Blog Posts Tagged with "Risk Management"

0a8cae998f9c51e3b3c0ccbaddf521aa

"No known exploits in the wild..."

November 13, 2012 Added by:Rafal Los

It's human nature, and just the way we are wired... I know I can feel some of that on myself when I hear that phrase. I guess I would change it to be slightly more effective (or harder to dismiss) by adding "at this time" at the end of the sentence - although I doubt it would make too much of a different...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Third Party Application Analysis: Best Practices and Lessons Learned

November 02, 2012 Added by:Fergal Glynn

Communication and execution are crucial to successful third party analyses. A huge contributing factor for these best practices is project management. Project management activities such as status meetings, enterprise follow-ups, and open discussions will facilitate the analysis process...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Using ISO 27005: Where Does a Risk Taxonomy Fit?

October 23, 2012 Added by:Stephen Marchewitz

Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Have You Added Personas to your Incident Response Program?

October 23, 2012 Added by:Tripwire Inc

For any activity you do, it’s important not just to measure how well the organization did in a stress test situation, but to evaluate where your opportunities for improvement are. In my experience, personas are a great way to communicate a rich context very quickly once they are introduced...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Apple Shareholders Demand Security Risk Reports From the Board

October 19, 2012 Added by:Tripwire Inc

Apple shareholders recently made a request of Apple’s Board of Directors to provide a report regarding how Apple and its board oversees security and privacy risks. The request cites many of the recent privacy and security issues that have plagued Apple, making headlines and even leading to litigation...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Brittle Systems - Unmasking Enterprise Security's Quiet Danger

October 13, 2012 Added by:Rafal Los

Besides all the obvious security vulnerabilities in your enterprise there is an even bigger problem lurking just below the water. At that intersection between critical system and security vulnerability is something many IT professionals acknowledge as the big pink elephant in the room - the "brittle system"...

Comments  (0)

942a200514c2a9d79858ce6355c40614

Top Ten Ways to Prevent Data Breaches

October 11, 2012 Added by:Paul Kenyon

Users with admin rights are loose cannons -- you just don’t know when or where they are going to strike, and the results can be devastating to the company’s security infrastructure. Once a problem occurs, it often unravels into a downward spiral taking your business - and reputation - down with it...

Comments  (3)

Bd07d58f0d31d48d3764821d109bf165

CISO Lessons Learned

October 11, 2012 Added by:Tripwire Inc

The lessons they learn are not just from traditional infosec forensics – they also look at other parts of the business who contributed to the issue, were impacted by the incidents, or who were involved in response – and their learnings can include virtually any aspect of the chain of event...

Comments  (0)

1de705dde1cf97450678321cd77853d9

Somewhere Over The Rainbow – A Story About A Global Ubiquitous Record of All Things Incident

October 10, 2012 Added by:Ian Tibble

Most businesses don’t even know they were hacked until a botnet command and control box is owned by some supposed good guys somewhere, but all talk of security is null and void if we acknowledge reality here. So let’s not talk reality...

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Help Create an Easy to Use Open Source Risk Equation

October 09, 2012 Added by:Matt Neely

The information security industry has attempted to adapt existing Risk Management practices for the task of managing information security. Numerous frameworks have been devised over the years, including FAIR, OCTAVE, ISO 27001/27005 and NIST 800-53/NIST 800-39, just to name a few...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Ten Musts for a Good Security Risk Equation

October 08, 2012 Added by:Stephen Marchewitz

For those of you that have taken steps to build a security risk management program, sooner or later you will come to the point where you have to start quantifying risk in some meaningful way. So here are ten qualities to assess your choices against...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Navigating Social Media Legal Risks: Safeguarding Your Business

October 03, 2012 Added by:Ben Rothke

Social media makes it easy for organizations to find and retain customers and increase sales, amongst many other benefits. At the same time, it can expose an organization to significant and highly-expensive legal risks and issues, and find themselves at the receiving end of a subpoena...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Three Ways to Minimize Reputational Risk with Social Media

September 26, 2012 Added by:Brent Huston

One of the most difficult tasks for an organization is conveying the importance of discretion for employees who use social media. Not only are organizations at risk from having their networks attacked, but they must protect their reputation and proprietary ideas...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

The Face of Battle: Sir John Keegan and the Individual in Compliance

September 26, 2012 Added by:Thomas Fox

Compliance violation perpetrators will often grow the fraud in magnitude, sometimes increasing the number of participants. They will rarely cease on their own accord. This fits into Sir John’s analysis of the everyman of battle: What they did and how they did it...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Ask the Experts: Management and Rational Decisions About Security

September 22, 2012 Added by:Brent Huston

Emphasize that there are security measures that are effective in zero day situations. These include such controls as anomaly based detection mechanisms, system user security training, and incident response programs. If you can detect these attacks early and respond to them correctly...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Some Simple Definitions for Risk and Security Discussions

September 19, 2012 Added by:Stephen Marchewitz

Every time I read something regarding the core terminology in security and risk management, I start to question whether they really know what they’re talking about. Even worse, some speak with so many words and such arrogance, I start question whether I know what I’m talking about...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »