Tag Archives: Operations Security

The use of SIEM, DLP, and IAM can significantly enhance the capabilities of information security departments. SIEM allows a company to make the access, transfer, and reception of data within the company more apparent and can further improve DLP initiatives in protecting and controlling data within the organization. The advantage of using SIEM, DLP, and IAM within an individual company streamlines the process of protecting vital information and makes the company more efficient. DLP Data Loss Prevention (DLP) is a technology that keeps an inventory of data on organizational devices, it tracks…

Continue reading

The average organization has numerous types of equipment from different vendors. Along with the equipment, businesses also utilize multiple software applications from various developers throughout the organization. This diversity provides many helpful opportunities, but also creates a higher probability for vulnerability. Risk managers are able to stay aware of new vulnerabilities through vendor systems or services such as SANS @RISK, the National Vulnerability Database (NVD), the Open Source Vulnerability Database (OSVDB), or Bugtraq, but how do they prioritize the vulnerabilities. Certainly, risk managers need to know which vulnerabilities with the…

Continue reading

Change management is a key information security component of maintaining high availability systems. Change management involves requesting, approving, validating, and logging changes to systems. This process can bring significant benefits to an organization. Namely, it can strengthen the decision-making ability of an organization by training personnel to think fully on and evaluate changes before they are made and it provides a knowledge base of past changes and the lessons learned from situations. Information security can be divided into three sections: confidentiality, integrity, and availability, often called the CIA triad. Availability…

Continue reading

Do you think there is a right way to crash?  A system crash sounds like a bad thing all around, but there are safe ways for a system to crash and dangerous ways.  Systems can crash in a way that allows attackers to exploit the data on them or to install back doors gaining control over the system.  In a term called “Fail Secure,” systems are designed in such a way that they fail and then start up without introducing new security vulnerabilities for attackers to exploit. Let’s look at…

Continue reading

Companies collect millions of gigabytes of information, all of which has to be stored, maintained, and secured. There is a general fear of removing data lest it be needed some day but this practice is quickly becoming a problem that creates privacy and compliance risk. Some call it "data hoarding" and I am here to help you clean your closet of unnecessary bits and bytes. The news is full of examples of companies losing data. These companies incur significant cost to shore up their information security and their reputations. In…

Continue reading