Blog Posts Tagged with "Security Audits"
Documented Procedures Required by ISO 27001
January 11, 2011 Added by:Dejan Kosutic
You could consider the four mandatory procedures as the pillars of your management system - after they are firmly set in the ground, you can start building the walls of your house. This becomes obvious when you look at other management systems - the same four procedures are mandatory in ISO 9001...
Comments (0)
FREE Webinar: ISO 27001 Obtaining Management Support
January 09, 2011 Added by:Dejan Kosutic
This FREE interactive live online training is designed to enable you to walk away with important skills for being able to convince your management to go for ISO 27001 project. This course offers compelling content, downloadable presentation deck and live engagement with an expert consultant..
Comments (0)
Complete PCI DSS Log Review Procedures Part 8
January 09, 2011 Added by:Anton Chuvakin
To build a baseline without using a log management tool has to be done when logs are not compatible with an available tool or the available tool has poor understanding of log data (text indexing tool). To do it, perform the following...
Comments (0)
Inspector General's Audit Finds GSA Security Lapses
January 07, 2011 Added by:Bill Gerneglia
The federal Office of the Inspector General found significant failings in the General Services Administration’s IT security systems and procedures in a December review of the agency, including configuration management, audit logging, monitoring, and encryption of data on agency laptops...
Comments (0)
Complete PCI DSS Log Review Procedures Part 7
January 04, 2011 Added by:Anton Chuvakin
An additional step should be performed while creating a baseline: even though we assume that no compromise of card data has taken place, there is a chance that some of the log messages recorded over the 90 day period triggered some kind of action or remediation...
Comments (0)
MasterCard SDP Revisited For Level 2 Merchants
December 28, 2010 Added by:PCI Guru
All of these merchants intend to conduct their own SAQ but wanted to make sure that was still acceptable under the MasterCard SDP rules. Last year there was a lot of confusion since MasterCard pulled back on their decision to require Level 2 merchants to have a QSA conduct an on-site PCI assessment...
Comments (1)
How to Assess Risk Part I: Asking the Right Questions
December 14, 2010 Added by:Danny Lieberman
It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process don’t really understand the notion of risk, and don’t really care...
Comments (2)
Run Your Security Like You Run Your Business
December 10, 2010 Added by:Danny Lieberman
If you don’t currently measure and report internally your security performance, you should consider managing your security operation like you manage a business unit and adopting a tightly focused strategy on customers, market and competitors...
Comments (0)
How to Learn About ISO 27001 and BS 25999-2
December 09, 2010 Added by:Dejan Kosutic
Educating yourself is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I'll try to explain their benefits and the differences between them...
Comments (0)
Interesting Announcements From The PCI SSC
December 08, 2010 Added by:PCI Guru
The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...
Comments (1)
BS 25999-2 Implementation Checklist
November 23, 2010 Added by:Dejan Kosutic
Your management has given you the task to implement business continuity, but you're not really sure how to do it. Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier - here are the main steps necessary to implement this standard...
Comments (0)
The Psychology of Data Security
November 15, 2010 Added by:Danny Lieberman
The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security and data loss prevention...
Comments (0)
Seminar to Feature ISECOM's OSSTMM v3
October 13, 2010 Added by:Anthony M. Freed
The OSSTMM is a peer-reviewed methodology for performing security tests and metrics divided into five channels: information and data controls, fraud and social engineering, computer and telecommunications networks, wireless devices, physical security access controls, and security processes...
Comments (1)
CEE Architecture Overview Finally Released
August 31, 2010 Added by:Anton Chuvakin
The future of logging is finally here! Common Event Expression team released the CEE Architecture Overview for public comments. HUGE thanks to MITRE side of team for finally clearing all the hurdles and releasing our baby...
Comments (0)
An Introduction to OSSTMM Version 3
July 15, 2010 Added by:Michael Menefee
As a security consultant, I've always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client's network or business. With the impending release of OSSTMMv3 I'll share my thoughts on the success of the model...
Comments (12)
Embracing a Security Audit
June 21, 2010 Added by:Bryan Miller
In the April 2004 edition of Information Security magazine, George Wrenn writes about "Surviving an Audit". In the article he gives advice from a client's perspective on how to best work with an auditing team, whether the team is internally or externally based. Mr. Wrenn provides many good tips on how to gain the most benefit from a security audit, and most important on what to do after ...
Comments (2)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!