Risk Management and Information Security
725 views | +0 today
Follow
Risk Management and Information Security
Supporting Business By Protecting Information
Curated by InfoSec
Your new post is loading...
Your new post is loading...
Suggested by Lionel Ferette
Scoop.it!

Bring Your Own Device And PCI Compliance

Bring Your Own Device And PCI Compliance | Risk Management and Information Security | Scoop.it
Bring your own device or BYOD is all the latest rage.  I believe that the reason for that exuberance is the consumerization of technology.  It is that exuberance through BYOD that has made everyone...
more...
Abhishek Kishore Gupta's curator insight, September 15, 2014 2:47 AM

Balancing Act for Cardholders Data....

Suggested by Lionel Ferette
Scoop.it!

Securing your kids online - in 22 languages

Securing your kids online - in 22 languages | Risk Management and Information Security | Scoop.it
At SANS Securing The Human we know and understand that security awareness is a global challenge. To support the diverse needs of your organization, we provide our training in over 20 different languages.
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Lessons From Ignite: 5 Tips for CISOs Presenting to the Board

Lessons From Ignite: 5 Tips for CISOs Presenting to the Board | Risk Management and Information Security | Scoop.it

You have 5 minutes to explain why you are relevant to the business and define your organization’s risk posture…ready…set…GO!!!

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

NIST Revises Software Patch Management Guide for Automated Processes

NIST Revises Software Patch Management Guide for Automated Processes...
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

SIRv13: Be careful where you go looking for software and media files - Microsoft Malware Protection Center - Site Home - TechNet Blogs

The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do business and to shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors take advantage of people's desire to share and find the best deals by using social engineering in attempt to infect computer systems.

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

What is iRisk? - SecurityState Community Wiki

What is iRisk? - SecurityState Community Wiki | Risk Management and Information Security | Scoop.it

For many years now the information security industry has attempted to adapt existing Risk Management practices for the task of managing information security. Numerous frameworks have been devised over the years, including FAIR, OCTAVE, ISO 27001/27005 and NIST 800-53/NIST 800-39 just to name a few. While each of these existing frameworks has a number of strengths, SecureState has found most clients have a great deal of difficulty in implementing any of them. To address this, SecureState has devised its own “iRisk Equation,” designed to provide organizations with a risk management approach which is relatively easy and inexpensive to begin implementing and can be improved over time as additional information is gathered about the organization’s environment.

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Does it make sense to keep changing your passwords?

Here's the question then - why do we have to change our passwords every 30 days, or whatever you are forced into?
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Accessibility and the Untold Issue Around Cloud

Accessibility and the Untold Issue Around Cloud | Risk Management and Information Security | Scoop.it
While helping create the Cloud Computing Code of Practice alongside the New Zealand Computer Society, I was approached by Kevin Prince who is the Manager of Innovation and Development working within the Access, Innovation & Enterprise unit of the...
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

The Amazon Cloud and PCI Compliance

The Amazon Cloud and PCI Compliance | Risk Management and Information Security | Scoop.it

If there ever was a hot topic these days it would be “The Cloud” and, in particular, the Amazon cloud. And that discussion inevitably leads to how are the Amazon cloud offerings are PCI compliant? A lot of this discussion has to do with the very limited amount of information regarding the Amazon service offerings. For some very bizarre reason, Amazon puts organizations interested in their PCI compliant services in a Catch-22 situation. Unless you sign up for one or more of the services, you cannot obtain the information on how the Amazon service offerings are PCI compliant. As a result, there is a lot of mis-information running around regarding the Amazon cloud. So to debunk all of the myths running around, I thought I would explain what the Amazon cloud is and is not and how it ends up PCI compliant and what you need to understand when deciding to use the Amazon cloud.

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

FBI Credit Card Ring Bust Exposes PCI Challenges - Dark Reading

"This seems like a significant blow to the effectiveness of PCI. After years of regulation and 'enforcement,' it appears that little progress has been made in actually securing cardholder data. Of course, that assumes the goal of PCI is to secure data. If you look at the PCI DSS as a means of transferring liability for the security of card holder data, then the question of PCI effectiveness can be viewed in dramatically different light.”

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Is it really OK to say ‘No’? | Secureholio

As information security professionals we often get the stigma of being “the department of no”. We tend to rain on everyone’s parade who doesn’t take a second and think “huh…you mean validating input would be a good idea?”

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Java in the cross-hairs of Enterprise Security

Java in the cross-hairs of Enterprise Security | Risk Management and Information Security | Scoop.it
Enterprises seem to have a rather obvious love-hate relationship with our old pal Java.  It's a fat client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other great alternatives right now.
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

The inevitability of a data breach - The mental hurdle Security Executives must get over

The inevitability of a data breach - The mental hurdle Security Executives must get over | Risk Management and Information Security | Scoop.it
The genesis of this blog post is a presentation and follow-up conversation with a group of executives from one of the Fortune 100 companies my various teams support.
more...
No comment yet.
Scooped by InfoSec
Scoop.it!

Cybergangs target online shoppers - USA TODAY

Cybergangs target online shoppers - USA TODAY | Risk Management and Information Security | Scoop.it
Cybergangs target online shoppersUSA TODAYWhat's more, roughly half of them use Web browsers lacking the latest security patches, making them prime targets for computer infections that saturate the Web.
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Frequency X Blog

Frequency X Blog | Risk Management and Information Security | Scoop.it

I’m happy to announce that today the IBM X-Force Mid-Year 2012 Trend and Risk report is out the door!

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Amazing mind reader reveals his 'gift'

Dave is an extremely gifted clairvoyant who finds out specific financial information. This video reveals the magic behind the magic, making people aware of the fact that their entire life can be found online.

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Trustworthy Computing - Cloud

The decision to deploy cloud computing is a strategic one. Many organizations are curious to learn more about their IT environments and evaluate whether deploying cloud services is appropriate.

 

Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.

more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Is Your Organization Doing Good Things Or Doing The Right Things? - Dark Reading

Is Your Organization Doing Good Things Or Doing The Right Things? - Dark Reading | Risk Management and Information Security | Scoop.it
Fixing vulnerabilities that are a real threat is the right thing to do...
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Small merchants claim that costs are a major hindrance when it comes to PCI DSS compliance

Small merchants claim that costs are a major hindrance when it comes to PCI DSS compliance | Risk Management and Information Security | Scoop.it
Cost and education are the biggest hindrances and failings around PCI compliance.
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

CSIS: 20 Critical Security Controls

CSIS: 20 Critical Security Controls | Risk Management and Information Security | Scoop.it
Twenty critical security controls for effective cyber defense and audit guidelines courtesy of the SANS Institute.
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

The Ten Commandments of BYOD - IT Management - News & Reviews - Baseline.com

IT departments dealing with the BYOD (bring your own device) challenge are facing tough decisions on how to manage the array of devices and operating systems that employees want.
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

The Value of Security Profiling: Take the Test And See Your Score | SecurityWeek.Com

One of the first steps you have in a formal security program is the Risk Analysis, closely followed by the Business Impact Assessment. Is there another step in here that helps improve how well you know yourself?
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

4 Reasons Why IT Security Needs Risk Management - Dark Reading

Risk management ties infosec to the rest of the enterprise...
more...
No comment yet.
Suggested by Lionel Ferette
Scoop.it!

Microsoft Security :: Microsoft Security Update Guide | MSRC

The Microsoft Security Update Guide is a valuable source of in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment.
more...
No comment yet.