SEARCH RESULTS
 
Showing 1-10 of 87 records
 
Expand article

The role of control depth in assessment quality

2007-09-12 12:17:00 by Bryan in practical risk management
 
...depth questions about physical security surrounding their data center. This client had recently gone through an external SOX audit, and was surprised that many of the questions we asked about physical security didn't come up during that audit. His exact comment was something like "that audit only checked for the presence or absence of a...
 
Tags: audit, external sox audit, physical security, security audit, questions, pretty in-depth questions, dig deeper, control, surface
 
 
 
 
Expand article

Larry Sutos Paper Drama

2008-01-02 14:53:30 by RSnake in ha.ckers.org web application security lab
 
...depth analysis First let me put some rumors to bed here. I am not paid by NTO to use their tool. They let me use it for testing purposes because they actually care about making their product better. I have given similar help to three other scanning vendors as well. This shouldnt come as a surprise to anyone, as Im part of the NIST.gov SAMATE...
 
Tags: paper, larry sutos paper, scanners, commercial scanners, test environment, environment, test, time, people
 
 
 
 
Expand article

Laptop missing from Russells Hall Hospital (UK)

The Article has images
2008-02-15 14:08:13 by Evan Francen in The Breach Blog
...depth". Higher physical security risk environments require mitigating controls such as encryption, alarms, increased surveillance, physical cable locks, etc Our security team work very hard to ensure the safety of our staff, patients and visitors, but it is very difficult to mitigate against all deliberate acts of theft To help alleviate any...
 
Tags: information, personal information, medical information, data, data protection, information security, data encryption software, russells hall hospital, hospital
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is
...depth Concerns An obvious concern is the inexact nature of these estimates and the potential for the analyst to estimate badly for various reasons. Weve covered this issue previously in other postings, so I wont go into it in depth now. Suffice it to say that yes, this is an imprecise measurement fraught with all of the goblins that any...
 
Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control
 
 
 
 
Expand article

10 Ways To Cheat At Being An IT Security Professional.

The Article has images
2008-05-18 22:36:01 by Craig Balding in Security Wannabe
...Depth : When you are asked What is the Risk?, grin inanely and say Ill tell you after I break out the vulnerability scanners. Run at least 3 vulnerability scanners to get defense in depth Latest *Is* Greatest! : Clipboard stealing attacks are *always* a bigger issue than the CISCO infrastructure with default passwords (how did they get there...
 
Tags: vulnerability scanners, rfc, attacks, sql injection attacks, rfc shoutout, bash keyboard shortcuts, keyboard, trust no-one, security cool cat
 
 
 
 
Expand article

SQL Injection Defense Tools

2008-06-24 16:43:00 by sdl in The Security Development Lifecycle
 
...depth measure, but its important to find and fix vulnerabilities at the source. Never rely solely on URLScan or any type of application firewall as your only defense. (Ive talked on my blog about some potential dangers of substituting firewalls for secure development practices If youd like more information, the Security Vulnerability Research...
 
Tags: source code, complete source code, tools, source, source-code analysis tools, defense, sql injection defense, detection tools, sql injection
 
 
 
 
Expand article

(ISC)2s Newest Cash Cow: The CSSLP Certification

The Article has images
2008-09-29 15:08:38 by Chris Eng in Zero in a bit
...depth. Starting in June 2009, you can get certified by taking a paper exam, likely a multiple choice test similar to the CISSP. Why June? Because the test isnt even written yet Ive heard from several sources that they are actively soliciting their existing pool of CISSPs to help write test questions Ah, but what if you cant wait that long and...
 
Tags: csslp, csslp experience assessment, experience assessment, certification, experience, isc, personal experience, ubiquitous cissp certification, cissp
 
 
 
 
Expand article

Risky by association

2007-12-26 16:14:25 by Chris McClean in Security & Risk Management
 
...depth, and necessarily so, as the number and potential imapct of risks increase. For more on risk management with supply chain partners, check out Best Practices: Successfully Managing Security And Risk In A Global Supply Chain
 
Tags: responsibility, responsibility organization, oversee product quality, information security issues, security, quality, supply chain partners, social responsibility, epiphany
 
 
 
 
Expand article

Introducing Google's online security efforts

The Article has images
2007-05-21 09:43:00 by A Googler in Google Online Security Blog
...depth investigation. So far, we have investigated about 12 million suspicious URLs and found about 1 million that engage in drive-by downloads. In most cases, the web sites that infect your system with malware are not intentionally doing so and are often unaware that their web servers have been compromised To get a better understanding about...
 
Tags: activity, malware activity, web servers, servers, malware, anti- malware effort, malware distribution servers, sites, web sites
 
 
 
 
Expand article

Duke School of Law breach affects 3,200

The Article has images
2007-12-06 11:37:20 by Evan Francen in The Breach Blog
...depth. The explanation of what occurred is clear, Duke's response is clear, and what they plan to do is clear. I am impressed Now, what I am not impressed about is the decision to store confidential information on a web server. More often than not, this