I’m an unabashed fan of Security Information Event Management (SIEM). As an Information Security Auditor, any solution that can simplify the process of compliance is alright in my book. One of the strengths of most modern SIEM solutions is the ability to leverage correlation rules to detect security incidents in near-real time.
The challenge with correlation rules is that in a sense they are “signature based” in that you largely have to know the situation you ...
Continue Reading →I’m well aware of Marcus Ranum’s very considerable contributions to the Information Security space; however, I don’t believe his most recent blog post/whitepaper is one of them. My challenge isn’t with the vast majority of Ranum’s assertions regarding the challenges of Risk Management, the importance of security practitioners communicating the honest truth, and management’s ability to irrationally rationalize away risk. On the contrary, I think virtually all of his observations are spot-on. Rather I am frustrated that ...
Continue Reading →It has been said “When it comes to achieving excellence, figuring out what needs to be done isn’t nearly as difficult as continuing to do what needs to be done over the long term.” A recent internal project illustrated this adage all too well.
As we continuously seek to improve the level of excellence of our professional services delivery a friend suggested we review ”Six Disciplines for Excellence” (a system intended to insure that an organization diligently executes on a well ...
Continue Reading →
I recently read an interesting statistic – only 85 US companies have achieved ISO27001 Certification. Putting this info into perspective, over 3,000 companies in Japan have been certified. What’s more interesting is that we (Pivot Point Security) currently have four ISO27001 related projects on the schedule, where last year at this time, we had zero. Assuming our competitors are seeing similar interest, it appears as though we are on the verge of a real ...
Continue Reading →More than half of all employees who lost or left their jobs last year took confidential company data with them, according to the study released by the Ponemon Institute and Symantec, 59 percent of ex-employees admitted to stealing confidential company information. The most commonly taken data included e-mail lists, employee records, customer information, and non-financial information.
Over the last year, we have not only had direct experience ...
Continue Reading →
Join the other subscribers and receive Information Security article updates by email.
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Simplified Blog
Techno Blog
In The News
RSS Feed
