securitycompliance

Security Triangle+ People Process Technology+

by

As other blog posts have mentioned  in the past: Schneier: https://www.schneier.com/blog/archives/2013/01/people_process.html http://www.computerweekly.com/blogs/david_lacey/2013/01/we_need_more_use_of_security_t.html Here is the “Security Triangle” People, Process, and Technology. Image from: http://www.business2community.com/online-communities/social-intranets-merging-people-process-and-technology-0126252   Even though the image above is for social media, I like it because it shows the number of items in People that must be behind your new security push. “Security People” … Read more

What is Your Risk Level?

by

We are talking IT security risk – not financial or other security. IT security Risk – How to define it? Colors Green, Yellow, Orange, Red ? Numbers 12345 , or wording – low, med, high.   Image from BCM – Business Continuity Management Institute   But whatever we use it may not be very accurate in … Read more

Application Security Testing : Do It Now

by

Yes as Veracode says: https://www.veracode.com/blog/2015/07/application-security-assessment-reviewing-your-testing-program-sw They list 3 misconceptions: QA (Quality Assurance) is when development is done. Third party software does not need testing Developers don’t care about security   We have to perform QA during development as well as after. All software needs security testing and not just functional testing. Sio what should you … Read more

How To Stay Secure in Insecure World

by

I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html   It is best to use good passwords, 2factor authentication, and patch your systems   The first article points to how a fake website was set up and delivers a zero-day java exploit attack onto unsuspecting users as they come in the website, and you … Read more