Blog Posts Tagged with "Rafal Los"
Doing Biz with Hackers: Do Bad Guys Make the Best Good Guys?
March 06, 2012 Added by:Rafal Los
The significance of quality talent can't be overlooked - having a second-rate individual watching your virtual piggy-bank is as good as having none. It's not like there are thousands of ex-con hackers out there looking for work - but I suspect there are more than you think...
Comments (3)
The Patchwork Cloud - Security and Incentives
March 04, 2012 Added by:Rafal Los
A cloud service provider who isn't doing well at meeting security controls and requirements has two options - ignore the voluntary attestation and stay off the STAR registry, or only answer certain parts. This makes it impossible to have a level playing field...
Comments (1)
Cross-Border Sovereignty Issues in the Cloud
March 02, 2012 Added by:Rafal Los
It's about due care, process, and not rushing into a cloud computing migration. Take a rational approach and first understand the parameters you need to operate. Then enforce with prejudice those requirements on your vendors and know the way cloud computing is delivered...
Comments (0)
Continuous Patching: Is it Viable in the Enterprise?
February 28, 2012 Added by:Rafal Los
The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...
Comments (2)
Abandon FUD, Scare Tactics and Marketing Hype
February 25, 2012 Added by:Rafal Los
Perhaps it is security professionals' diminished tolerance for FUD, or perhaps there is a collective awakening to the bigger picture, or it was just time for the chickens to come to roost. No matter, this drastic anti-FUD backlash is strong and I for one say it's about time...
Comments (2)
The Patchwork Cloud Part 1: An Overview
February 23, 2012 Added by:Rafal Los
Cloud computing isn't a paradigm every organization will follow whole-hog, nor should it be. Public cloud, hybrid cloud, private cloud, these are all terms need to be understood first and have some sort of rational approaches to security and risk management around them...
Comments (0)
The CISO as a Capable Catalyst
February 22, 2012 Added by:Rafal Los
"If a CISO initially receives any capability when starting the position, that was capability that was left over from their predecessor. It is now the CISO's responsibility to earn more capability and solidify what may already exist..."
Comments (0)
Cybersecurity Act of 2012 - Cybersecurity Collides with Risk
February 19, 2012 Added by:Rafal Los
This is just a chance to create some new regulatory-agency office, hire a bunch of new auditors, attorneys, experts, and waste more time rather than actually making critical infrastructure more risk-averse...
Comments (0)
Responsibility vs Capability in the CISO Role
February 17, 2012 Added by:Rafal Los
Capability is often seen as the ability to enforce - whether its corporate politics, budget, or a top-down reporting structure. If you don't have the capability to force people to follow organization-wide decisions it is difficult to have a solid organization...
Comments (0)
The Dangers of Non-Contextual Pattern Matching
February 15, 2012 Added by:Rafal Los
Even a system inconsistency such as an abnormal page transition velocity on your flagship web application can be overlooked - until you put all those together and realize you're being SQL Injected and someone is stealing your multi-terabyte database out from under you...
Comments (0)
Difference Between Spreading Information and Enabling Crime
February 14, 2012 Added by:Rafal Los
Most people don't get prosecuted or charged for distributing or re-tweeting a link to an Anonymous pastebin dump. Where is the line drawn then, and why are some incidents bigger than others? The question ultimately goes to the contents of the cache of information...
Comments (2)
Will the Real IT Security Researcher Please Stand Up?
February 12, 2012 Added by:Rafal Los
Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?
Comments (2)
Enterprise Security and the Battle Over Productivity
February 11, 2012 Added by:Rafal Los
The trick is, when security can't clearly and absolutely get definition on what employees should and shouldn't be allowed to do, they have to implement the law of least privilege overly aggressively and then things get slow, tedious, and everyone complains about security...
Comments (0)
Straight Talk about Compliance from a Security Viewpoint
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
Comments (0)
Defending the Enterprise - Five Corporate Security Challenges
February 08, 2012 Added by:Rafal Los
You have to keep close tabs on your employees, your friends, your enemies and those you would never suspect, because threats are ever-present and overwhelming. Keep a level-head, because the evolution of threat doesn't mean it's any more scary today than yesterday...
Comments (0)
Data Loss Prevention Step 6: Encrypting Data at Rest
February 06, 2012 Added by:Rafal Los
Even if you did know where all your critical information is, you'd probably be powerless to control its sprawl. Let's face it, systems consume data and then become mobile - which is hardly something you can do anything about in a world where mobility is a key business driver...
Comments (2)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)