Items Tagged with "Security Audits"


Ee445365f5f87ac6a6017afd9411a04a

SOC 2: The Customer Security Questionnaire Killer

May 07, 2012 Added by:Jon Long

User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...

Comments  (0)

4c22630536d3dc5e345fe1ec0ddc062b

Password Policy: Sharing Passwords

May 02, 2012 Added by:benson dana

I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Event Auditing and Log Management

April 30, 2012 Added by:Infosec Island Admin

Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Cybersecurity Problems Found in Electrical Infrastructure

April 07, 2012 Added by:Joel Harding

DOE is in charge of locating and fixing critical infrastructure problems within the energy sector. Do they, in turn, report to DHS if it has to do with critical infrastructure? Does DHS oversee DOE’s cybersecurity problems, their critical infrastructure problems or...?

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

Online Tool Assesses Intellectual Property Awareness

April 06, 2012 Added by:Infosec Island Admin

The NIST and the USPTO have teamed up to create new online tool to help small companies and entrepreneurs evaluate their awareness of intellectual property, trade secrets, company data and more - and learn how to protect it...

Comments  (0)

Ee445365f5f87ac6a6017afd9411a04a

Assurance : Don't Worry, I've Got This...

April 06, 2012 Added by:Jon Long

There is nothing that changes faster than technology, and if you are not ahead of it, you are ancient history. Within the category of technology, security is at the forefront of rapid change, and there is nothing more critical to ensure that we understand as auditors...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

On PCI DSS Compliance Certificates

March 28, 2012 Added by:PCI Guru

All of you processors and acquiring banks that think the only proof of PCI compliance is some mystical PCI DSS Compliance Certificate, stop demanding them. They do not exist and never have. The document you need for proof of PCI compliance is the Attestation Of Compliance, period...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Application Security: Why is Everybody Always Picking on Me?

March 19, 2012 Added by:Fergal Glynn

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Improving Compliance Performance in Your Supply Chain

March 05, 2012 Added by:Thomas Fox

One of the areas moving towards being incorporated into compliance programs is the supply chain. While many companies have focused significant compliance efforts towards the sales chain, the supply chain is now viewed as an area which requires compliance scrutiny...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Auditor IV: The Card Data Breach

February 17, 2012

When the unthinkable happens to a company, there's only one person they need to get to the bottom of the matter. The Auditor is back, but this time it's different...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

AdiOS: Say Goodbye to Nosy iPhone Apps

February 16, 2012 Added by:Fergal Glynn

I put together a free utility called AdiOS (Addressbook Detector for iOS) that lets Mac users scan the iOS apps in your iTunes directory to see if they have the potential to dump your phone book externally. AdiOS detects apps that access your address book using a binary grep...

Comments  (0)

4e30710fdd82d696f9a69b8a561c0c3e

Best Practices to Prevent Document Leaks

February 16, 2012 Added by:Peter Weger

Unfortunate consequences occur when companies lose control over confidential assets and experience intentional or unintentional disclosure of the information. In some cases, even the possibility of information leakage can damage reputations and stock prices...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Straight Talk about Compliance from a Security Viewpoint

February 09, 2012 Added by:Rafal Los

Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Twelve Security Best Practices for USB Drives

February 07, 2012 Added by:Kelly Colgan

Portable and mobile storage devices are significant players in most corporate offices. Ensuring proper protection with a best practices policy and strict enforcement offers significant risk reduction—and can prevent long nights on data breach investigations...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »