SecurityRatty: Latest Articles

Want vulnerability information? Pony up the cash

2009-07-02 18:47:31 by Aviram in SecuriTeam Blogs

...information through our SSD ( SecuriTeam Secure Disclosure ) program and the main conclusions so far are that there are organizations willing to pay for this information to protect themselves, but those are not the vendors (yet What we see is that organizations use this information as leverage on the vendors. Since they have information about...

Tags: information, vendors, vendors directly, 0-day vulnerability information, vulnerabilities, security vulnerabilities, researchers, startup voipshield, voipshield

GAOs 5 Steps to Fix FISMA

2009-07-02 18:47:20 by rybolov in The Guerilla CISO

...information security program. This is harkening back to the accounting roots of GAO. Basically what were talking here is for the agency head to attest that his agency has made the best effort that it can to protect their IT. I like part of this because part of whats missing isexecutivesupportfor IT security. To be honest, though, most agency...

Tags: require agency heads, agency heads, security, attacks, cyber security, cybersecurity attacks, fix fisma, fix, cybersecurity

Security Automation Developers Conference Slides

2009-07-02 18:47:19 by rybolov in The Guerilla CISO

...information flows using automation Common Control Identifier: This schema is basically a catalog of controls (800-53, 8500.2, PCI, SoX, etc) in XML. The awesomeness with this is that one control can contain a reference implementation for each technology and the checklist to validate it in XCCDF. At this point, I get all misty Open Checklist...

Tags: security automation, automation, controls, operational controls, common control identifier, deck, scenario slide deck, defense, control

And the results are in... The Forrester Enterprise GRC Platform Wave 2009

2009-07-02 18:20:59 by Chris McClean in The Forrester Blog For Security & Risk Professionals

...information requests and/or deadlines. The vendors evaluated here, however, have demonstrated strong customer successes and ability to meet the market demands we see from the hundreds of GRC inquiries and advisories we do every year One thing you may not be able to tell from the graphic alone is how each vendor is trending relative to their...

Tags: wave, research, wave research, grc, wave criteria, wave model, wave graphics, grc landscape, users

Cloud (Un)Availability

2009-07-02 17:31:43 by Burton Group in Security and Risk Management Strategies Blog

...security person should), just read this article . A vendor in New Zealand ( Xero ) provides accounting software via a SaaS model. They host their servers at a company called Rackspace . Apparently, Rackspace had some type of power issue at its data center in Dallas, TX and this made Xeros service unavailable. This happened even though...

Tags: cloud, saas, saas model, cloud user beware, company, american company, saas provider, rackspace, saas security presentations

Storage Security, the Dynamic Data Center, and Catalyst

2009-07-02 16:06:57 by Burton Group in Security and Risk Management Strategies Blog

...security. In my recent report on that topic, I specifically called out how auditors respond when they encounter virtual systems. The major issues include Separating systems with perimeters and limiting audit scope Hardening systems against attack and maintaining patches (including hypervisors themselves and offline guest machines Protecting...

Tags: systems, encounter virtual systems, security, dynamic data center, data, virtual systems, authentication, stronger mutual authentication, storage

Search Party: Why Security Pros Should Master Google

2009-07-02 15:51:46 by Derek Slater in Computerworld Security News

One of the reasons security is fun and interesting is that it requires a constant upgrade of your skills and knowledge

Tags: reasons security, constant upgrade, knowledge, skills, requires, fun

Jojuba Oil and Positive Thinking in the Jungle

2009-07-02 15:51:37 by Tim Bass in Cyberstrategics Complex Event Processing Blog

I received an email a number of days ago from someone who was concerned that another blogger was painting me as a negative person. My impression was that they hoped it would comment in reply. In thinking how to respond, or if to reply at all, I thought of the irony of the you are being

Tags: days ago, reply, negative person, blogger, irony, email, comment, hoped, respond

Court orders spammers to pay $3.7 million

2009-07-02 12:48:25 by Grant Gross in Computerworld Security News

A federal court has ordered members of an alleged international spam ring to give up $3.7 million that they made while sending out illegal e-mail messages pitching bogus weight-loss products and human growth hormone pills

Tags: bogus weight-loss products, illegal e-mail messages, million, federal court, international spam

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo