Social Network For Security Executives: Help Make Right Cyber Security Decisions
Business applications are vital for the successful functioning of any organization. Therefore, managing their information security risks are just as important as the business itself. If I ask about different measures you take to ensure security of your applications, you might reply with few initiatives such as periodic secure code reviews, external scans, vulnerability assessments & penetration testings and perhaps audits etc. But what If I asked how mature is your program?
One way to answer that would be to compare your program with the industry practice and identify relative position of your organization. For example, if the industry benchmark is 2 (out of 3) and you are at 0.05, then there are many things that need your immediate attention.
So how do I measure vis-à-vis industry?
The answer to that…Continue
Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it.
Advance threat protection is not about a single security solution, It is about a combination of security controls, best practices/procedures, security awareness and continuous monitoring. It is more of a program based approach than a single solution. Although we understand Advance threat protection has a broad scope, here in this category we have focused on tools/solutions those employs both signature based and signature-less methods (Advance Sandboxes, Behavioral analytics, Advance correlation/machine learning, Deception technique etc. ) to detect advance threats by analyzing Web, and Network traffics.…
A common question is why should we get a third party penetration testing company? Why not choose a team from your current technical group to handle the network security test? For one, security audits like traditional financial audits are better done by outside companies with no bias and partiality to anyone or anything within your organization. Another reason to hire a security testing company is that one may find it difficult to hire and retain Penetration Testers. Following tips will help to choose penetration testing vendor.
Good indicators of vendor’s technology competency are:
Hi CISO This is the Chapter 2 Information Security Incident Response. It is a part of Security Operations Analysis - Crowdsourcing eBook on Peerlryst - Click Here
Identifying and responding to data security incidents is at the center of security activities. The group appointed to security operations is relied upon to monitor the organization's advantages inside extension and respond to security events and incidents, including the identification and examination of what might be considered indicators of compromise (IOC).
In this chapter we are going to discover the following topics:
It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.
With any security program, the goal is to identify the vulnerabilities, the related risks, mitigations or compensating controls that can be implemented. With the volume of development including libraries and binaries from third-party/open source repositories like: Git-Hub, stackify, or Microsoft, different steps and processes need to be implemented to ensure system and data owners are aware of the risks related to any system.
Using third-party code can greatly accelerate application development, however it brings with it a certain amount of risk. Some of these can be mitigated, however, modifying third-party code may likely be outside your organization’s capabilities. Those risks need to be properly documented either as part of the overall risk…
Anyone can share their experiences with DNIF and aujas as they are their partner for implementation (question posted on behalf of a CISO member) Continue
Concept Shifting the Security to Left.. to get views and is it practical? Also how and what tools & processes required for it to be successful ? (question posted on behalf of a CISO member) Continue
Anyone using Arcon, for Privilege Account/Access management? Wanted to get feedback? (question posted on behalf of a CISO member) Continue
Hello, has anybody tested Forescout solution to identify the complete repository of IT Inventory? How successful it is and what were your observations? (question posted on behalf of a CISO member) Continue
Hi, wish to know how some of you manage vendor security assurance. One model I observe as emerging is, having a common platform and avoiding redundant efforts. Some players like Helios, KY3P offer this as service. What's your take and have any of…Continue