Blog Posts Tagged with "Risk Management"

Bd07d58f0d31d48d3764821d109bf165

Security: It’s All About (Human) Networking...

July 15, 2012 Added by:Tripwire Inc

Want to add layers, or change your defense in depth approach? Your Information Systems team is just the beginning. What business unit will you impact? How will they be impacted, and when is the optimum time to do this? Depending on scope, this could even ripple through your business continuity program...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

BYOD: The Reality of Allowing Foreign Bodies into Your Network

July 12, 2012 Added by:Rafal Los

We're getting compromised left and right by devices we are delusional enough to think we can trust because we feel like we've got sufficient control... Where does it end? Here, right at the point where we become cognizant of the fact that no asset, corporate or otherwise, should ever really be trusted...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Vulnerability Scans too Disruptive to Conduct Regularly

July 12, 2012 Added by:Headlines

“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks. Critical vulnerabilities have to be identified, prioritized, and remediated daily..."

Comments  (4)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Resilient Enterprise: Resolving Issues Faster

July 03, 2012 Added by:Rafal Los

How can we both restore service quickly and solve a long-term systemic problems when we can't always tell that two issues are even related? Optimize the analysis between changes, connected systems and components to figure out dependencies in cases such as linked and distributed failures...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Talking to Your Management Rationally About Malware

June 28, 2012 Added by:Brent Huston

Malware with comparisons to Stuxnet are all the rage these days. Much of what is in the media is either hysteria, hype, confusion or outright wrong. As an infosec practitioner, your job is to explain to folks in a rational way about the trends and topics in the news carefully, truthfully, and rationally...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Five Reasons Why You Need an Application Security Program

June 28, 2012 Added by:Fergal Glynn

Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Perils Of Automation In Vulnerability Assessment

June 25, 2012 Added by:Ian Tibble

“Run a scanner by it” still appears in so many articles – it's still very much part of the furniture. Software suites are built on the use of automated unauthenticated scanning – in some cases taking an open source scanning engine, wrapping a nice GUI around it, and slapping a 25K USD price tag on it...

Comments  (5)

59d9b46aa00c70238bb89056cfeb96c0

Breaking the Enigma Code: Creating a Functioning Compliance Culture

June 25, 2012 Added by:Thomas Fox

New York Times reporter Adam Bryant recently profiled Angie Hicks, one of the co-founders of Angie’s List, who has some interesting observations on leadership that I found applicable to creating a functional compliance effort within an organization, from compliance professionals to ethical leadership...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Napoleon’s Invasion of Russia and Risk Management

June 20, 2012 Added by:Thomas Fox

As compliance programs become more mature, you can use the information generated in a risk assessment in a variety of ways to facilitate an overall risk management program. To create an effective risk management system, understand the qualitative distinctions among types of risk an organization faces...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Webcast: Risk-Based Security Management

June 20, 2012 Added by:Tripwire Inc

RBSM is defined as applying rigorous and systematic analytical techniques to evaluate the risks that impact an organization’s information assets and IT infrastructure. Tripwire and Ponemon Institute researched the state of risk management and came up with some interesting findings. Join us for this webcast...

Comments  (0)

B35ca22fce3b7eb394e8f5f0094f495f

Misunderstanding Trust

June 20, 2012 Added by:Kevin W. Wall

I thought that most of the properties of trust were obvious, but was surprised to see someone in security quote a Microsoft software developer that “trust is not transitive”. Apparently there are still software and security engineers who misunderstand trust. I will attempt to clear up this misunderstanding...

Comments  (2)

02a6d0efd54c7388e26f125d8df83671

Is BYOD a Nightmare for IT Security or a Dream Come True?

June 19, 2012 Added by:Megan Berry

While you still may be debating whether or not to allow employees to use their own smartphones or tables for work, many organizations realize that they may not have a choice. Though it may seem that the risks of unsecured devices are a security nightmare, with the right tools, companies can work BYOD to their advantage...

Comments  (24)

59d9b46aa00c70238bb89056cfeb96c0

Bill Gates, the Perfect Game and Your Compliance Program

June 17, 2012 Added by:Thomas Fox

Collins has been looking at corporations for over 25 years to unlock the mystery of what makes a great company tick and discusses twelve questions that leaders must grapple with if they truly want to excel. This list is a good summary of questions that you can and should be posing to your compliance team...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Tripwire Examines the State of Risk-Based Security Management

June 14, 2012 Added by:Headlines

"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Path to NoOps is Through the Cloud

June 12, 2012 Added by:Rafal Los

So what is the single most valuable piece of technology that can push a development closer towards a NoOps methodology? I believe it's the adoption of cloud computing. While many of the security folks who read this blog are probably shaking their heads right about now, read on and let me convince you...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)

Page « < 2 - 3 - 4 - 5 - 6 > »