Items Tagged with "Security Audits"


2b5780ad1e088bd39b051f39f5058ff4

Time for a Change in our Attitude Around Risk

February 05, 2012 Added by:Norman Marks

When is the last time you saw an audit report that said management had too many controls or was not taking sufficient risk? When did you last hear a risk officer urging planners to move into a new market more quickly? The same thing applies to information security personnel...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

GSA Final Rule Requires Vendor Proof of Security

January 10, 2012 Added by:Headlines

The rule requires contractors and subcontractors to provide details on how their products and services meet federal IT regulations. The rule also requires contractors and subcontractors to submit to audits on practices and procedures to ensure mandates are satisfied...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Data Loss Prevention: Step 2 - Manage Privileges

December 13, 2011 Added by:Rafal Los

Getting back to basics is critical, and one of the most basic of basics is managing the rights to your data, your systems, and your critical operations. Let's take a critical, step-by-step look at how managing privileges can greatly decrease your likelihood of leaking data...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Case Study: A Cloud Security Assessment

December 13, 2011 Added by:Danny Lieberman

A client asked us to find a way to reduce risk exposure at the lowest cost. Using the Business Threat Modeling methodology and Practical Threat Analysis software, we were able to mitigate 80% of the total risk exposure in dollars at half the security budget proposed by the vendor....

Comments  (1)

959779642e6e758563e80b5d83150a9f

Case Study: SOX IT Compliance

December 01, 2011 Added by:Danny Lieberman

We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company to evaluate internal and external threats that impact the company’s information assets. Using Business Threat Modeling, a practical threat analysis model was constructed...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Bank Executive Pleads Guilty to Stealing Nearly $2 Million

December 01, 2011 Added by:Headlines

"Walker... withdrew money from a line of credit in the name of a trust that held an account at Farmers and Merchants. To cover up the scheme, Walker made interest payments on the money supposedly loaned to the trust. Walker will face a maximum sentence of 30 years in federal prison..."

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27002 – What Will the Next Revision Bring?

November 27, 2011 Added by:Dejan Kosutic

This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. However, the way it is structured and the individual controls will most probably change...

Comments  (0)

9fbacd2502ce5f91a25f722d8dfe2933

Five Key Aspects of a Good Infosec Risk Assessment

November 25, 2011 Added by:Albert Benedict

Because they are consistent and repeatable, current risk assessment results can be compared to previous years’ results to see if there was any growth. You can also compare the client’s status to other companies of similar size and stature to show them where they stand...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

GAO Report: IRS Security Controls Continue to Languish

November 16, 2011 Added by:Headlines

The "IRS did not, in GAO’s opinion, maintain effective internal control over financial reporting... These issues increase the risk of unauthorized individuals accessing, altering, or abusing proprietary IRS programs and electronic data and taxpayer information,” the report contends...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

Changing the Landscape of Pentesting

October 11, 2011 Added by:Andrew Weidenhamer

Today’s market has become diluted with companies and individuals claiming they can perform penetration assessments - if you don’t believe me attend Defcon once. Organizations need to have a better understanding as to how these hired service providers are actually performing these assessments...

Comments  (4)

Ad5130e786d13531cc0f2cde32dacd0f

The Holy Grail and the PA-DSS Implementation Guide

October 04, 2011 Added by:Andrew Weidenhamer

As a QSA it is very frustrating to walk in, ask the merchant for the PA-DSS Implementation Guide, and receive a glazed over eye look. It's even more frustrating when you then ask the Vendor/Reseller for the Implementation Guide and they look at you as if you have three heads....

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Playing Field

September 22, 2011 Added by:Infosec Island Admin

There are too many ways that a company can open itself up to vulnerabilities. It takes a rounded approach to do the due diligence for that company’s security posture. The information security business has become a leviathan of competing entities from the quacks to the bleeding edge...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

It is Time to Address PCI Compliance Reporting

September 22, 2011 Added by:PCI Guru

The QA process: it all comes down to having used the correct language in responding to the ROC, rather than whether or not you actually assessed the right things. To add insult to injury, the PCI SSC advises QSACs to develop a template for the ROC with all the correct language written and proofed...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

Auditing vs. Secure Software - An Inconvenient Argument

September 19, 2011 Added by:Rafal Los

You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Players

September 16, 2011 Added by:Infosec Island Admin

There will always be elements within the company with impetus to not take your advice on security matters and maybe even give you a large amount of pushback. This is especially true of any company that has little to no security posture to start with. So who are the key client players?

Comments  (1)

6429389c5e8a4c9555be876f8484331a

Guide: How to Pass an IT Audit

September 01, 2011 Added by:Sasha Nunke

The purpose of this document is to pass along tips we learned that may be useful as you consider adopting QualysGuard PC. This guide covers the steps and procedures to passing an IT GRC audit — as told by an enterprise end-user who deployed QualysGuard Policy Compliance...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »