We all know that information security relays on a layered approach. It´s about people, process/programs and technology. And we all know about Advanced Persistent Threats. How they work, attack vectors, etc. And even so, more and more companies are attacked by each day. I just want to highlight two incidents that are critical on my opinion and will act as the basis of my argumentation. One of the incidents happened to Coca-Cola. They were attacked by hackers on 2009 and the effect of this was the collapse of one giant company acquisition that Coca-Cola was negotiating in China. What is... Read more →
« October 2012 | Main | December 2012 »
Posts from November 2012
30 November 2012
Making the users accountable
Posted by Alexandre Cezar on 30 November 2012 at 08:56 PM in Cybersecurity Training, Insider Risk, IT Security, Risk | Permalink
|
Comments (4)
28 November 2012
FedRAMP: A progress report from a 3PAO
The Federal government’s cloud first policy is in full swing. It has been 6 months since the Federal Risk and Authorization and Management Program (FedRAMP) was granted initial operating capability to streamline cloud security management and vendor approvals in an effort to strengthen our national IT infrastructure. In short, FedRAMP requires a few things. One, that government agencies identify 3 low- and moderate-impact federal systems that must be moved to commercial cloud environments by 2015 (reduced cost, operating efficiency is the MO here). Two, accredit independent third party assessment organizations (3PAO) to assess cloud environments to a known set of... Read more →
Posted by Tom McAndrew on 28 November 2012 at 11:54 AM in Cloud Security, Government , IT Security, Risk | Permalink
|
Comments (0)
21 November 2012
Are We Ready To Fight The Next Generation Of Threats? New (ISC)2 Survey Lets You Give The Answer
By Greg J. Thompson, CISSP, Vice President, Enterprise Security Services, Scotiabank As security professionals, we understand the concept of risk. These days, most of the risk discussion centers around the evolution of new threats, the presence of known and unknown vulnerabilities, the likelihood of an attack or infection, and the cost of a breach to the organization. All of the above are important factors in calculating risk, but there is another crucial factor which is often overlooked: the availability of skilled personnel. In today’s rapidly evolving security environment, the presence (or absence) of trained technical staff can make the difference... Read more →
Posted by Greg Thompson on 21 November 2012 at 01:19 PM | Permalink
|
Comments (1)
16 November 2012
Take Charge of Your (ISC)2 Membership – Vote in the Board of Director Elections
Today marks the start of an important official process for (ISC)2 – the annual Board of Director elections. The Board is responsible for providing governance and oversight for the organization, granting credentials to qualified candidates, and enforcing adherence to the (ISC)2 Code of Ethics. They determine policies, develop procedures, and provide strategic direction for (ISC)2. I urge you to take charge of your membership and let your voice be heard in the 2012 election. As a member-driven organization, your vote helps to set the strategic direction of the organization over the next year. (ISC)2 exists by and for its membership,... Read more →
Posted by Hord Tipton on 16 November 2012 at 03:30 PM | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (150)
- Center for Cyber Safety and Education (50)
- Cloud Security (126)
- Cybersecurity Certifications (368)
- Cybersecurity Training (305)
- Cybersecurity Workforce (224)
- Digital Forensics (27)
- Ethics (49)
- Government (105)
- Insider Risk (55)
- IT Security (359)
- Legal (42)
- Malware (101)
- Network Security (165)
- Operations Security (133)
- Privacy (102)
- Ransomware (63)
- Risk (175)
- Software Development (43)
- Spotlight (68)