SEARCH RESULTS
 
Showing 1-10 of 14 records
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...imperative of effective information security management 3) The internal audit function provides strategic, operational, and tactical value to an organizations operations. For example, internal auditing Tells the board and management whether business units understand the importance of security and adhere to policies; whether key information...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

Fears that Bhutto assassination will further destabilize Pakistan and the region

The Article has images
2007-12-29 17:45:00 by John Sexton in The Bullet Proof Blog
...imperative that you travel at all? If the answer is yes, then make sure that you hire professionals who have an abundant knowledge of overseas assignments. In addition, make sure that they have good local knowledge and local contacts where you will travel The world is not getting any safer anytime soon. Preparation and knowledge is the key....
 
Tags: bhutto, abundant knowledge, knowledge, assassination, pakistan, local knowledge, executive protection team, benazir bhutto, political scene
 
 
 
 
Expand article

Binary Analysis Seminar At UC Berkeley

2008-02-01 14:50:21 by Chris Wysopal in Zero in a bit
 
...imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. In...
 
Tags: binary, binary analysis, binary-centric approach, seminar, security, real-world security, computer security, bitblaze project, dawn song
 
 
 
 
Expand article

Cutting through the White Noise

2007-11-09 16:07:55 by Perry Carpenter in Security Renaissance
 
...imperative that we, as an industry, get a handle on how to better address this in our organizations. Its clear that what most companies are doing is just plain broken Here are my thoughts Engage employees in ways that are relevant to their life as a whole. Address the Whats in it for me? question Explain the WHY behind seemingly obscure...
 
Tags: data, data breach story, drop malware, story, drop, engage employees, highlights multiple security, salesforce, life
 
 
 
 
Expand article

Evolving Schneiers Security Mindset

2008-04-28 12:30:42 by Alex in RiskAnalys.is
 
...imperative that we frame that knowledge within the context of frequency and impact considerations For me, the good news is that mindests dont seem to be fixed. Training analysts in FAIR has shown me that they can be learned and unlearned. In fact, Im starting to think that a sign of IQ/EQ/Whatever might be said to be the speed with which one...
 
Tags: mindset, security, security mindset matures, security mindset, security professionals, security requires, security vulnerabilities, applicable threat community, threat community
 
 
 
 
Expand article

Appropriate funding

2008-05-13 12:24:49 by JonesJ in RiskAnalys.is
 
...imperative that information security professionals seek to understand the business side of the equation, we are never going to have the same breadth and depth of vision into the organizations unique mix of business issues that executive management has. Combine that with the fact that it isnt our risk tolerance that matters , and it should be...
 
Tags: risk, risk information, risk tolerance, risk-domains management, management, business considerations management, business, business objectives, business issues
 
 
 
 
Expand article

Rich Mogull does his best Stiennon imitation, says GRC is dead

The Article has images
2008-05-14 22:12:24 by HASH0x8b54f78 in StillSecure, After All These Years
...imperative that security budget decisions are made at the C-level. If the security team can't get the approval, the security vendor is going to try and help While dashboards and reports are the tip of the iceberg and the shiny baubles that are used by the GRC vendors to get the attention at the C-level, I think that the bulk of the work...
 
Tags: rich, rich mogull, security, security practices, industry, security industry, compliance, security practitioner, compliance workload
 
 
 
 
Expand article

Building a Security Architecture Blueprint

2008-05-16 09:26:55 by Gunnar Peterson in 1 Raindrop
 
...imperative for the business), then the auditors should be kept reasonably happy. And if not, screw them and fight them. Yes, the auditor can make your life a bit harder, but you don't work for them. Keep that in mind So my GRC post seemed to tap into a fair amount of GRC blogohostility , fair enough, but the main point is not slamming GRC,...
 
Tags: security architecture, security architecture blueprint, security, security architecture capabilities, blueprint, information security program, information, post, grc post
 
 
 
 
Expand article

Trend Micro Fed Up With WildList Testing

2008-06-09 14:45:29 by Editor in Cheap Hack
 
...imperative for years. Now it turns out that Trend Micro, one of the largest companies in the business, is turning its back on the WildList and VB100 certification . I contacted Raimund Genes, CTO Anti-Malware at Trend Micro, and asked him to thank me for inspiring their new policy, but it turns out they have been thinking about it for a...
 
Tags: wildlist, trend micro, online, online reputation services, services, vb100 certification, security list discussions, avoid false positives, test offline anymore
 
 
 
 
Expand article

A Simple Situation Model for Complex Events

2008-07-15 09:29:06 by Tim Bass in The Complex Event Processing Blog