Showing Blog Posts: 1–10 of 142 tagged Enterprise Defense

  • Managing Online Risk: Apps, Mobile, and Social Media Security,

    by Ben Rothke on December 1, 2015

    Twitter has ended the careers of many high-profile athletes and politicians. Inappropriate Instagram photos have led to suicides. Negative feedback on Facebook has sent many brands running for cover. While the benefits of social media are significant, so are the risks. Knowing how to deal with those risks in advance can save not just money and reputations, but lives. In Managing Online Risk:…

  • Security Operations Center: Building, Operating, and Maintaining your SOC

    by Ben Rothke on November 30, 2015

    Large enterprises have numerous information security challenges. Aside from the external threats; there’s the onslaught of security data from disparate systems, platforms and applications. Getting a handle on the security output from numerous point solutions, generating millions of messages and alerts daily is not a trivial endeavor. As attacks becoming more frequent and sophisticated and with…

  • The Power of Immutable

    by Securosis Team on November 9, 2015

    If you've been following any of my work for the past couple years, you know I've become a huge advocate of cloud computing and DevOps. Not because I've been caught up in any sort of hype machine, but because I've been spending the past five years or so working with them hands-on and helping organizations as they transition to cloud. The deeper I delved into cloud the more I started to adopt…

  • Type Safety, Containers, and What Immutability Does For Operational Security

    by Chenxi Wang on October 30, 2015

    In programming language, there is a concept called Type Safety. Type safety means a set of rules that the language enforces to prevent type errors that a programmer may make, which may lead to unintended or unsafe access to memory. C and C++ are not type-safe languages as the programmer has an incredibly amount of latitude to mix up values and data types. Because of weak type rules, memory attacks…

  • Cloud Data Centers and Cost Modeling: A Complete Guide To Planning, Designing and Building a Cloud Data Center

    by Ben Rothke on October 21, 2015

    Building a large enterprise data center is a mammoth task with myriad details. In an encyclopedic work, Cloud Data Centers and Cost Modeling: A Complete Guide To Planning, Designing and Building a Cloud Data Center, (Morgan Kaufmann ISBN 978-0128014134), authors Caesar Wu and Rajkumar Buyya have written an extremely detailed and comprehensive guide on how to effectively build a cloud data center. …

  • Glass Houses are Cheaper: the Case for Transparent Pentesting

    by Wendy Nather on September 16, 2015

    When you engage an external company to do vulnerability assessments and penetration testing, you have a few options on how to scope it. Here are some of them: Win/lose engagement: either they get in, or they don't. In a previous life, I bought pizza for the consultants if they got in during the annual pentest. For four years I bought pizza, and then in the fifth year my wallet finally got a break. …

  • Treat Yourself to a SPA, Not a Pen Test

    by Rook Security on August 27, 2015

    A lot of companies are asked to do a pen test by their clients, because they think a pen test will let them know if their business partner’s technology is “secure” against cyber threats. The scan happens. The areas that need to be fixed are fixed. And the client feels warm and fuzzy inside. However, this feeling is misleading as the company isn't necessarily more secure— all it says is that you…

  • CISO Guide to Being an Effective Security Leader

    by Fahmida Y. Rashid on August 10, 2015

    With all the data breaches and security headlines of the past year, it was inevitable that the role of the CISO would become much more visible. Organizations are increasingly hiring CISOs or creating senior-level security positions, but there is still a lot of confusion about what a CISO actually does. The job description has changed from mitigating exposure and securing the perimeter, to one of…

  • Digital Identity Management

    by Ben Rothke on August 6, 2015

    Digital identity management is a broad term; but when applied to information security, refers to identifying users with a network, application or system and controlling their access to resources within those systems and applications. An interesting point made early in Digital Identity Management (Elsevier 978-1785480041) is that French Interest users averaged 16.4 digital ID’s in 2013; which is up…

  • Peers Discuss Supply Chain, Governance

    by RSAC Contributor on August 3, 2015

    Puneet Kukreja, senior security advisor of National Australia Bank, led security and risk professionals from financial services, automotive, and energy sectors in a roundtable discussion about supply chain security as part of the Peer-to-Peer session at RSA Conference 2015 in San Francisco. Below is Kukrejas notes from the session. Approximately 30 attendees were present for the roundtable…

This document was retrieved from on Tue, 01 Dec 2015 11:29:10 -0500.
© 2015 EMC Corporation. All rights reserved.