Blog Posts Tagged with "Due Diligence"
The SDLC Knowledge Gap in Motion: DevOps to the Rescue?
September 12, 2012 Added by:Rafal Los
I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...
Comments (0)
Internally Funding Your Compliance Program
September 11, 2012 Added by:Thomas Fox
Big banks are not doing too well these days in the compliance arena. From money-laundering operations for drug cartels to trading losses, big banks seem to be more in the news these days for compliance failures rather than successes...
Comments (0)
Blame the Silver Heads?
July 17, 2012 Added by:Ian Tibble
The idea that CEOs are responsible for all our problems is one of the sacred holy cows of the security industry. Security analysts, managers, self-proclaimed "Evangelists", "Subject Matter Experts", ad infinitum are responsible for the problems. Lets look at ourselves before blaming others...
Comments (4)
Infosec: Is it Really OK to Say No?
July 16, 2012 Added by:Scott Thomas
Our job isn't to run the business or set direction, our job is to tell the ones at the helm that building a boat out of tin foil is a bad idea. We need to change the sign on the door from "Department of No" to "How does this affect our risk-posture?" and realize even then sometimes you need to say "No"...
Comments (3)
Disposal Dummies Cause Privacy and Security Problems
June 21, 2012 Added by:Rebecca Herold
Information disposal is now a legal requirement for basically all businesses of all sizes, and it simply makes sense to dispose of information securely as an effective way to prevent breaches. Having effective disposal policies, procedures and technologies in place demonstrates reasonable due diligence...
Comments (1)
LinkedIn Fails Security Due Diligence
June 07, 2012 Added by:Marc Quibell
Poor security practices led to the password database ending up in Russia. We can also say that the best security practices were not applied to the security of our passwords: LinkedIn did not "salt their hash" and therefore the passwords were much more vulnerable to simple brute force attacks...
Comments (0)
Security: How Many People Does It Take?
June 01, 2012 Added by:PCI Guru
Doing the actual grunt work of security is just not sexy work. There is no doubt about that. Ensuring the security of networks 24x7x365 is very monotonous work. And it is monotony that is one of the primary reasons why organizations get breached. People get bored and they start to cut corners....
Comments (1)
The Network Intrusion Low Down
May 29, 2012 Added by:Jayson Wylie
Intrusion systems need a lot of care and attention. There are various abilities that help with administration, but if you have someone on staff whose skills and roles are as network administrator types, who like to be detectives and also have great attention to detail, then put them on the IPS...
Comments (0)
Follow Up to the Out of Band Authentication Post
May 16, 2012 Added by:Brent Huston
Sadly, there are more than a few who are struggling to get OOBA right or done at all. As with most things, it helps to do a little research. Organizations should perform due diligence on their vendors and factor vendor risks into the equation of purchases and project planning...
Comments (0)
Outsourcing SIEM and Log Analysis
April 29, 2012 Added by:Marc Quibell
What are the risks of MSSPs managing the detection and analysis of network activity data for your company? There are some events that, if detected early, may avert lawsuits, data breaches and other embarrassing or career-ending moments for a company...
Comments (4)
Making an Intelligent, Defensible Trust Valuation
April 23, 2012 Added by:Rafal Los
Is trust a binary decision? Can you trust something to varying levels? These are important questions for any security professional to have good answers to. Applying this logic to computing - can we ever really trust any computer environment, system, or application?
Comments (0)
A Seat at the Table: Compliance in the Contract Tender Process
March 21, 2012 Added by:Thomas Fox
A mature compliance program can be a great benefit for a company, not only in evaluating risk from the compliance perspective but also preparing the necessary steps so that if a contact is awarded, it can be executed in an efficient manner. But it must have a seat at the table...
Comments (0)
Cross-Border Sovereignty Issues in the Cloud
March 02, 2012 Added by:Rafal Los
It's about due care, process, and not rushing into a cloud computing migration. Take a rational approach and first understand the parameters you need to operate. Then enforce with prejudice those requirements on your vendors and know the way cloud computing is delivered...
Comments (0)
A Checklist for a Move to the Cloud
February 26, 2012 Added by:Ben Kepes
There’s s flip side to technology democratization in that the high level of accessibility also means that it’s very easy for organizations to set themselves up as vendors – sometimes without the necessary level of professionalism that would be optimal...
Comments (0)
FTC Removed Security Protocols from Website Contract
February 21, 2012 Added by:Headlines
The events appear to be a comedy of errors, where during the long process involved in awarding contracts, critical security requirements were not enforced. As the federal government races to outsource in an effort to cut costs, the risk of oversights become more probable...
Comments (0)
Lessons from the Nortel Networks Breach
February 16, 2012 Added by:Suzanne Widup
Much is being published about how inappropriate the response to the Nortel incident was, but it demonstrates an important point for companies - how do you know when you’ve done enough? How do you tell when an incident is over, and you should go back to business as usual?
Comments (0)
- How Ethical Hackers Find Weaknesses and Secure Businesses
- New Passive RFID Tech Poses Threat to Enterprise IoT
- Android RAT Exclusively Targets Brazil
- Three Strategies to Avoid Becoming the Next Capital One
- Why a Business-Focused Approach to Security Assurance Should Be an Ongoing Investment
- If You Don’t Have Visibility, You Don’t Have Security
- Ransomware: Why Hackers Have Taken Aim at City Governments
- 5 Limitations of Network-Centric Security in the Cloud
- 1 Million South Korean Credit Card Records Found Online
- Top Three Cross-Site Scripting Attacks You Need to Know Now