Items Tagged with "Security Audits"


E85787adcaf7bca10e799cfd1cfd08f1

Mobile Devices get means for Tamper-Evident Forensic Auditing

December 13, 2012 Added by:Michelle Drolet

In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...

Comments  (0)

0356a83ecb15c8e33b00560d7bebe47f

Ten Musts for a Good Security Risk Equation

October 08, 2012 Added by:Stephen Marchewitz

For those of you that have taken steps to build a security risk management program, sooner or later you will come to the point where you have to start quantifying risk in some meaningful way. So here are ten qualities to assess your choices against...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PA-DSS Validation Clarification

August 09, 2012 Added by:PCI Guru

The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Full Analysis of the FFIEC Statement on Cloud Computing

July 22, 2012

"The FFIEC Agencies consider cloud computing to be another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing". Whether you believe it or not, this is the stake in the ground for the FFIEC...

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Penetration Testing the Cloud: Three Important Points

July 17, 2012 Added by:Brandon Knight

One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...

Comments  (1)

1a490136c27502563c62267354024cd5

Automated Vulnerability Assessments are not Enough

June 26, 2012

What we really need is a holistic approach to detect/validate vulnerabilities besides determining if the system complies with IS policies. An IS audit needs to be added to our set of activities to perform a complete security assessment. Let’s start by describing the IS Audit process from the very beginning...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

The Five Most Important Reasons to Perform Network Auditing

June 21, 2012 Added by:Dan Dieterle

Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...

Comments  (3)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Increasing Logging Capabilities

June 21, 2012 Added by:Infosec Island Admin

System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

PCI DSS and Compliance: Just a Tick Box Exercise?

June 13, 2012

According to Neira Jones, Head of Payment Security at Barclaycard, compliance should be a natural byproduct of good risk management and information security practice...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change

June 10, 2012 Added by:Rafal Los

Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Ensuring Data Integrity via Checks, Tests, and Best Practices

June 04, 2012 Added by:Fergal Glynn

As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...

Comments  (0)

959779642e6e758563e80b5d83150a9f

How to Secure Patient Data in a Healthcare Organization

May 23, 2012 Added by:Danny Lieberman

If you are a HIPAA covered entity, securing patient data is central to your business. If you are a big organization, you probably don’t need my advice. If you are small to mid-size provider without a large budget, the question is “How can I do this for as little money as possible?”

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

CISO 2.0: Enterprise Umpire or Wide Receiver?

May 21, 2012 Added by:Robb Reck

In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...

Comments  (2)

1f2f664e68a603b3c54890fbbcd37857

The Great Compliance Conundrum

May 10, 2012 Added by:Mark Gardner

The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...

Comments  (0)

B9d9352326e5421a02e698a51d10ad2c

What Infosec Can Learn from Enron

May 09, 2012 Added by:Beau Woods

Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »