seanbethune asked: In almost all cases, large corporations do a miserable job of implementing and maintaining an information security management program. How can information security justify the business investment to reduce risk and improve security across the enterprise while still maintaining business agility and minimal I.T. bureaucracy? Caffeinated Content
McAfee Inc. announced in their 2009 findings that the global recession is putting vital company information at greater risk than ever before. As the global recession continues, desperate job seekers are stealing valuable corporate data, which may be seen as desirable by potential future employers. When times are difficult, employees that are laid off are more […]
ISO IEC 27001 International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to […]
Don’t overlook your employees’ rejection of your security policies. Without their understanding and acceptance, your company’s information security is at stake. Here is a very good article why we should and how we can enforce security policies in a corporate environment: http://www.cw.com.hk/article.php?type=article&id_article=2588 As we have discussed before in this blog, the point is that you […]
Let’s begin by looking at the meaning of the word “policy”. Walt, C. (2001a) defines a policy in practical security terms as “a published document (or set of documents) in which the organization’s philosophy, strategy, policies, and practices with regard to confidentiality, integrity and availability of information.” In other words, it’s actually management’s intention for […]
In this article, I will use layman’s terms and descriptions to help you understand the various fundamental concepts of Risk Management in Information Security. To illustrate those concepts, I like to use a popular diagram1 from Common Criteria, shown below: In the center of this diagram you’ll find the term vulnerabilities. Vulnerabilities are any weaknesses […]
Brute force password cracker is one kind of Password Crackers. Password Crackers is a piece of software that attempts to break into a system by trying many different user names and passwords. To break a password, a Password Cracker uses two methods of attack to break into your account. The first method is Brute Force […]
Yesterday morning, I managed to find some time to attend the 9th INFOSECURITY CONFERENCE in Hong Kong. One of the keynote speakers was Bruce Schneier, a security guru and founder and CTO of BT Counterpane – an information Security firm offering managed security services. Bruce, the author of several best-selling books on the subject, presented […]
