SEARCH RESULTS
 
Showing 1-10 of 276 records
 
Expand article

What is a Wise Risk Decision Worth? or ISO 27001 KPIs Follow Up

2008-12-03 15:47:11 by Alex in RiskAnalys.is
 
...resources Brian Honan linked to from Gary Hinson, just because theyre so cool. Gary has invested gobs of time and effort to become one of the defacto resources on the ISO (you might also want to read or re-read Garys web post on the 7 myths of metrics ). Brian links to an implementation guidance document(pdf) and a metrics example(pdf)...
 
Tags: iso, iso google, iso adoption, iso implementation, iso folks, iso adoption helps, risk, google iso compliance, iso implementation differs
 
 
 
 
Expand article

The Economics of Finding and Fixing Vulnerabilities in Distributed Systems

2008-11-18 22:47:55 by Gunnar Peterson in 1 Raindrop
 
...resources invested in Cisco, network admins, etc Host: all the resources invested in Unix, Windows, sys admins, etc Applications: all the resources invested in developers, CRM, ERP, etc Data: all the resources invested in databases, DBAs, etc Tally up each layer. If you are like most business you will probably find that you spend most on...
 
Tags: information security, information, information security spends, safety information security, versus information security, information security budgets, information security budget, software security, software security space
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...resources to allow controls to be effective 2) The board of directors must provide oversight at a level above other business managers. The directors role in information security is to ask managers the right questions and encourage the right results. Directors must set the right tone at the top, communicating to executive management the...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

Personal information stolen from Georgia DHR

The Article has images
2008-03-27 15:51:45 by Evan Francen in The Breach Blog
...Resources Victims Current and former employees Number Affected Unknown Types of Data names, social security numbers, birth dates, home contact and federal tax information Breach Description The Georgia Department of Human Resources is taking extensive measures to alert current and former employees of a breach of confidential records that...
 
Tags: georgia dhr, dhr, georgia, information, agency, agency urges employees, georgia law, georgia department, employees
 
 
 
 
Expand article

Virtual Security = Virtual Performance Challenge

2008-02-14 18:24:44 by John Peterson in Security In The Virtual World
 
...resources have been UNDER utilized. People have traditionally bought a server to host an application and those applications are not always in use. Many times they sit idle while other servers are maxed out and could use the help of those idle CPU's on the server in the next rack. So, by sharing CPU/Memory resources virtualization allows for...
 
Tags: security, symantec security applications, network, network based security, security detail, reflex vsa product, reflex, perimeter security, security application
 
 
 
 
Expand article

Virtual Security = Virtual Performance Challenge

2008-02-14 18:24:44 by John Peterson in Security In The Virtual World
 
...resources have been UNDER utilized. People have traditionally bought a server to host an application and those applications are not always in use. Many times they sit idle while other servers are maxed out and could use the help of those idle CPU's on the server in the next rack. So, by sharing CPU/Memory resources virtualization allows for...
 
Tags: security, symantec security applications, network, network based security, security detail, reflex vsa product, reflex, perimeter security, security application
 
 
 
 
Expand article

Security Consultant Hacks: Size Matters

2007-12-20 05:16:07 by Bill in Grumpy Security Guy
 
...resources within their specialities. Typically these are 1-5 person shops that are fairly niche focused, maybe they specialize in Web Application Security , secure development, or PCI audits Advantages : If you are using them in an engagement that is their speciality you are going to get a lot of bang for your buck. Prices are generally in...
 
Tags: security consultant, security consultant hacks, security, web application security, security consultants, consultants, grumpy security guy, medium shops, employ
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is
...resources to defeat the applications security This works as a quick-and-dirty solution, and in many cases is good enough. Read on if youre interested in a somewhat more involved approach Uncertainty Unfortunately, in the real world we usually dont know Which threat agent is going to act next What their capabilities are, or What our resistance...
 
Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control
 
 
 
 
Expand article

A horse's ass approach to virtualization security - Part 3 - Data is the "constant"

2008-10-23 20:51:00 by Manu Namboodiri in Data Protection, Management and Leakage
 
...resources. It can provide significant cost benefits (by sharing resources), flexibility (by just-in-time allocation of resources where they are needed), and agility (speed of provisioning resources). Therefore, organizations have been able to virtualize Devices/OS : Companies such as VMWare, Citrix, Microsoft, and Sun are providing...
 
Tags: devices, virtual devices, virtual, virtual applications, subsequent virtual world, virtual environments, non-virtual, virtual machine, data