Systems and Architecture Review
Systems and Architecture Review. So, you’re feeling pretty confident that you’ve got your environment locked down. Are you certain your infrastructure, servers, and devices deployed throughout your organization are protecting the confidentiality, integrity, and availability of your sensitive information assets? (more…)
Logging, logging and more logging – configuring logging
OK, any Information Security professional knows that logging is very important. Here are some best practices that we subscribe to in configuring logging: (more…)
BET24 warns over data breach – 19 months later
As reported by The Register (http://www.theregister.co.uk/2011/07/26/bet24_security_breach/), online gambling site BET24.com notified customers on Monday of data breach that occured in December, 2009. (more…)
Information Security Awareness Becoming More Mainstream?
Information Security Awareness – This morning on CNN, there was about five minutes spent talking about things like cloud security, the recent Sony and Lockheed Martin breaches, and the increased need to be aware of where our sensitive data is stored and how it’s being protected. (more…)
New Draft Guidance from NIST for Cloud Computing
Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance: (more…)
Study finds that PCI compliant companies suffer far fewer data breaches
Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make (more…)
The True Cost of Compliance
An interesting benchmark study was done recently (published Jan., 2011) by Ponemon Institute, commissioned by Tripwire, Inc., entitled “The True Cost of Compliance”, examines 46 companies, and involved interviews of 160 functional leaders. (more…)
Strong Password Management
Do you ever log into an application and it asks you to change your password for what feels like the 5th time this month – what is your password management? (more…)
Information Security Management System
Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again. (more…)
Where does Data Loss Prevention (DLP) fit into a Risk Management Framework?
As stated in a previous post, effective Data Loss Prevention (DLP) will be an important component of an overall Risk Management Framework. The Risk Management framework should include the following: (more…)
