Information Security Resources

Entries for the ‘Security Management’ Category

How do companies implement a strategic information security program?

seanbethune asked: In almost all cases, large corporations do a miserable job of implementing and maintaining an information security management program. How can information security justify the business investment to reduce risk and improve security across the enterprise while still maintaining business agility and minimal I.T. bureaucracy? Caffeinated Content

Comments (3)

Survey reports increased IT data theft during times of recession

McAfee Inc. announced in their 2009 findings that the global recession is putting vital company information at greater risk than ever before. As the global recession continues, desperate job seekers are stealing valuable corporate data, which may be seen as desirable by potential future employers. When times are difficult, employees that are laid off are more […]

Leave a Comment

Deltaprima – Konsultan Manajemen Keamanan Informasi, It Security, Iso 27000 – Iso 27001 Consultant, Business Continuity, Bcp Drp, Disaster Recovery

ISO IEC 27001 International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to […]

Leave a Comment

Aligning Employee Attitudes with Security Policies

Don’t overlook your employees’ rejection of your security policies. Without their understanding and acceptance, your company’s information security is at stake. Here is a very good article why we should and how we can enforce security policies in a corporate environment: As we have discussed before in this blog, the point is that you […]

Leave a Comment

Security Policy: Summary of Experts’ Opinion

Let’s begin by looking at the meaning of the word “policy”. Walt, C. (2001a) defines a policy in practical security terms as “a published document (or set of documents) in which the organization’s philosophy, strategy, policies, and practices with regard to confidentiality, integrity and availability of information.” In other words, it’s actually management’s intention for […]

Leave a Comment

What is Risk, Vulnerabilities, Threats, and Countermeasures: Risk Management Lesson 101 for Information Security

In this article, I will use layman’s terms and descriptions to help you understand the various fundamental concepts of Risk Management in Information Security. To illustrate those concepts, I like to use a popular diagram1 from Common Criteria, shown below: In the center of this diagram you’ll find the term vulnerabilities. Vulnerabilities are any weaknesses […]

Leave a Comment

How Do Brute Force Password Crackers Work? And how to avoid your password being cracked by a password cracker

Brute force password cracker is one kind of  Password Crackers. Password Crackers is a piece of software that attempts to break into a system by trying many different user names and passwords. To break a password, a Password Cracker uses two methods of attack to break into your account. The first method is Brute Force […]

Leave a Comment

Re-Conceptualizing Security

Yesterday morning, I managed to find some time to attend the 9th INFOSECURITY CONFERENCE in Hong Kong. One of the keynote speakers was Bruce Schneier, a security guru and founder and CTO of BT Counterpane – an information Security firm offering managed security services. Bruce, the author of several best-selling books on the subject, presented […]

Leave a Comment