Recently I had an interesting conversation with a client about the pros and cons of moving from an in-house enterprise Practice Management System (PMS) to a cloud-based (SaaS) solution. Needless to say, our conversation centered on the information security implications of the potential move. I was intrigued when he indicated that the PMS vendor was both SOC 2 and ISO 27001 certified. While we were chatting I pulled up ...
Lately a lot of clients have been asking me to provide what I refer to as “security on demand.” The client basically asks: “My users want me to give them this (commercial off the shelf software) application — is it secure?”
That’s a very simple question, but often the answer is a lot more complex. At a minimum, it might take me considerable time to research the issue. I need to check the Microsoft Security Research & Defense blog, ...
Continue Reading →
As a result of the devastation from Hurricane Sandy, the possibility of another similar—or worse—weather incident and our ever-increasing reliance on the cloud, we have to ask ourselves two questions:
In this 2-Part Special Report, we will uncover the answers to those questions, and shed light on the things that need to be done today.
Read the article ...
Continue Reading →
We conduct hundreds of vulnerability assessments and penetration tests per year at Pivot Point Security. While the overall security postures of most organizations is notably better today than it was ten years ago, I think that vulnerability and configuration management practices specifically are not much better today than they were then.
The improvement in security posture as a whole is largely attributable to Microsoft getting more serious about security in the middle of ...
Continue Reading →
In a recent blog post, one of my colleagues at Pivot Point Security wrote about a client firm that was hacked due to a vulnerability in one of its web applications. While they regularly ran network vulnerability tests against their web server, they had overlooked their applications, which were not coded with security in mind and had never been properly tested for vulnerabilities.
You don’t want to find out the hard way about security vulnerabilities in your web applications — ...
Continue Reading →
Join the other subscribers and receive Information Security article updates by email.
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Techno Blog
In The News
RSS Feed
