Blog Posts Tagged with "Standards"


Why Harmonizing Cloud Security Standards will Accelerate Cloud Adoption

February 20, 2015 Added by:Evelyn De Souza

As the public cloud becomes mission-critical, business and government applications, many standards bodies and government entities worldwide are issuing stronger security guidance and new standards.

Comments  (8)


The Year of the Security Standard

May 09, 2013 Added by:Anthony M. Freed

Often in the security field we hear the question asked, “Who’s watching the watchers?” It occurred to me recently that one might make a similar rhetorical quip about other aspects of our field – in particular, the question of “Who’s standardizing the standards?”

Comments  (0)


If you are not serious enough about your security don’t expect your IT service provider to care

December 10, 2012 Added by:Hani Banayoti

Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...

Comments  (0)


Using ISO 27005: Where Does a Risk Taxonomy Fit?

October 23, 2012 Added by:Stephen Marchewitz

Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...

Comments  (0)


DMTF's Cloud Infrastructure Standard

September 07, 2012 Added by:Ben Kepes

CIMI is arguably more complex than a simple standard – it reflects that people want to rubber stamp a standard, but also want to deliver proprietary functionality as a point of differentiation from the competition. CIMI is a positive initiative, but the proof is in the pudding...

Comments  (0)


How EMV Impacts International Travel

August 25, 2012 Added by:Robert Siciliano

If you have plans to travel internationally this summer, you may have problems using your U.S. magnetic stripe card abroad, as many other countries, particularly in Europe, have made the EMV card the new standard. The Smartcard Alliance explains...

Comments  (0)


Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)


The Failure Of PCI?

June 13, 2012 Added by:PCI Guru

The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...

Comments  (1)


Intel Executive Joins NIST Advisory Committee

June 08, 2012 Added by:Headlines

Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher has selected William M. Holt, senior vice president and general manager of Intel Corporation's Technology and Manufacturing Group, to serve on the Visiting Committee on Advanced Technology (VCAT)...

Comments  (0)


ISO 22301 and BS 25999-2: Similarities and Differences Infographic

May 29, 2012 Added by:Dejan Kosutic

A new business continuity standard (ISO 22301) was published very recently, so in this infographic you'll find a comparison of this new standard with the old BS 25999-2 standard plus ways you can learn more about ISO 22301...

Comments  (0)


Making Things Worse by Asking all the Wrong Questions

May 14, 2012 Added by:Rafal Los

Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...

Comments  (2)


A Reason Why the PCI Standards Get No Respect

May 11, 2012 Added by:PCI Guru

The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...

Comments  (0)


What Infosec Can Learn from Enron

May 09, 2012 Added by:Beau Woods

Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...

Comments  (0)


What Good is PCI-DSS?

May 02, 2012 Added by:david barton

Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?

Comments  (9)


Guide to the OWASP Application Security Top Ten

May 01, 2012 Added by:Fergal Glynn

Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...

Comments  (0)


Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »