Showing Blog Posts: 1–10 of 140 tagged Enterprise Defense

  • The Power of Immutable

    by Securosis Team on November 9, 2015

    If you've been following any of my work for the past couple years, you know I've become a huge advocate of cloud computing and DevOps. Not because I've been caught up in any sort of hype machine, but because I've been spending the past five years or so working with them hands-on and helping organizations as they transition to cloud. The deeper I delved into cloud the more I started to adopt…

  • Type Safety, Containers, and What Immutability Does For Operational Security

    by Chenxi Wang on October 30, 2015

    In programming language, there is a concept called Type Safety. Type safety means a set of rules that the language enforces to prevent type errors that a programmer may make, which may lead to unintended or unsafe access to memory. C and C++ are not type-safe languages as the programmer has an incredibly amount of latitude to mix up values and data types. Because of weak type rules, memory attacks…

  • Cloud Data Centers and Cost Modeling: A Complete Guide To Planning, Designing and Building a Cloud Data Center

    by Ben Rothke on October 21, 2015

    Building a large enterprise data center is a mammoth task with myriad details. In an encyclopedic work, Cloud Data Centers and Cost Modeling: A Complete Guide To Planning, Designing and Building a Cloud Data Center, (Morgan Kaufmann ISBN 978-0128014134), authors Caesar Wu and Rajkumar Buyya have written an extremely detailed and comprehensive guide on how to effectively build a cloud data center. …

  • Glass Houses are Cheaper: the Case for Transparent Pentesting

    by Wendy Nather on September 16, 2015

    When you engage an external company to do vulnerability assessments and penetration testing, you have a few options on how to scope it. Here are some of them: Win/lose engagement: either they get in, or they don't. In a previous life, I bought pizza for the consultants if they got in during the annual pentest. For four years I bought pizza, and then in the fifth year my wallet finally got a break. …

  • Treat Yourself to a SPA, Not a Pen Test

    by Rook Security on August 27, 2015

    A lot of companies are asked to do a pen test by their clients, because they think a pen test will let them know if their business partner’s technology is “secure” against cyber threats. The scan happens. The areas that need to be fixed are fixed. And the client feels warm and fuzzy inside. However, this feeling is misleading as the company isn't necessarily more secure— all it says is that you…

  • CISO Guide to Being an Effective Security Leader

    by Fahmida Y. Rashid on August 10, 2015

    With all the data breaches and security headlines of the past year, it was inevitable that the role of the CISO would become much more visible. Organizations are increasingly hiring CISOs or creating senior-level security positions, but there is still a lot of confusion about what a CISO actually does. The job description has changed from mitigating exposure and securing the perimeter, to one of…

  • Digital Identity Management

    by Ben Rothke on August 6, 2015

    Digital identity management is a broad term; but when applied to information security, refers to identifying users with a network, application or system and controlling their access to resources within those systems and applications. An interesting point made early in Digital Identity Management (Elsevier 978-1785480041) is that French Interest users averaged 16.4 digital ID’s in 2013; which is up…

  • Peers Discuss Supply Chain, Governance

    by RSAC Contributor on August 3, 2015

    Puneet Kukreja, senior security advisor of National Australia Bank, led security and risk professionals from financial services, automotive, and energy sectors in a roundtable discussion about supply chain security as part of the Peer-to-Peer session at RSA Conference 2015 in San Francisco. Below is Kukrejas notes from the session. Approximately 30 attendees were present for the roundtable…

  • Peers Discuss Partner Security

    by RSAC Contributor on July 31, 2015

    Ken Morrison, principal of IT consultancy Morrison Consulting, led security and risk professionals in a discussion about outsourcing as part of the Peer-to-Peer discussion at RSA Conference 2015 in San Francisco. Below is Morrison's notes from the session. Outsourcing to global partners is a regular activity by companies seeking to leverage their resources. Our session, Who’s invited to Your…

  • Data Protection and Identity and Access Management Domains

    by RSAC Contributor on July 24, 2015

    This is the second in a three-part series on IT security from Forsythe Technology. This post looks at data protection and identity and access management. Other posts covered core infrastructure and threat and vulnerability management and governance and application security. Your Data Has Left the Building: Are You Protecting It? In the previous post, I talked about the current role of perimeter and…

This document was retrieved from on Fri, 27 Nov 2015 05:03:03 -0500.
© 2015 EMC Corporation. All rights reserved.