SEARCH RESULTS
 
Showing 1-10 of 46 records
 
Expand article

Who should do your security audits? Or, how do you organize the security department?

2008-02-07 22:25:32 by Steve Riley in Steve Riley on Security
 
...Audits help us ensure that we are following our own policies. Audits measure the current state, compare the results against what the state should be, and show where we are out of compliance. Essentially, audits help us know that we are indeed doing what we say we're doing Audits are the natural outcomes of implementing good policies and...
 
Tags: information, information assets, information security, alignment folk, security alignment folk, information security department, alignment, security department, security
 
 
 
 
Expand article

Britain mulling "random" audits to enhance data protection..

2007-11-07 17:41:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...audits of the security measures in place in businesses and other organisations holding personal data Wow. Imagine the uproar that would erupt here in the United States, if anyone introduced legislation suggesting the government could randomly check to see if businesses are keeping their data safe. Granted, most states have laws that mandate...
 
Tags: data, data protection, apparently treat data, personal data, secure data, businesses responsible, current laws, data safe, businesses
 
 
 
 
Expand article

App security audits: Don't ignore thick clients

2008-07-29 00:00:00 by HASH0x8b4a584 in Network World on Security
 
When it comes to running application security audits many organizations make the mistake of assuming that only Internet-facing, browser-based Web applications deserve scrutiny. After all, thick client applications tend to face inside and tend to be compiled binaries so they are less risk of malicious tampering. That assumption is dangerous
 
Tags: thick client applications, application security audits, dangerous, assumption, binaries, organizations, mistake, inside, malicious
 
 
 
 
Expand article

Managing Audit Thrash

2007-10-08 19:04:00 by Bryan in practical risk management
 
...audits leaves them with precious little time to get any real work done. Audit Thrash Now don't get me wrong... security audits aren't fundamentally bad. In fact, when done right I've seen them add a lot of value. It's just that we need a strategy for managing the workload they create so we can get back to getting some real work done Perhaps...
 
Tags: security audits leaves, security audits, controls information, information, controls, security, controls framework, framework, similar controls
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...audits, corporate leaders advance the goal of overseeing the organizations information security program and ensuring its continuous improvement and success To fulfill its potential, the internal audit function needs to Know what they are doing (i.e., have the skills to perform appropriate security audits Have a long term information security...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

2008 - The Year of IT Risk Management, Part 2 - Rise of IT GRC

2008-01-11 12:43:00 by Ryan Shopp in practical risk management
 
...audits. Clearly that is a problem for security professionals that should be doing something more productive than preparing for an audit. It pains me to think that we'll need to implement yet another point product to solve a problem, but it is what it is snip Even though skeptical, I'll take that as an endorsement for GRC in 2008! Mike give...
 
Tags: grc, grc space, risk, risk management, grc products, security professionals, mike, mike highlights, frustrations security team
 
 
 
 
Expand article

The Hannaford PCI Fallout

2008-03-28 13:07:12 by Marc Othersen in Security & Risk Management
 
...audits 3) Lawsuits abound. Cardholders may form a class action lawsuit against Hannaford for failing to protect their information. Hannaford may sue its PCI auditors for damages caused by inadequate audits 4) Organizations may want a second opinion. Organizations governed by PCI may, in the short term, pay for additional reviews of their...
 
Tags: pci, current pci standard, pci standard, pci compliance auditors, pci audit, normal pci auditors, hannaford, standard, pci auditors
 
 
 
 
Expand article

Unauthorized access to the Stryker Corporation VPN

The Article has images
2008-04-17 12:45:57 by Evan Francen in The Breach Blog
...audits should be conducted on a quarterly basis or at least semi-annually. Usually, we recommend more frequent audits in organizations where there is more employee turnover Further, it changed the passwords of all service accounts Evan] Changing service passwords is often times a @$%^#! A necessary evil Stryker has also implemented a policy...
 
Tags: stryker, stryker corporation, stryker suspects, stryker immediately, immediately, stryker intends, stryker servers, servers, evan user
 
 
 
 
Expand article

Stolen account firm laptop contained personal information

The Article has images
2008-04-28 09:50:55 by Evan Francen in The Breach Blog
...audits performed by Hough, MacAdam & Wartnik LLC of North Bend Evan] We see too many breaches occurring through contractor/vendor relationships Although, there have been no known reports of identity theft from any of the 482 employees notified, the computer has not been found and, according to a letter from the firm, thieves sometimes hold...
 
Tags: information, clients personal information, clients, personal information, specific information, store confidential information, client information, confidential information, personal information inside