Items Tagged with "Security Audits"


3e35900ae6facc6c146a85c435c71d82

Security Information and Event Management (SIEM) Implementation

February 24, 2011 Added by:Ben Rothke

Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Proactive and Continuous Compliance? For Real?

February 24, 2011 Added by:Anton Chuvakin

Is continuous compliance a reality at your organization? Are you doing something 9, 6, 3 months before the annual PCI DSS assessment? Do you meet the auditor once a year? Or do you make an effort to stay compliant?

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 14

February 18, 2011 Added by:Anton Chuvakin

The logbook establishes the follow-up required in item 10.6.a of PCI DSS validation procedures, which states “Obtain and examine security policies and procedures to verify that they include procedures to review security logs at least daily and that follow-up to exceptions is required"...

Comments  (1)

9259e8d30306ac2ef4c5dd1936e67634

How Much Does ISO 27001 Implementation Cost?

February 15, 2011 Added by:Dejan Kosutic

The greatest value of someone with experience helping you with this kind of project is that you won't end up in dead end streets - spending months and months doing activities that are not really necessary or developing tons of documentation not required by the standard. And that really costs...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27001 and BS 25999 Online Webinar Trainings

February 13, 2011 Added by:Dejan Kosutic

The courses include documentation templates, access to E-learning tutorials and private time with the trainer for consultation on specific issues. You will experience the trainings right from your desk, eliminating travel costs and minimizing lost time away from your office...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 13

February 04, 2011 Added by:Anton Chuvakin

How do you create a logbook that proves that you are reviewing logs and following up with exception analysis, as prescribed by PCI DSS Requirement 10? The logbook is used to document everything related to analyzing and investigating the exceptions flagged during daily review...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Webinar: ISO 27001 Foundations Part 2

February 02, 2011 Added by:Dejan Kosutic

This highly interactive live online training is designed to enable you to walk away with important skills for executing the planning phase of ISO 27001 in your organization. It contains 3 workshops where filling in the real ISMS documents is exercised, and private time with the trainer...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Understanding the Intent of PCI Requirement 6.1

February 02, 2011 Added by:PCI Guru

Unlike the insurance industry which has done a very good job of educating management on its value, the security industry has done a very poor job educating management on the value of security and what really needs to be done to secure the organization...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

The Five Greatest Myths About ISO 27001

January 31, 2011 Added by:Dejan Kosutic

Very often I hear things about ISO 27001 and I don't know whether to laugh or cry over them. Actually it is funny how people tend to make decisions about something they know very little about - here are the most common misconceptions...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Practical Advice for SMBs to Use ISO 27001

January 31, 2011 Added by:Danny Lieberman

The ISO organization has recently taken measures to make ISO more accessible to SMBs by providing practical advice for small and medium-sized businesses on how to achieve the benefits of implementing an information security management system (ISMS) based on the International Standard ISO 27001...

Comments  (2)

9259e8d30306ac2ef4c5dd1936e67634

Webinar: ISO 27001 Foundations Part One

January 28, 2011 Added by:Dejan Kosutic

If you don't plan information security activities carefully, chances are you will miss something important, and that will cost you. ISO 27001 defines the various steps in the planning phase – the purpose is to set a clear direction and take into account everything that can cause security incidents...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 12

January 28, 2011 Added by:Anton Chuvakin

We have several major pieces that we need to prove for PCI DSS compliance validation. Here is the master-list of all compliance proof we will assemble. Unlike other sections, here we will cover proof of logging and not just proof of log review since the latter is so dependent on the former...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Giving ISO 27001 Business Context

January 25, 2011 Added by:Danny Lieberman

ISO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. This article discusses the benefits of performing an ISO 27001 based risk assessment exercise using techniques of threat modeling...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 11

January 23, 2011 Added by:Anton Chuvakin

The main idea of this procedure it to identify and then interview the correct people who might have knowledge about the events taking place on the application then to identify its impact and the required actions, if any...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »