I am surprised I didn’t post this one. In any case, here it is. The Top Five I.T. Control Weaknesses by BEN WORTHEN. Failure to segregate duties within applications, and failure to set up new accounts and terminate old ones in a timely manner. Lack of proper oversight for making application changes. Inadequate review of [...]
More...Good article on risk management on Computerworld by Samir Kapuria. In this article, Samir described a 3 step process in which a security assurance team should take for risk management. The only thing I would recommend changing is to separate the incident response step from the Application step. Right now Samir has both mixed into [...]
More...Register for this event This is quite a webcast. LogLogic did one not too long ago and there’s such a demand that it will be re-broadcasted LIVE.
More...Q1 Labs’ entry into the SEM market. Seems like they are competing with the Cisco MARS product.
More...My article, IT Needs Help Finding Root Causes , has been published in the 8/15/05 print edition of Computerworld.
More...I am quoted in this article on the Cisco vulnerability disclosure incident.
More...My article, What to do before an IOS disaster strikes, has been published on Computerworld. The following list of links are related to the Black Hat event that happened last week. SecurityFocus: Cisco, ISS file suit against rogue researcher North American Network Operators Group BoingBoing: Michael Lynn’s controversial Cisco security presentation Wired: Whistleblower Faces FBI [...]
More...Most of the respondents to Gartner survey on security are concerned about viruses, outside hacking, identity theft and spyware. Their least concerns are cyber-terrorism, social engineering and zero day threats. Isn’t this amazing? Zero day threats being the least concerned risk. Everyone and their mother’s talking about zero day threats these days and selling products [...]
More...Ron Lepofsky from ERE Information Security had a great article, CFO responsibility to fund log analysis for Sarbanes-Oxley compliance, on SC Magazine. Here’s a summary SC Magazine provided: Corporations responsible for complying with Sarbanes-Oxley, face great hurdles with a basic compliance objective: analysis of their (server and security device) event logs. Some do not for [...]
More...A couple of interesting and relevant articles from CSO Magazine. Trends 2005: Risk And Compliance Management by Michael Rasmussen. Clearing Up the Muddled Security Management Market by Andrew Braunberg
More...
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.