do
March 15, 2011 Added by:Brent Huston
While good security processes might help you generate metrics and real world threat insights that you can use to explain risk to your management, as the old saying goes, if they spend more on coffee than infosec, they will get hacked and they will deserve it...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!