SEARCH RESULTS
 
Showing 1-10 of 83 records
 
Expand article

10 Myths About Life As An IT Security Professional

The Article has images
2008-04-25 23:08:41 by Craig Balding in Security Wannabe
...development, social engineering, physical security, cryptography, crisis management, disaster recovery, 3rd party security reviews etc etc You get to bark security orders . Some people feel that holding a security policy in their hand means they get to call the shots. Do this on a regular basis and not only is it counterproductive but its a...
 
Tags: security, company security policy, security policy, technical security skills, technical security, policy, security professional, platform specific security, cool
 
 
 
 
Expand article

The Arizona Office of the Auditor General finds plenty of holes

The Article has images
2008-06-23 12:28:27 by Evan Francen in The Breach Blog
...develop and implement procedures for regularly conducting security reviews of their critical Web-based applications. [Evan] Even though it seems like its the same story in company after company, I am still amazed by how many organizations don't know what or how many applications that have (not to mention servers, clients, routers, switches,...
 
Tags: information, information security officer, personal information, information security staffs, confidential information, information security, university information, sensitive information, sensitive
 
 
 
 
Expand article

Article: Analytics Brief: Securing The New Data Center

The Article has images
2008-01-07 05:28:32 by Editor in Security Links
...develop security and management strategies as they develop deployment plans for virtualization New threats to security come on two fronts. The first and most obvious is the additional software footprint represented by virtualization. On the desktop, virtualization is often implemented as an application that runs as a process under a desktop...
 
Tags: virtual environment, environment, virtual appliances range, virtual appliances, security, tools, security tools, develop security, security holes
 
 
 
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...developing policies and without having some mechanism to measure compliance. That's the role of the auditing function -- to measure compliance. If we all agree that policies are good, then we should all agree that checking up on ourselves is also good So, then, who should conduct the audits? For comparison, let's examine a typical software...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

Money for nothin, code for free - if you don't own the copyright you could be in Dire Straits

2008-03-19 01:45:00 by HASH0x8aede64 in StillSecure, After All These Years
 
...develop it themselves or hope to develop a community to continue development, but I haven't seen that pulled off very often, if at all To stay with Bob's money for nothin theme, if he does not protect against this, Untangle could find themselves in dire straits
 
Tags: software untangle, software, core software, source security software, commercial, commercial product, source, source code, larger commercial customers
 
 
 
 
Expand article

Do you listen to your users?

2008-04-04 21:18:17 by Editor in Security x.0
 
...development of more secure technologies their top design priority . We urge the industry, through selfregulation and codes of best practice, to demonstrate its commitment to this principle. (4.38 8.15. We therefore recommend that the Government explore, at European level, the introduction of the principle of vendor liability within the IT...
 
Tags: internet, personal internet security, software, content control software, software vendors, users, software liability, club, ilkley computer club
 
 
 
 
Expand article

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive
 
...develop a sustainable metric. A necessary assurance component to be sure, but not necessarily the first metric I'd focus on if I'm asking the question "How secure is my app?" I'm loathe to rely on testing for the bulk of my metrics A few of the metrics above are unmeasurable or inappropriate I think. Its hard for me to imagine how we'd...
 
Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security
 
 
 
 
Expand article

Running Government Finances Like a Bank

2006-08-08 08:56:00 by Jomni in Risk Management Quant
 
...develop infrastructure, etc. Sovereigns with large outstanding debt are seen to be more credit risky and more more susceptible to something going wrong. Thus, the IMF issued guidelines on Public Debt Management (PDM In a nutshell PDM takes Asset-Liability Management best practice from banks and insurance companies and applies them in...
 
Tags: public debt, public debt management, government, debt, public debt portfolio, government debt, financial, financial markets, issue
 
 
 
 
Expand article

5 tips to comply with new ediscovery rules

2006-12-11 06:38:43 by Administrator in Email security & compliance blog
 
...Develop a records retention policy . Much like an email policy, company management will need to get involved in deciding about which documents need to be retained and when they should be purged 2. Provide staff training to explain to users why the retention policy is needed and how it should be put into practice. Include retention policy...
 
Tags: retention policy, records retention policy, records, documents, reasonable care, specific documents, company management, company, electronic record retention