Blog Posts Tagged with "Security Audits"

9259e8d30306ac2ef4c5dd1936e67634

Documented Procedures Required by ISO 27001

January 11, 2011 Added by:Dejan Kosutic

You could consider the four mandatory procedures as the pillars of your management system - after they are firmly set in the ground, you can start building the walls of your house. This becomes obvious when you look at other management systems - the same four procedures are mandatory in ISO 9001...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

FREE Webinar: ISO 27001 Obtaining Management Support

January 09, 2011 Added by:Dejan Kosutic

This FREE interactive live online training is designed to enable you to walk away with important skills for being able to convince your management to go for ISO 27001 project. This course offers compelling content, downloadable presentation deck and live engagement with an expert consultant..

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 8

January 09, 2011 Added by:Anton Chuvakin

To build a baseline without using a log management tool has to be done when logs are not compatible with an available tool or the available tool has poor understanding of log data (text indexing tool). To do it, perform the following...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Inspector General's Audit Finds GSA Security Lapses

January 07, 2011 Added by:Bill Gerneglia

The federal Office of the Inspector General found significant failings in the General Services Administration’s IT security systems and procedures in a December review of the agency, including configuration management, audit logging, monitoring, and encryption of data on agency laptops...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 7

January 04, 2011 Added by:Anton Chuvakin

An additional step should be performed while creating a baseline: even though we assume that no compromise of card data has taken place, there is a chance that some of the log messages recorded over the 90 day period triggered some kind of action or remediation...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

MasterCard SDP Revisited For Level 2 Merchants

December 28, 2010 Added by:PCI Guru

All of these merchants intend to conduct their own SAQ but wanted to make sure that was still acceptable under the MasterCard SDP rules. Last year there was a lot of confusion since MasterCard pulled back on their decision to require Level 2 merchants to have a QSA conduct an on-site PCI assessment...

Comments  (1)

959779642e6e758563e80b5d83150a9f

How to Assess Risk Part I: Asking the Right Questions

December 14, 2010 Added by:Danny Lieberman

It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process don’t really understand the notion of risk, and don’t really care...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Run Your Security Like You Run Your Business

December 10, 2010 Added by:Danny Lieberman

If you don’t currently measure and report internally your security performance, you should consider managing your security operation like you manage a business unit and adopting a tightly focused strategy on customers, market and competitors...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

How to Learn About ISO 27001 and BS 25999-2

December 09, 2010 Added by:Dejan Kosutic

Educating yourself is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I'll try to explain their benefits and the differences between them...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Interesting Announcements From The PCI SSC

December 08, 2010 Added by:PCI Guru

The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...

Comments  (1)

9259e8d30306ac2ef4c5dd1936e67634

BS 25999-2 Implementation Checklist

November 23, 2010 Added by:Dejan Kosutic

Your management has given you the task to implement business continuity, but you're not really sure how to do it. Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier - here are the main steps necessary to implement this standard...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Psychology of Data Security

November 15, 2010 Added by:Danny Lieberman

The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security and data loss prevention...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Seminar to Feature ISECOM's OSSTMM v3

October 13, 2010 Added by:Anthony M. Freed

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

CEE Architecture Overview Finally Released

August 31, 2010 Added by:Anton Chuvakin

The future of logging is finally here! Common Event Expression team released the CEE Architecture Overview for public comments. HUGE thanks to MITRE side of team for finally clearing all the hurdles and releasing our baby...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

An Introduction to OSSTMM Version 3

July 15, 2010 Added by:Infosec Island Admin

As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...

Comments  (19)

F8f122d50eba11c3af5607575b277bc6

Embracing a Security Audit

June 21, 2010 Added by:Bryan Miller

In the April 2004 edition of Information Security magazine, George Wrenn writes about "Surviving an Audit". In the article he gives advice from a client's perspective on how to best work with an auditing team, whether the team is internally or externally based. Mr. Wrenn provides many good tips on how to gain the most benefit from a security audit, and most important on what to do after ...

Comments  (2)

Page « < 3 - 4 - 5 - 6 - 7 > »