Items Tagged with "Security Audits"


Fc152e73692bc3c934d248f639d9e963

Network Segmentation – One Last Discussion

January 21, 2011 Added by:PCI Guru

Just because you implement all of these recommendations does not make you invincible. All these recommendations do is just make the likelihood of an incident and the potential damage resulting from an incident lower than if you had little or no controls in place...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

ISO 27001 Foundations Part One

January 18, 2011 Added by:Dejan Kosutic

This highly interactive live online training is designed to enable you to walk away with important skills for executing the planning phase of ISO 27001 in your organization. It contains 3 workshops where filling in the real ISMS documents is exercised, and private time with the trainer..

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 10

January 17, 2011 Added by:Anton Chuvakin

A message not fitting the profile is flagged “an exception.” It is important to note that an exception is not the same as a security incident, but it might be an early indication that one is taking place. At this stage we have a log message that is outside of routine/normal operation...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 9

January 14, 2011 Added by:Anton Chuvakin

The first method considers log types not observed before and can be done manually as well as with tools. Despite its simplicity, it is extremely effective with many types of logs: simply noticing that a new log message type is produced is typically very insightful for security, compliance and operations...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Documented Procedures Required by ISO 27001

January 11, 2011 Added by:Dejan Kosutic

You could consider the four mandatory procedures as the pillars of your management system - after they are firmly set in the ground, you can start building the walls of your house. This becomes obvious when you look at other management systems - the same four procedures are mandatory in ISO 9001...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

FREE Webinar: ISO 27001 Obtaining Management Support

January 09, 2011 Added by:Dejan Kosutic

This FREE interactive live online training is designed to enable you to walk away with important skills for being able to convince your management to go for ISO 27001 project. This course offers compelling content, downloadable presentation deck and live engagement with an expert consultant..

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 8

January 09, 2011 Added by:Anton Chuvakin

To build a baseline without using a log management tool has to be done when logs are not compatible with an available tool or the available tool has poor understanding of log data (text indexing tool). To do it, perform the following...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Inspector General's Audit Finds GSA Security Lapses

January 07, 2011 Added by:Bill Gerneglia

The federal Office of the Inspector General found significant failings in the General Services Administration’s IT security systems and procedures in a December review of the agency, including configuration management, audit logging, monitoring, and encryption of data on agency laptops...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 7

January 04, 2011 Added by:Anton Chuvakin

An additional step should be performed while creating a baseline: even though we assume that no compromise of card data has taken place, there is a chance that some of the log messages recorded over the 90 day period triggered some kind of action or remediation...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

MasterCard SDP Revisited For Level 2 Merchants

December 28, 2010 Added by:PCI Guru

All of these merchants intend to conduct their own SAQ but wanted to make sure that was still acceptable under the MasterCard SDP rules. Last year there was a lot of confusion since MasterCard pulled back on their decision to require Level 2 merchants to have a QSA conduct an on-site PCI assessment...

Comments  (1)

959779642e6e758563e80b5d83150a9f

How to Assess Risk Part I: Asking the Right Questions

December 14, 2010 Added by:Danny Lieberman

It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process don’t really understand the notion of risk, and don’t really care...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Run Your Security Like You Run Your Business

December 10, 2010 Added by:Danny Lieberman

If you don’t currently measure and report internally your security performance, you should consider managing your security operation like you manage a business unit and adopting a tightly focused strategy on customers, market and competitors...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

How to Learn About ISO 27001 and BS 25999-2

December 09, 2010 Added by:Dejan Kosutic

Educating yourself is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I'll try to explain their benefits and the differences between them...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Interesting Announcements From The PCI SSC

December 08, 2010 Added by:PCI Guru

The last year has tried to keep QSAs in the loop by issuing a monthly Assessor Update newsletter via email. These usually are not noteworthy, but the November 2010 issue contains a number of items that need to be shared just in case you miss your edition or you are not a QSA...

Comments  (1)

9259e8d30306ac2ef4c5dd1936e67634

BS 25999-2 Implementation Checklist

November 23, 2010 Added by:Dejan Kosutic

Your management has given you the task to implement business continuity, but you're not really sure how to do it. Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier - here are the main steps necessary to implement this standard...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Psychology of Data Security

November 15, 2010 Added by:Danny Lieberman

The cultural phenomenon of companies getting hit by data breaches but not adopting technology countermeasures to mitigate the threat requires deeper investigation but today, I’d like to examine the psychology of data security and data loss prevention...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »