Blog Posts Tagged with "Security Audits"

9259e8d30306ac2ef4c5dd1936e67634

How Much Does ISO 27001 Implementation Cost?

February 15, 2011 Added by:Dejan Kosutic

The greatest value of someone with experience helping you with this kind of project is that you won't end up in dead end streets - spending months and months doing activities that are not really necessary or developing tons of documentation not required by the standard. And that really costs...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27001 and BS 25999 Online Webinar Trainings

February 13, 2011 Added by:Dejan Kosutic

The courses include documentation templates, access to E-learning tutorials and private time with the trainer for consultation on specific issues. You will experience the trainings right from your desk, eliminating travel costs and minimizing lost time away from your office...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 13

February 04, 2011 Added by:Anton Chuvakin

How do you create a logbook that proves that you are reviewing logs and following up with exception analysis, as prescribed by PCI DSS Requirement 10? The logbook is used to document everything related to analyzing and investigating the exceptions flagged during daily review...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Webinar: ISO 27001 Foundations Part 2

February 02, 2011 Added by:Dejan Kosutic

This highly interactive live online training is designed to enable you to walk away with important skills for executing the planning phase of ISO 27001 in your organization. It contains 3 workshops where filling in the real ISMS documents is exercised, and private time with the trainer...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 6.1

February 02, 2011 Added by:PCI Guru

Unlike the insurance industry which has done a very good job of educating management on its value, the security industry has done a very poor job educating management on the value of security and what really needs to be done to secure the organization...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Five Greatest Myths About ISO 27001

January 31, 2011 Added by:Dejan Kosutic

Very often I hear things about ISO 27001 and I don't know whether to laugh or cry over them. Actually it is funny how people tend to make decisions about something they know very little about - here are the most common misconceptions...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Practical Advice for SMBs to Use ISO 27001

January 31, 2011 Added by:Danny Lieberman

The ISO organization has recently taken measures to make ISO more accessible to SMBs by providing practical advice for small and medium-sized businesses on how to achieve the benefits of implementing an information security management system (ISMS) based on the International Standard ISO 27001...

Comments  (2)

9259e8d30306ac2ef4c5dd1936e67634

Webinar: ISO 27001 Foundations Part One

January 28, 2011 Added by:Dejan Kosutic

If you don't plan information security activities carefully, chances are you will miss something important, and that will cost you. ISO 27001 defines the various steps in the planning phase – the purpose is to set a clear direction and take into account everything that can cause security incidents...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 12

January 28, 2011 Added by:Anton Chuvakin

We have several major pieces that we need to prove for PCI DSS compliance validation. Here is the master-list of all compliance proof we will assemble. Unlike other sections, here we will cover proof of logging and not just proof of log review since the latter is so dependent on the former...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Giving ISO 27001 Business Context

January 25, 2011 Added by:Danny Lieberman

ISO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. This article discusses the benefits of performing an ISO 27001 based risk assessment exercise using techniques of threat modeling...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 11

January 23, 2011 Added by:Anton Chuvakin

The main idea of this procedure it to identify and then interview the correct people who might have knowledge about the events taking place on the application then to identify its impact and the required actions, if any...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Network Segmentation – One Last Discussion

January 21, 2011 Added by:PCI Guru

Just because you implement all of these recommendations does not make you invincible. All these recommendations do is just make the likelihood of an incident and the potential damage resulting from an incident lower than if you had little or no controls in place...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27001 Foundations Part One

January 18, 2011 Added by:Dejan Kosutic

This highly interactive live online training is designed to enable you to walk away with important skills for executing the planning phase of ISO 27001 in your organization. It contains 3 workshops where filling in the real ISMS documents is exercised, and private time with the trainer..

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 10

January 17, 2011 Added by:Anton Chuvakin

A message not fitting the profile is flagged “an exception.” It is important to note that an exception is not the same as a security incident, but it might be an early indication that one is taking place. At this stage we have a log message that is outside of routine/normal operation...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 9

January 14, 2011 Added by:Anton Chuvakin

The first method considers log types not observed before and can be done manually as well as with tools. Despite its simplicity, it is extremely effective with many types of logs: simply noticing that a new log message type is produced is typically very insightful for security, compliance and operations...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »