Blog Posts Tagged with "Assessments"

Bd07d58f0d31d48d3764821d109bf165

Error Logs and Apollo 11: One Giant Step For Risk Management

September 09, 2012 Added by:Tripwire Inc

Although Neil Armstrong is the hero of the Apollo 11 story, the planning, management, complexity and technology for the mission is often overlooked. Iit were not for testing and assessing risks associated with the systems the lunar landing would not have been a success...

Comments  (0)

Ee5e595fc2be8a24327ce7cefe0f7b2c

A Packet of Risks and a Small Pot of Tea

July 29, 2012 Added by:Christopher Laing

Risks are just circumstances that if they occurred, would have some impact on the business. Naturally risks can potentially disrupt the business, but if identified, planned for, and effectively managed, risks can have a beneficial impact on the business. The key word here is managed...

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Free Power on the Grid?

July 15, 2012 Added by:Jayson Wylie

Sometimes the wrong people get the code and use it maliciously. It is in the nation’s best interest to keep the power infrastructure safe and keep meters fool proof, but it depends on how effective a tool is to be able to effectively manipulate the technology to an individual’s own financial advantage...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)

Ad5130e786d13531cc0f2cde32dacd0f

PCI’s Money Making Cash Cow Not So Good for the Industry

June 07, 2012 Added by:Andrew Weidenhamer

The level of scrutiny the PCI DSS has been subject to the last couple of years has been bad enough to accentuate it with the advent of the ISA program. The false sense of confidence the ISA program gives individuals is insanely bad for the industry. Like any other certification, the test isn’t difficult..

Comments  (1)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

21d6c9b1539821f5afbd3d8ce5d96380

FedRAMP Releases Updated Security Assessment Templates

May 11, 2012 Added by:Kevin L. Jackson

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and monitoring for Cloud Service Providers. This document has been designed for Third-Party Independent Assessors to use for planning security testing of CSPs...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

On PCI DSS Compliance Certificates

March 28, 2012 Added by:PCI Guru

All of you processors and acquiring banks that think the only proof of PCI compliance is some mystical PCI DSS Compliance Certificate, stop demanding them. They do not exist and never have. The document you need for proof of PCI compliance is the Attestation Of Compliance, period...

Comments  (0)

A6f413a75686867ef5010ac90b5ceef9

Incident Response and PCI Compliance

March 25, 2012 Added by:Chris Kimmel

One question you should be asking your penetration testing company is, “Do you also test my incident response?” This is an important piece of PCI compliance. As stated by section 12.9 of the PCI DSS v2, a company must implement an IRP and be prepared to respond to an incident...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: Inventory of Public Sources on Information Security

March 16, 2012 Added by:Infosec Island Admin

ENISA has launched a stock taking exercise using a questionnaire to establish an Inventory of publicly available sources on Information Security. Therefore, collection and aggregation of existing data and sources is an effective tool to raise information security...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

A Structured Approach to Handling External Connections

February 27, 2012 Added by:Enno Rey

The approach to be developed is meant to work on the basis of several types of remote connections in which each determines associated security controls and other parameters. At the first glance, not overly complicated, but – as always – the devil is in the details...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Smart Grid Raises the Bar for Disaster Recovery

February 13, 2012 Added by:Brent Huston

Many of the organizations we have talked to simply have not begun the process of adjusting their risk assessments, disaster plans and the like for these types of operational requirements, even as smart grid devices begin to proliferate across the US and global infrastructures...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

How To Choose A Security Vendor

January 16, 2012 Added by:Brent Huston

Variations exist in depth, skill level, scope, reporting capability, experience, etc. Selecting security testing vendors based upon price is a bad idea. Matching specific experience, reporting styles and technical capabilities to your environment is a better solution...

Comments  (0)

2b5780ad1e088bd39b051f39f5058ff4

How to Assess the Effectiveness of Internal Control

January 11, 2012 Added by:Norman Marks

“When a principle is deemed not to be present or functioning, an internal control deficiency exists. Management applies judgment in evaluating whether a deficiency prevents the entity from concluding that a component of internal control is present and functioning..."

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Vulnerability Response Done Right

January 09, 2012 Added by:Fergal Glynn

Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...

Comments  (0)

Page « < 1 - 2 - 3 > »