Social Network For Security Executives: Help Make Right Cyber Security Decisions
Digital Risk Protection ( DRP ) is a term possibly popularized or coined by Forrester to describe the market of tools and technologies to protect from the risks posed by externally facing digital assets. As per Forrester: “Most buyers (77%) are purchasing DRP tools as net-new solutions for their organizations (as opposed to replacing an existing capability). They’re adding DRP to their existing security technology stacks to better tackle digital risk activities — namely, to improve their external digital risk visibility and to streamline the ensuing remediation.” Here are the Critical Capabilities For Digital Risk Protection.Continue
Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how mature is your program?
One way to answer that would be to compare your program with the industry practice and identify relative position of your organization. For example, if the industry benchmark is 2 (out of 3) and you are at 0.05, then there are many things that need your immediate attention.
So how do I measure vis-à-vis industry?
The answer to that…Continue
Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it.
Advance threat protection is not about a single security solution, It is about a combination of security controls, best practices/procedures, security awareness and continuous monitoring. It is more of a program based approach than a single solution. Although we understand Advance threat protection has a broad scope, here in this category we have focused on tools/solutions those employs both signature based and signature-less methods (Advance Sandboxes, Behavioral analytics, Advance correlation/machine learning, Deception technique etc. ) to detect advance threats by analyzing Web, and Network traffics.…
A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers. Following tips will help to choose penetration testing vendor.
Good indicators of vendor’s technology competency are:
Hi CISO This is the Chapter 2 Information Security Incident Response. It is a part of Security Operations Analysis - Crowdsourcing eBook on Peerlryst - Click Here
Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered indicators of compromise (IOC).
In this chapter we are going to discover the following topics:
“What is the easiest way to allow only Indian public IP addresses to connect to my Web server? I want my public server to be inaccessible for any foreign IP address.” (question posted on behalf of a CISO member) Continue
Recommend an influencer whom we might have missed: We have chosen 82 and look forward to remaining 18 nominations. Now you can suggest us names with their contribution.----> Just reply to the discussion and add your favourite influencer!Continue
Anyone can share their experiences with DNIF and aujas as they are their partner for implementation (question posted on behalf of a CISO member) Continue
Concept Shifting the Security to Left.. to get views and is it practical? Also how and what tools & processes required for it to be successful ? (question posted on behalf of a CISO member) Continue
Anyone using Arcon, for Privilege Account/Access management? Wanted to get feedback? (question posted on behalf of a CISO member) Continue