SEARCH RESULTS
 
Showing 1-10 of 114 records
 
Expand article

Constant Patch Releases Forcing New IT Processes

2008-02-25 06:21:54 by Editor in Computerworld Security News
 
The ongoing release of patches from Microsoft and other large software vendors is forcing IT shops to create new processes to ensure that vulnerabilities are fixed as quickly as possible
 
Tags: processes, software vendors, ensure, fixed, release, microsoft, vulnerabilities, shops, patches
 
 
 
 
Expand article

The Trouble with Threat Modeling

2007-09-26 19:11:00 by sdl in The Security Development Lifecycle
 
...processes at Microsoft, and a lot more in the wide world. People sometimes want to argue because they think Microsoft uses the term threat modeling differently than the rest of the world. This is only a little accurate. There is a community which uses questions like whats your threat model to mean which attackers are you trying to stop?...
 
Tags: threat, threat models, threat model, reasons threat, service threat, term threat, threat effectively, playsound threat model, development process
 
 
 
 
Expand article

Leveraging Compliance For Security

2008-02-18 18:15:05 by dmortman in securosis.com
 
...processes that effectively leverage people and technology, enterprises will become not just more secure but also compliant with current and emerging regulations Business processes tie together the people and technology that comprise a companys operational environment. Roughly equivalent in function to ligaments and tendons in physical...
 
Tags: business processes, sustainable business processes, business processes tie, process, process implementation, processes, multi-owner processes, change management process, business continuity plans
 
 
 
 
Expand article

Misconceptions about outsourcing security

2007-12-13 14:05:54 by Khalid Kark in Security & Risk Management
 
...processes and operations are a mess, outsourcing them will not solve the problem. It is important to establish security processes and strengthen your operations before you outsource security. Outsourcing may help improve operational control, but the chances of success are increased if the firm has a clear understanding of the processes,...
 
Tags: security processes, establish security processes, security, processes, security controls, security managers cost, cost, security operations, security services
 
 
 
 
Expand article

What can CISOs learn from the Societe Generale debacle

2008-02-19 09:17:17 by Khalid Kark in Security & Risk Management
 
...processes and has the ability to disable the alarms. It does drive home the point that the insider threat may not be the most popular form of attack, but it usually is the most damaging Monitor privileged access: I have had many conversations with CISOs who are reluctant to monitor their system administrators and privileged access users...
 
Tags: security, formal security strategy, societe generale, security technology, external security challenges, implement security, access, security products, access users
 
 
 
 
Expand article

Can security improve your bottom line?

2008-01-18 16:23:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...processes that you will become a more competitive company Notice the emphasis on business processes - this is where the real benefits come in. Security in itself can make you feel safer doing business, but the combined investment in security, infrastructure, business processes etc are what will make you stand out from the competition....
 
Tags: business, business processes, security, bottom line, real benefits, challenge, harder challenge, benefits, roland cloutier
 
 
 
 
Expand article

Three Capabilities, Three Companies

The Article has images
2008-02-16 02:57:00 by Richard Bejtlich in TaoSecurity
...processes, and then 1) retrieve those processes in binary form for static and dynamic analysis on a test box and/or 2) attach a debugger to the rogue process to learn more about it in the wild. The first case is helpful to determine how malware could be used and how it is like to communicate with the outside world. The second case could be...
 
Tags: hbgary responder product, responder, product, responder product, capabilities, hbgary, response, conduct live response, conduct incident response
 
 
 
 
Expand article

Nevada Department of Public Safety applicants exposed

The Article has images
2008-03-07 10:20:48 by Evan Francen in The Breach Blog
...processes and procedures is conducted Evan] This seems like a prudent decision There is currently no indication the data that was lost has been used for any unlawful purpose From the Crown, Stanley and Silverman statement The drive contained unencrypted personal information of approximately 300 individuals Evan] The Nevada DPS reports 109...
 
Tags: personal information, lost personal information, sensitive personal information, nevada, confidential personal information, information, nevada payroll information, nevada department, nevada dps
 
 
 
 
Expand article

Risk ROI for Some Provisioning Solutions

2008-04-19 02:22:29 by Erik T. Heidt in Art of Information Security
 
...processes in favor of electronic requests and work flows Reduction of manual updates in favor of automated entitlement updates All provisioning solution providers strive to have a compelling story for these items. Additionally, these were the focus of the first generation of solutions which emerged in the 90s For the Identity Management...
 
Tags: information security, information, entitlement, entitlement lifecycle, solutions, systems, risk roi, information security podcast, identity
 
 
 
 
Expand article

Best Practices For DLP Content Discovery: Part 4

2008-04-29 18:01:19 by rmogull in securosis.com
 
...processes. The main obstacle to successful deployments isnt a technology weakness, but rather the failure of the enterprise to understand what to protect, decide how to protect it, and recognize whats reasonable in a real-world environment Setting Expectations The single most important factor for any successful DLP deployment content...