Items Tagged with "Security Audits"


69dafe8b58066478aea48f3d0f384820

Nuclear Research Facility Lacks Adequate Cyber Security

April 21, 2011 Added by:Headlines

"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," a federal audit concluded...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance Continued

April 18, 2011 Added by:Anton Chuvakin

Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Detailed FISMA Logging Guidance

April 14, 2011 Added by:Anton Chuvakin

FISMA emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to secure the information systems that support its operations and assets. Here is what is likely needed for a successful FISMA-driven log management implementation...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

NASA Systems Are Still Too Vulnerable to Attack

March 31, 2011 Added by:Dan Dieterle

Serious security gaps were found at NASA during a recent audit. The fact that a government run entity has been attacked, and then apparently ignored a plan to remedy the situation, speaks volumes about our nation's ability - or maybe better said desire - to thwart hacking attempts...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Ten Guidelines for Effective Security Audits

March 29, 2011 Added by:Danny Lieberman

The security auditor expectation gap has sometimes been depicted as an issue to be addressed by educating users to the audit process. This is not unlike the notion that security awareness programs are effective data security countermeasures for employees that willfully steal data...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Biggest Shortcomings of ISO 27001

March 28, 2011 Added by:Dejan Kosutic

This standard will certainly need to change - the current version of is now six years old, and hopefully the next revision will address most of these issues. Although these shortcomings can often cause confusion, I think that the positives of the standard outweigh the negative in large measure...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Five Security Secrets Network Administrators Keep Quiet

March 22, 2011 Added by:Headlines

Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 18 FINAL

March 22, 2011 Added by:Anton Chuvakin

For log exceptions copied from log aggregation tool or from the original log file, make sure that the entire log is copied, especially its time stamp, which is likely to be different from the time of this record, and the system from which it came from - what/when/where, etc...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Writing Mandatory Procedures for ISO 27001 / BS 25999-2

March 21, 2011 Added by:Dejan Kosutic

By implementing the procedures in a proper way, not only will you have your documentation up-to-date and under control, but you will also ensure that your internal audit makes sense and runs smoothly, and that you always improve your system in a systematic way...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Insider Threats and IRS Network Security Controls

March 16, 2011 Added by:Headlines

The report indicates the IRS failed to limit employee access to sensitive information in accordance with employee's job duties, leaving the agency vulnerable to insider threats. The report also found that the IRS had failed to update critical database software and enable key auditing capabilities...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 17

March 11, 2011 Added by:Anton Chuvakin

Periodic Operational Task Summary: The following contains a summary of operational tasks related to logging and log review. Some of the tasks are described in detail in the document above; others are auxiliary tasks needed for successful implementation of PCI DSS log review program...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Cloud Logging Standards and Unique IDs

March 07, 2011 Added by:Anton Chuvakin

Cloud computing, as defined by NIST, has inherent multi-tenancy, elasticity, immediate provisioning and other fun properties, not found in traditional applications and platforms – whether distributed or not. All of these happen to affect accountability, auditability and transparency...

Comments  (0)

E11f33debef2ec264972f2def69a7dd2

Five Questions to Ask Your PCI Auditor Before You Hire Them

March 06, 2011 Added by:Aleksandr Yampolskiy

PCI DSS was created to enforce a set of minimum security standards. If your company accepts credit cards as a form of payment, then it must comply with the PCI standard. You want to use PCI compliance to tighten the security in your company, You don’t want a QSA to let you off easy...

Comments  (0)

314f19f082e69886c20e31c70fe6dceb

First Annual (Possibly Semi-Annual) OSSTMM Forum

March 02, 2011 Added by:Rod MacPherson

OSSTMM is very high level, and the thing that everyone seems to be in agreement on is the need for applied OSSTMM documents outlining how it can be applied to different realms, such as web applications, computer networks, system hardening, etc...

Comments  (4)

39b6d5c1d3c6db11155b975f1b08059f

Application Vulnerabilities are Like Landmines

March 02, 2011 Added by:Ron Lepofsky

Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 22301 to Replace BS 25999-2

March 01, 2011 Added by:Dejan Kosutic

The management part of BS 25999-2 will also be transferred to the new standard - document control, internal audit, management review, corrective and preventive actions, human resources management, etc. These elements exist in all other management standards - ISO 9001, ISO 14001, ISO 27001...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »