Items Tagged with "Security Strategies"


Da619eaa49c9db7e20cf99e885c65efe

Helpdesk to the Boardroom

April 16, 2012 Added by:Daniel Blander

As security professionals, we eagerly hone our skills and immerse ourselves in the latest research. Yet too many of us feel that we are marginalized, and become frustrated at our lack of professional advancement. What could be the problem and how can we overcome it?

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Information Sharing and the ICS-ISAC

April 15, 2012 Added by:Chris Blask

The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...

Comments  (2)

5e402abc3fedaf8927900f014ccc031f

What the Titanic Teaches Techies

April 15, 2012 Added by:Allan Pratt, MBA

No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Javvad Malik Interviews Rafal Los at Black Hat EU 2012

April 12, 2012

We were fortunate to get an interview with HP's Global Software Security Evangelist Rafal Los at Black Hat Europe where he speaks about threat modeling and how we can stop determined attackers. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

On Data Breach Containment

April 12, 2012 Added by:Rafal Los

You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Why Security is in Trouble

April 10, 2012 Added by:Rafal Los

Everything you do as an infosec leader needs to be aligned to your organization's mission statement and goals. Everything you do, every security-related decision you make, and every purchase and project you sign off on must first and foremost be aligned to the organization...

Comments  (1)

9f19bdb2d175ba86949c352b0cb85572

The Infosec Investment Equation - Can You Solve It?

April 09, 2012 Added by:Neira Jones

Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Information Security OODA Loop Part 5: Act

April 06, 2012 Added by:Rafal Los

Practicing the OODA Loop for incident response is critical to making sure you avoid panic-induced decisions which could be catastrophic. If you're already formulating excuses as to why you won't be able to practice - just forget this altogether...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Information Security OODA Loop Part 4: Decide

April 04, 2012 Added by:Rafal Los

There are any number of possible decisions to be made in an infosec OODA Loop cycle. Sometimes the most basic decision to be made is whether to act or to hold your position. Too often infosec tends to look at a potential event and assume that the response must be action...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Security's Fundamental Truth and Problem

April 03, 2012 Added by:Robb Reck

It’s very nature makes security difficult for people to readily accept. Security really is hard. It is inconvenient. It takes a 10 minute process and turns it into 11, 15, 30 or 60 minutes. Why wouldn’t our people give pause when security comes with these kinds of burdens?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Information Security OODA Loop Part Three - Orient

April 03, 2012 Added by:Rafal Los

In infosec, if you've worked at companies who are doing security poorly and getting ravaged by hackers your first inclination may be desperation when your digital assets are under attack. It's hard to completely wipe the slate clean from previous experiences...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Information Security OODA Loop Part Two - Observe

April 01, 2012 Added by:Rafal Los

Infosec is in a constant chess match with the opposition. In order to have some way of fighting this asymmetric digital warfare, we need to have an organized, formalized way of identifying current threats and reacting in near-real-time in order to reach a state of detente...

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

From Obstacle to Ally - Repositioning the Security Team

March 30, 2012 Added by:Steven Fox, CISSP, QSA

Rarely are non-security staff engaged in risk control discussions – a lack of interaction that disenfranchises those who will interact with the controls. This engenders a sense of powerlessness that leads to passive sabotage of initiatives intended to further the business...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Information Security OODA Loop: An Introduction

March 29, 2012 Added by:Rafal Los

The OODA loop was invented by a military strategist, and the idea is that in order to win any given incursion you must go through your OODA loop faster than your opponent. Failing to do so can mean the difference between an incident and a catastrophic breach...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ENISA: Security Through a Public-Private Partnership

March 28, 2012 Added by:Infosec Island Admin

Cooperation in the form of Public Private Partnerships (PPPs) has evolved in many Member States. The European Commission has proposed concrete policy and regulations for improving the security and resilience of public telecommunications...

Comments  (0)

1de705dde1cf97450678321cd77853d9

The Role of Penetration Testing in the Infosec Strategy

March 26, 2012 Added by:Ian Tibble

For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...

Comments  (2)

Page « < 2 - 3 - 4 - 5 - 6 > »