Blog Posts Tagged with "Controls"

E313765e3bec84b2852c1c758f7244b6

Surface Mapping Pays Off

January 29, 2013 Added by:Brent Huston

You have heard us talk about surface mapping applications during an assessment before. You have likely even seen some of our talks about surface mapping networks as a part of the 80/20 Rule of InfoSec. But, we wanted to discuss how that same technique extends into the physical world as well....

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Do Better Technical Controls Increase People Focused Attacks?

December 16, 2012 Added by:Simon Moffatt

Social engineering can be seen as a more direct approach to exposing real security assets such as passwords, processes, keys and so on. Via subtle manipulation, carefully planned framing and scenario attacks, through to friending and spear phishing, people are increasingly becoming the main target...

Comments  (0)

1de705dde1cf97450678321cd77853d9

Somewhere Over The Rainbow – A Story About A Global Ubiquitous Record of All Things Incident

October 10, 2012 Added by:Ian Tibble

Most businesses don’t even know they were hacked until a botnet command and control box is owned by some supposed good guys somewhere, but all talk of security is null and void if we acknowledge reality here. So let’s not talk reality...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Finishing the Security Automation Job

September 06, 2012 Added by:Tripwire Inc

SACM needs to grow upward and outward from where the SCAP efforts have gotten – move from controls into control frameworks and support the policies, processes, and procedures derived from Operational Risk Management. We’ve got a lot of work ahead. It’s all worth it...

Comments  (3)

Ebe141392ea3ebf96ba918c780ea1ebe

The OTHER Problem with Passwords

August 29, 2012 Added by:Wendy Nather

Organizations are motivated to prioritize ease of use over security if they feel their target audience won't be able to use advanced features without support. The result is that the password reset process to an address of record is the easiest way to get into an account. And of course attackers know this too...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defining One Successful Strategy for Enterprise Security

August 20, 2012 Added by:Rafal Los

In far too many organizations leaders and practitioners tell me that the role of Information Security is to protect the organization. Accepting this thinking got us into the predicament where are today, where security isn't everyone's job and only Infosec is thinking about security. This couldn't be more wrong...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

The Weakest Link in the Security Chain: Is it in Your Controls?

August 11, 2012 Added by:Tripwire Inc

Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Mobile Security Experts on BYOD

August 08, 2012 Added by:Fergal Glynn

Devices aren’t the main problem in a BYOD strategy: employees are. That’s why BYOD is not just a technical issue. It needs a holistic approach that includes HR, data security and legal stakeholders. Organizations adopting a BYOD strategy should put in place a strategy that includes policies and technical constraints...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Countermeasures, Weather Forecasts, and Security Metrics

July 25, 2012 Added by:Tripwire Inc

Take a look at the things you measure. In particular, take a look at the things that become part of your bonus calculations or your performance reviews. If you are being measured against things that feel more like Tracking Indicators (like a weather forecast), then it’s time to renegotiate your Metrics...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

Take Social Media Privacy into Your Own Hands

July 23, 2012 Added by:Bill Mathews

I've gotten in a lot of arguments lately about the end-user side of technology - privacy. Many in the security industry already know most of the things people are discovering, and have screamed warnings from the mountaintops to the folks below. Alas, this is the woe of being a security engineer...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

BYOD: The Reality of Allowing Foreign Bodies into Your Network

July 12, 2012 Added by:Rafal Los

We're getting compromised left and right by devices we are delusional enough to think we can trust because we feel like we've got sufficient control... Where does it end? Here, right at the point where we become cognizant of the fact that no asset, corporate or otherwise, should ever really be trusted...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

What Actions Do Your Security Metrics Promote?

July 12, 2012 Added by:Tripwire Inc

“It is possible to focus on a single metric and drive it up or down, but wreak havoc on the organization through unintended side effects. Some organizations have to deal with some people “gaming the metrics”, which again can lead to unintended side effects. Other organizations use metrics as a way to begin a conversation..."

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Lessons Learned for the Compliance Practitioner

July 09, 2012 Added by:Thomas Fox

The DOJ recently announced the resolution of a compliance matter involving violations by Data Systems & Solutions LLC. In reading the Criminal Information, this was no one-off or rogue employee situation, this was a clear, sustained and well known scheme that went on within the company...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Are Your Security Metrics “Top Five" Worthy?

July 09, 2012 Added by:Tripwire Inc

In conversations with infosec executives, a common question is “What should I really be measuring?,” or they make comments like “I report on a lot of things, but I am not sure what the top security indicators are that I should roll up to my executive team.” Here are the five characteristics of effective metrics...

Comments  (1)

7da15e2ad2a36348401730e0d92d7e33

IT Risk Management: Roadmap for a Roadmap

July 03, 2012 Added by:Jared Pfost

Most IT organizations aren't equipped or supported to build a mature program. If our objective is to deliver an evidence driven investment road map aligned with the business, it's OK to plan a phased approach and demonstrate value while the culture, process, and necessary resources gain momentum...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Legal Implications of BYOD Part II: Preparing Use Policies

June 26, 2012 Added by:David Navetta

Unfortunately, implementing a BYOD strategy and developing personal device use policies is not a one-size-fits-all cookie cutter exercise. In most cases significant privacy, security and legal challenges exist, and those challenges will vary depending on a multitude of factors that are specific to the organization...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »