Blog Posts Tagged with "Vendor Management"

Ebb72d4bfba370aecb29bc7519c9dac2

Bottom Eleven Log Management Worst Practices

February 08, 2011 Added by:Anton Chuvakin

Many organizations talk about “best practices”. The definition is often fuzzy but can be loosely related to the practices that generally lead to great results. Following the same model, here are the “worst practices” in the area of SIEM and log management that I have observed over the years:..

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

Computer Incident Response and Product Security

January 31, 2011 Added by:shawn merdinger

Having a team and process in place to handle incoming vulnerability reports from external sources is a sign of vendor maturity. Not having either can quite likely result in a vendor having a "zero day" vulnerability and proof-of-concept exploit published on a public mailing list...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

Common Criteria Evaluation Assurance Level (ISO 15408)

January 30, 2011 Added by:Jamie Adams

Common Criteria is a framework in which computer system users can specify their security and assurance requirements. Vendors then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Avoiding the Top 3 Application Security Mistakes

January 26, 2011 Added by:Rafal Los

You cannot reasonably expect to take application security analysis results and hurl them over the proverbial wall into the developer's world and expect something magical to happen. It won't. 9 out of 10 times the mass of bits you just sent over will be ignored, or worse, misunderstood...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Security Information and Event Management Implementation

January 25, 2011 Added by:Anton Chuvakin

The book has unfortunate signs of being written by a team of others who didn’t talk to each other. Despite the promises of implementation guidance, it leaves some of the very complex SIEM issues untouched – and even unmentioned. Also, it is much stronger on the “what” then on “how"...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Ten Things Log Management Vendors Won't Tell You

January 20, 2011 Added by:Anton Chuvakin

While many people have seen 10 things that your chef, real-estate agent, wedding planner or pilot won’t tell you, the world has not yet seen Top 10 things your log management vendor won't tell you. Finally, this gap is now closed...

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

To DLP or not to DLP - Data Leakage/Loss Prevention

January 19, 2011 Added by:kapil assudani

DLP solutions address only a subset of data leakage issues and only help enforce “acceptable use” policies and processes with a number of limitations. They do not prevent information security related data leakage issues like external malicious attackers...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Seven Steps to Improve Small Business Data Security

January 14, 2011 Added by:Danny Lieberman

Many consultants tell businesses that they must perform a detailed business process analysis and build data flow diagrams of data and business processes. This is an expensive task to execute and extremely difficult to maintain that can require large quantity of billable hours...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Complexity - A Sure Way to Fail

January 11, 2011 Added by:Rafal Los

Almost every single product's marketing page has "Ease of Use" as one of the checkbox features, it's rare that this actually manifests itself in the real products. The end result of difficult to use security products is clear - security breaches are rampant. You don't have to take my word for it...

Comments  (4)

7e6249b5c7f6b63c28587c820b16edcb

SaaS: Accountability Can Get Lost - Not Liability

January 10, 2011 Added by:Robert Gezelter

Pay-as-you-go applications have undeniable allure. Pay-as-you-go providers have had a major impact, whether characterized as SaaS or ASP. They are now often seen as far more cost-effective means of providing applications than in-house hosting. Taken at face value, the savings seem irresistible...

Comments  (0)

1961d93172f8088a077c52e638e31f41

Gartner Report: Critical Capabilities for SIEM

January 02, 2011 Added by:Heather Howland

This research will help project managers, who are responsible for selecting a security information and event management (SIEM) solution, evaluate products from 12 of the major vendors in the segment...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

2010 - A Quick Look Back to Look Forward

December 29, 2010 Added by:Rafal Los

So looking back on 2010 and where our footprints in the sand have led us to so far, I can't help but feel like we've been walking around in circles, talking about the same security issues over and over again but only changing up the words to make it look more appealing and calling it new...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Amazon's WikiLeaks Ban Breeds Cloud Insecurity

December 15, 2010 Added by:Headlines

They played into the biggest fear that cloud critics have, and that’s the general sense of unease when your content is in another company’s control. If Amazon decides you aren’t playing by the rules, you could be in the penalty box and your business severely compromised...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

FCPA Compliance Due Diligence

December 11, 2010 Added by:Thomas Fox

Most companies are not created out of new cloth but are ongoing enterprises. They need to bring resources to bear to comply with the FCPA while continuing to do business. This can be particularly true in the area of performing due diligence on foreign business partners or vendors...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Open Source vs. Commercial Software Security

December 10, 2010 Added by:Rafal Los

Unless a piece of software explicitly says its aim is to be more secure then whether it's open source or a commercial software package doesn't matter. Software can be written securely or insecurely by an open-source project or a commercial vendor - it's all a matter of priority...

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

Ten Technical Questions to Make Your DLP Vendor Squirm

December 09, 2010 Added by:shawn merdinger

This will enlighten you about some of the methods attackers will use to perform data exfiltration, and will also provide you with some good questions to beat up vendors with. You can expect your DLP vendor to mention that nobody has asked some of these questions of them before...

Comments  (4)

Page « < 1 - 2 - 3 - 4 - 5 > »