Trouble spotted on the network
No sophisticated SOC? You can still be pretty sure that you’re aware of anything potentially troublesome.
Stories by By Mathias Thurman
-
-
SaaS risks come into focus
Sometimes, security risks are hiding in plain sight.
-
Stop Passing Around Those Passwords!
The company has sanctioned the use of an online password vault, so why is there a spreadsheet making the rounds that contains scores of passwords to servers that contain sensitive data?
-
Selling IT on getting the most out of a new firewall
We bought a next-generation firewall, as I had hoped we would. The real trick, though, was getting the IT department to take full advantage of all of its advanced functionality.
-
Taking our breach response plan for a test-drive
One thing that we security managers can be sure of is this: There is no guarantee that our company will not suffer a security breach. In fact, the odds are increasing all the time, helped along by the proliferation of mobile devices, companies' heavy use of software as a service and the <a href="http://www.computerworld.com/category/consumerization/?nsdr=true">consumerization of IT</a>. And let's face it: Creating a culture that fosters innovation and attracts talent exacts a cost in defensibility.
-
With greater visibility comes increased response
I mentioned in a previous article that we are using <a href="http://www.computerworld.com/article/2894450/making-the-case-for-security.html">a "loaner" Palo Alto Networks firewall</a>, with all the bells and whistles. Our testing led to all sorts of interesting discoveries, and I certainly hope that the executive staff will agree that the increased visibility makes this sort of new-generation firewall well worth the investment.
-
Making the case for security
Having been at my new company for several months now, this week I was invited to inform executive management about the state of our security. I had half an hour to formally introduce myself and talk about my philosophy, my initial findings and the priorities I think we need to have.
-
Awareness on the cheap
You don't have to spend a lot of money on some information security initiatives. Take <a href="http://www.computerworld.com/article/2504968/cyberwarfare/security-awareness-can-be-the-most-cost-effective-security-measure.html">security awareness</a>, for example. You can get huge returns with small investments.
-
Detoured by Shellshock and Poodle
As I moved into the information security position at my new company a few weeks ago, I was anxious to do a full assessment of our security defenses. But I was immediately sidetracked by, not one, but two major vulnerabilities that couldn't be ignored. Those were fires that had to be put out before I could do anything else.
-
The security function needs SMART metrics
I've become a <a href="http://www.computerworld.com/article/2554061/security0/measuring-the-value-of-metrics.html">big fan of metrics</a>. I wasn't always, but throughout my career in information security, I've had bosses who have challenged me on metrics, and I have honed my skills so that now I feel the metrics I collect meet the "SMART" test: specific, meaningful, actionable, repeatable and time-dependent.
