Items Tagged with "Security Strategies"


A6f413a75686867ef5010ac90b5ceef9

Incident Response and PCI Compliance

March 25, 2012 Added by:Chris Kimmel

One question you should be asking your penetration testing company is, “Do you also test my incident response?” This is an important piece of PCI compliance. As stated by section 12.9 of the PCI DSS v2, a company must implement an IRP and be prepared to respond to an incident...

Comments  (0)

39728eff8ac87a48cfb050f0df29ceaa

IBM Got it Wrong: It’s Not about Adding Another Data Source

March 13, 2012 Added by:John Linkous

For the majority of organizations, information security is more post mortem than critical care. Regardless of how many billions you spend on security tools, until you fix this inherent problem in traditional SIEM tools, large organizations will continue to be breached...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Don't Get Lulzed - Three Tips for Avoiding Headline Hysteria

March 12, 2012 Added by:Rafal Los

What does the reported capture of the LulzSec hacking team leadership mean to the Internet? It means there will be a frenzy of jokes, outrage and sensationalism around this hacking group again. What does this reported capture mean to you in corporate security? Not a thing...

Comments  (1)

6462807771e81d9c33eb99307f5f3e77

On Effective Risk Handling

March 08, 2012 Added by:Michele Westergaard

An effective risk management process allows for decision making by management with the best likelihood of achieving the desired results. It is not meant to create a brick wall for management to operate within, but more of recommended parameter within which to operate...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

New Opportunities for Cyber Espionage and Cyber Crime

March 08, 2012 Added by:Pierluigi Paganini

Computer fraud, phishing, and malware development designed to steal sensitive information from users, the use of advanced persistent threats, ramsonware, and cyber espionage are all activities united by the intent to profit from the improper use of technology...

Comments  (0)

39728eff8ac87a48cfb050f0df29ceaa

A Situational Problem Requires a Situational Solution

March 07, 2012 Added by:John Linkous

There is no one type of cyber or insider attack, each is deliberately designed by the perpetrator to use an infrastructure against its owner and to enable the attacker to get as quickly as possible to the intended target and get out again undetected...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

The Cyber Arms Race: Casting Shadows on the Future

March 01, 2012 Added by:Pierluigi Paganini

We are confronted with a new arms race for cyber weapons, and as governments around the world compete for innovation, a cultural revolution is occurring in nations which have been considered minor, and which are now nearly on par superpowers like the U.S. and China...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

RSA Conference 2012: Day One Highlights

February 28, 2012 Added by:Robb Reck

The biggest key to the success of any security program is achieving goal congruence with the organization. Every security objective should directly support the overall objectives of the company. Security must figure out how our projects contribute to the organization’s success...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Continuous Patching: Is it Viable in the Enterprise?

February 28, 2012 Added by:Rafal Los

The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...

Comments  (2)

Bbb285308604bc5fbb9b43590d0501f6

BSidesSF: Amol Sarwate on SCADA Security Challenges

February 27, 2012

Amol Sarwate examined how SCADA security and advance persistent threats have now taken center stage. While the industry has some success in dealing with IT security, when it comes to industrial control systems or SCADA systems, it still has enormous challenges...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Abandon FUD, Scare Tactics and Marketing Hype

February 25, 2012 Added by:Rafal Los

Perhaps it is security professionals' diminished tolerance for FUD, or perhaps there is a collective awakening to the bigger picture, or it was just time for the chickens to come to roost. No matter, this drastic anti-FUD backlash is strong and I for one say it's about time...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Dangers of Non-Contextual Pattern Matching

February 15, 2012 Added by:Rafal Los

Even a system inconsistency such as an abnormal page transition velocity on your flagship web application can be overlooked - until you put all those together and realize you're being SQL Injected and someone is stealing your multi-terabyte database out from under you...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

9f19bdb2d175ba86949c352b0cb85572

Incident Response and Risk Management Go Hand in Hand

February 12, 2012 Added by:Neira Jones

Residual risk is inevitable, so incident response becomes a crucial part of managing it. As the risk assessment identifies the assets critical to a business - threats, vulnerabilities and controls - so should the incident response plan concentrate on critical assets...

Comments  (2)

A88973e7d0943d295c99820ab9aeed27

Data at Rest: Dormant But Dangerous

February 10, 2012 Added by:Simon Heron

Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »