Posts tagged: vulnerability management

Don’t Let FUD Trump Value

The Google “Aurora” incident illustrates an ongoing problem with the “media motivated” approach many organization take in regards to information security.  A major event happens and there is a short-lived window of opportunity to ride the “it can happen to us” wave to secure some funding for the latest toy or gadget.  Unfortunately, some executives [...]

Friday January 22nd, 2010 in , , , , , | No Comments »

Risk-based Information Security

How do you even start protecting your information assets if you don’t have an understanding of the risk to them?  I would venture to say… you don’t.  It’s difficult for some to get started down this path because they quickly get overwhelmed with the task at hand.  Many times, a good effort gets set aside [...]

Monday December 28th, 2009 in , , , , , | No Comments »

Lessons in Due Diligence

An article by Kim Zetter on Wired.com caught my attention:  “Restaurants Sue Vendor for Unsecured Card Processor”. The gist is that several restaurants purchased Point-of-Sale (POS) systems from a particular vendor.  These POS systems that were sold were apparently not Payment Card Industry – Data Security Standard (PCI-DSS) compliant and that resulted in a breach [...]

Wednesday December 2nd, 2009 in , , , , , , , | No Comments »

Patch Management Only 1/2 the Battle

An audit of cybersecurity for DHS’ nine most frequently visited Web sites found that although general security protocols were followed, there were still a number of vulnerabilities and gaps in security, including inconsistent management of security patching and security assessments.  Lipowicz, Alice.  “DHS Web sites vulnerable to hackers, IG says”, Federal Computer Week, 09Oct2009. It [...]

Wednesday October 14th, 2009 in , , , | 2 Comments »