Items Tagged with "Security Audits"


Time for a Change in our Attitude Around Risk

February 05, 2012 Added by:Norman Marks

When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...

Comments  (2)


GSA Final Rule Requires Vendor Proof of Security

January 10, 2012 Added by:Headlines

The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...

Comments  (1)


Data Loss Prevention: Step 2 - Manage Privileges

December 13, 2011 Added by:Rafal Los

Getting back to basics is critical, and one of the most basic of basics is managing the rights to your data, your systems, and your critical operations. Let's take a critical, step-by-step look at how managing privileges can greatly decrease your likelihood of leaking data...

Comments  (0)


Case Study: A Cloud Security Assessment

December 13, 2011 Added by:Danny Lieberman

A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....

Comments  (1)


Case Study: SOX IT Compliance

December 01, 2011 Added by:Danny Lieberman

We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company to evaluate internal and external threats that impact the company’s information assets. Using Business Threat Modeling, a practical threat analysis model was constructed...

Comments  (0)


Bank Executive Pleads Guilty to Stealing Nearly $2 Million

December 01, 2011 Added by:Headlines

"Walker... withdrew money from a line of credit in the name of a trust that held an account at Farmers and Merchants. To cover up the scheme, Walker made interest payments on the money supposedly loaned to the trust. Walker will face a maximum sentence of 30 years in federal prison..."

Comments  (0)


ISO 27002 – What Will the Next Revision Bring?

November 27, 2011 Added by:Dejan Kosutic

This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...

Comments  (0)


Five Key Aspects of a Good Infosec Risk Assessment

November 25, 2011 Added by:Albert Benedict

Because they are consistent and repeatable, current risk assessment results can be compared to previous years’ results to see if there was any growth. You can also compare the client’s status to other companies of similar size and stature to show them where they stand...

Comments  (0)


GAO Report: IRS Security Controls Continue to Languish

November 16, 2011 Added by:Headlines

The "IRS did not, in GAO’s opinion, maintain effective internal control over financial reporting... These issues increase the risk of unauthorized individuals accessing, altering, or abusing proprietary IRS programs and electronic data and taxpayer information,” the report contends...

Comments  (0)


Changing the Landscape of Pentesting

October 11, 2011 Added by:Andrew Weidenhamer

Today’s market has become diluted with companies and individuals claiming they can perform penetration assessments - if you don’t believe me attend Defcon once. Organizations need to have a better understanding as to how these hired service providers are actually performing these assessments...

Comments  (4)


The Holy Grail and the PA-DSS Implementation Guide

October 04, 2011 Added by:Andrew Weidenhamer

As a QSA it is very frustrating to walk in, ask the merchant for the PA-DSS Implementation Guide, and receive a glazed over eye look. It's even more frustrating when you then ask the Vendor/Reseller for the Implementation Guide and they look at you as if you have three heads....

Comments  (0)


Strutting and Fretting Upon the Security Stage: The Playing Field

September 22, 2011 Added by:Infosec Island Admin

There are too many ways that a company can open itself up to vulnerabilities. It takes a rounded approach to do the due diligence for that company’s security posture. The information security business has become a leviathan of competing entities from the quacks to the bleeding edge...

Comments  (1)


It is Time to Address PCI Compliance Reporting

September 22, 2011 Added by:PCI Guru

The QA process: it all comes down to having used the correct language in responding to the ROC, rather than whether or not you actually assessed the right things. To add insult to injury, the PCI SSC advises QSACs to develop a template for the ROC with all the correct language written and proofed...

Comments  (3)


Auditing vs. Secure Software - An Inconvenient Argument

September 19, 2011 Added by:Rafal Los

You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...

Comments  (0)


Strutting and Fretting Upon the Security Stage: The Players

September 16, 2011 Added by:Infosec Island Admin

There will always be elements within the company with impetus to not take your advice on security matters and maybe even give you a large amount of pushback. This is especially true of any company that has little to no security posture to start with. So who are the key client players?

Comments  (1)


Guide: How to Pass an IT Audit

September 01, 2011 Added by:Sasha Nunke

The purpose of this document is to pass along tips we learned that may be useful as you consider adopting QualysGuard PC. This guide covers the steps and procedures to passing an IT GRC audit — as told by an enterprise end-user who deployed QualysGuard Policy Compliance...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »