Items Tagged with "Enterprise Security"


The Security ROI "Death Spiral"

November 18, 2012 Added by:Rafal Los

The worst thing that can happen to a CISO is to get trapped in the ROI Death Spiral. I know, I know, we’ve all been told that we need to justify cost, manage expense, use the tools our companies provide us, etc. CISOs that don’t play by the rules won’t get anywhere...

Comments  (0)


You Believe It Because "I" Wrote It

November 14, 2012 Added by:Jim Palazzolo

Besides sheer entertainment, my objective is to practice my ability to create deception. It has been my observation that security personnel must be able to spot deception. Whether it’s covert channels or fake ID’s, deception is a very powerful tool that can be used both offensively and defensive...

Comments  (0)


I lost my theory of mind… or Where my mind at?

November 13, 2012 Added by:Will Tarkington

Without the theory of mind everything that social engineers do or attempt to do would fail. The theory of mind is basically one’s ability to differentiate perspectives. From perspective comes intention, from intention comes reaction, and from reaction comes reward (or failure)...

Comments  (1)


BYOD savings may be lost by security and admin costs

November 12, 2012 Added by:Rainer Enders

Companies need to mobilize, that is without question -- but for too long BYOD has become nearly synonymous with this effort. In reality, BYOD is just one of the ways enterprises can mobilize, and in many cases, it is not the most secure, or necessarily the most cost-efficient way to do so...

Comments  (0)


Security and Privacy Concerns for Mobile Devices

November 11, 2012 Added by:Dan Dieterle

BYOD (Bring your own Device) is one of the latest tech fads. Bring in that tablet or smart phone from home and we will hook it right up to our corporate network for you! What a great thing, and the IT staff just loves it too. But there are some serious concerns about mobile devices...

Comments  (0)


BYOD Costs are Rising

November 11, 2012 Added by:Bill Gerneglia

Recent research demonstrates some of the quantifiable benefits and complexities associated with allowing employees to use their own mobile devices on their employers' networks. Most organizations are now enabling BYOD in the enterprise...

Comments  (0)


Buzzword Compliance Not Enough: Must Haves for Meaningful Use

November 08, 2012 Added by:Danny Lieberman

Many technology vendors tout the idea of self management, and the advantages of mobile healthcare apps, virtual visits, tablets and e-detailing but in fact, a face-to-face relationship with a doctor is more powerful than a digital relationship alone. We don’t need Sherry Turkle to tell us that...

Comments  (0)


Infosec’s Most Dangerous Game: Groupthink

November 07, 2012 Added by:Dave Shackleford

These days, I am very, very afraid for the future of CISOs. Over the past few years, and specifically the past 12 months, I have become increasingly alarmed at the level of “groupthink” and “synchronized nodding” going on with security executives. Here are some of the things I am seeing...

Comments  (0)


CloudSigma and the Perils of Choice

November 06, 2012 Added by:Ben Kepes

As we move to broader scale cloud adoption, one would be excused for assuming that we’d reached a point where the definition of what constitutes IaaS is set in stone – true different vendors package up their virtual servers with different specs, but IaaS is, to a greater or lesser extent, a fixed concept...

Comments  (0)


Companies Must Consider Travel Providers’ Data Practices or Risk Being Harmed

November 04, 2012 Added by:David Navetta

A company responsible for handling billing and settlement for the International Air Transport Association (IATA) has been selling flight booking information about corporate travelers — on a travel agency level — to airlines, hotels and others...

Comments  (0)


Third Party Application Analysis: Best Practices and Lessons Learned

November 02, 2012 Added by:Fergal Glynn

Communication and execution are crucial to successful third party analyses. A huge contributing factor for these best practices is project management. Project management activities such as status meetings, enterprise follow-ups, and open discussions will facilitate the analysis process...

Comments  (0)


The Search for Infosec Minds

November 01, 2012 Added by:Ian Tibble

Since the early 2000s, I have commented in different forms on the state of play, with a large degree of cynicism, which was greeted with cold reservation, smirks, grunts, and various other types of un-voiced displeasure, up to around 2009 or so. But since at least 2010, how things have changed...

Comments  (0)


Cloud Confusion is Considerable

October 28, 2012 Added by:Bill Gerneglia

If you are the CIO of your organization and you spent the last decade locking down your data center hardware, patching your OSs, developing a disaster recovery plan, and securing your applications are you really in a rush to move the operation and applications to the cloud?

Comments  (0)


CISO Concerns: Security vs. Usability, Affordability

October 25, 2012 Added by:Rafal Los

Recently in New York city we hosted a CISO-level event where we discussed various issues experienced during the life of an enterprise security program. CISOs brought up various topics from budgeting to being overwhelmed with constantly evolving threats - but one in particular caught my attention...

Comments  (2)


Your Next Critical Security Project May Not Be What You Think

October 23, 2012 Added by:Rafal Los

If we're honest with ourselves, we can look around the organization and find several projects that even though they are implementation-complete, are hardly "complete" as they sit. Too often after a catastrophic failure, or security incident we're pre-disposed to making hasty purchases to effectively stop the bleeding...

Comments  (0)


Have You Added Personas to your Incident Response Program?

October 23, 2012 Added by:Tripwire Inc

For any activity you do, it’s important not just to measure how well the organization did in a stress test situation, but to evaluate where your opportunities for improvement are. In my experience, personas are a great way to communicate a rich context very quickly once they are introduced...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »