Blog Posts Tagged with "Security Audits"
Mobile Devices get means for Tamper-Evident Forensic Auditing
December 13, 2012 Added by:Michelle Drolet
In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...
Comments (0)
Ten Musts for a Good Security Risk Equation
October 08, 2012 Added by:Stephen Marchewitz
For those of you that have taken steps to build a security risk management program, sooner or later you will come to the point where you have to start quantifying risk in some meaningful way. So here are ten qualities to assess your choices against...
Comments (0)
PA-DSS Validation Clarification
August 09, 2012 Added by:PCI Guru
The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...
Comments (0)
Penetration Testing the Cloud: Three Important Points
July 17, 2012 Added by:Brandon Knight
One area where companies seem to become lost is when talking about performing penetration testing services against their deployment. While there are some details to work out, fundamentally this type of assessment translates well when talking about applications and infrastructure deployed in the cloud...
Comments (1)
More on PCI Scoping
June 22, 2012 Added by:PCI Guru
“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...
Comments (1)
The Five Most Important Reasons to Perform Network Auditing
June 21, 2012 Added by:Dan Dieterle
Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...
Comments (3)
ICS-CERT: Increasing Logging Capabilities
June 21, 2012 Added by:Infosec Island Admin
System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...
Comments (0)
Lies We Tell Ourselves: 5 Misconceptions Infosec Needs to Change
June 10, 2012 Added by:Rafal Los
Good security practices and principles can save your organization money in a real, measurable way, and it can contribute to making more money by getting to market faster, having more clients... so stop thinking of security as a cost center and start thinking of ways to help the business top or bottom lines...
Comments (0)
Ensuring Data Integrity via Checks, Tests, and Best Practices
June 04, 2012 Added by:Fergal Glynn
As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...
Comments (0)
How to Secure Patient Data in a Healthcare Organization
May 23, 2012 Added by:Danny Lieberman
If you are a HIPAA covered entity, securing patient data is central to your business. If you are a big organization, you probably don’t need my advice. If you are small to mid-size provider without a large budget, the question is “How can I do this for as little money as possible?”
Comments (0)
CISO 2.0: Enterprise Umpire or Wide Receiver?
May 21, 2012 Added by:Robb Reck
In security, our challenge to demonstrate to the business that the money they invest in us goes further than just keeping us out of the newspaper. Security can deliver tangible benefits out to the business. An effective security program can reduce the costs of creating products...
Comments (2)
The Great Compliance Conundrum
May 10, 2012 Added by:Mark Gardner
The crux of the matter is why people bemoan compliance: To comply in this case requires no external verification, and in order to meet compliance you may avoid some as they're too hard to do or do not go deep enough, but still have the ability to turn and say that "we are compliant"...
Comments (0)
What Infosec Can Learn from Enron
May 09, 2012 Added by:Beau Woods
Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...
Comments (0)
SOC 2: The Customer Security Questionnaire Killer
May 07, 2012 Added by:Jon Long
User organizations figured out a long time ago that if they want confirmation of how secure their suppliers are, they have to find out for themselves because a sufficient third party attestation did not exist. This is also where the challenge to service auditors is...
Comments (0)
Password Policy: Sharing Passwords
May 02, 2012 Added by:benson dana
I once worked at a place where a senior manager collected the passwords of employees. There had been resistance to giving up this policy, and the excuse was that this unit's mission was unique and that this was necessary. How often does the internal auditor hear this excuse?
Comments (0)
ICS-CERT: Event Auditing and Log Management
April 30, 2012 Added by:Infosec Island Admin
Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...
Comments (0)
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider
- SecurityWeek Extends ICS Cyber Security Conference Call for Presentations to August 31, 2020
- SecurityWeek to Host Cloud Security Summit Virtual Event on August 13, 2020
- Avoiding Fuelling the Cyber-Crime Economy