Organizations need to have an overarching corporate strategy for staffing and product/service acquisition, if they expect to maintain a holistic approach to information security & technology procurement. A key question that needs to be answered is: Build or Buy? Many organizations – especially smaller organizations – take a one-off approach … Read More
How to balance security and compliance
Businesses of all sizes not only face increasing security threats, but also greater regulatory compliance requirements. Here are some strategies to help find a balance between Security and Compliance and align your information security activities with your industry/regulatory compliance requirements. Security and Compliance Despite considerable efforts within the information security … Read More
Six Sad Security Management Flaws You Can Fix Today
Are you one of the lucky few NOT suffering from these six costly management problems?
Prioritizing is the Key to Defending against Advanced Threats
Here are some helpful tips for the security manager who wants the right governance in light of advanced threats. Most organizations have struggled for years with just cleaning and prioritizing security alerts generated from numerous point products. The value proposition for SIEM products was couched in terms of correlation and prioritization.
When best intentions are not enough: a business manager’s view of outsourcing security
Security managers try their best. They deploy firewalls and intrusion detection systems like they are supposed to, along with antivirus, web content filtering, encryption and policies. Yet when it comes to managing new threats or keeping ahead of the latest new vulnerabilities, security managers are stuck. They cannot adapt quickly enough. They cannot digest the […]
When IT and Security leaders don’t see eye to eye
Helplessly standing by, I watched as the new CIO dismantled a carefully crafted NIST-compliant security program. Why would he do such a thing? Unplugging the intrusion detection? Tossing out the threat and vulnerability monitoring? Cancelling the risk management meetings and burying the recent risk assessment? He is nailing the coffin shut not only on the […]
The Snowden conversation we are all having in one way or another…
Edward Snowden did one important thing: He made an important conversation on security and ethics popular and international. One one hand, he told us something we always knew: Spies spy. That is, stealthily gathering secrets, usually associated with times of war or matters of national security, is the third(?) oldest profession.
56% of Corporations have no Proactive Response Plan to Deal with BYOD Security Hacks
The Bring Your Own Device trend has created a security “Achilles Heel” for a 56% majority of organizations that have no response plan in place to deal with lost, stolen or hacked BYOD notebooks, tablets and smart phones. And 56% of organizations also acknowledge they are not fortifying their existing security measures, taking extra precautions or implementing security training despite recent high profile security attacks against Fortune 1000 firms like Adobe, Reuters, Target, Skype, Snapchat and others.
IBM z/OS, IBM AIX, Debian and Ubuntu Score Highest Security Ratings
Eight out of 10 — 82% — of the over 600 respondents to ITIC’s 2014-2015 Global Server Hardware and Server OS Reliability survey say security issues negatively impact overall server, operating system and network reliability. Of that figure a 53% majority of those polled say that security vulnerabilities and hacks have a “moderate,” “significant” or […]
ITIC/KnowBE4 Security Survey: 56% of Corporations have no Proactive Response Plan to Deal with BYOD Security Hacks
The Bring Your Own Device trend has created a security “Achilles Heel” for a 56% majority of organizations that have no response plan in place to deal with lost, stolen or hacked BYOD notebooks, tablets and smart phones. And 56% of organizations also acknowledge they are not fortifying their existing security measures, taking extra precautions […]