Information Security Awareness Becoming More Mainstream?
Information Security Awareness – This morning on CNN, there was about five minutes spent talking about things like cloud security, the recent Sony and Lockheed Martin breaches, and the increased need to be aware of where our sensitive data is stored and how it’s being protected. (more…)
New Draft Guidance from NIST for Cloud Computing
Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance: (more…)
Study finds that PCI compliant companies suffer far fewer data breaches
Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make (more…)
The True Cost of Compliance
An interesting benchmark study was done recently (published Jan., 2011) by Ponemon Institute, commissioned by Tripwire, Inc., entitled “The True Cost of Compliance”, examines 46 companies, and involved interviews of 160 functional leaders. (more…)
Strong Password Management
Do you ever log into an application and it asks you to change your password for what feels like the 5th time this month – what is your password management? (more…)
Information Security Management System
Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again. (more…)
Where does Data Loss Prevention (DLP) fit into a Risk Management Framework?
As stated in a previous post, effective Data Loss Prevention (DLP) will be an important component of an overall Risk Management Framework. The Risk Management framework should include the following: (more…)
Data Classification
Data Classification – Determining what constitutes “sensitive data” is usually not a difficult thing for most people. For me personally, it would be my social security #, my account information – banking, credit card information. And, sadly as the years go by, my birthdate is getting to be more sensitive… (more…)
Cyber Security Awareness Training – It’s the smart thing to do!
Cyber Security Awareness Training – There is plenty of technology that can be applied in all manner of ways to help protect against a breach, but if the employee culture doesn’t embrace being mindful of security, it makes the CISO’s job a little harder. (more…)
Configuring Log Event Source Series – Sun Solaris (7, 8, 9 & 10)
Configuring Log Event Source Series – Sun Solaris (7, 8, 9 & 10), Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server. (more…)
