HackDig : Dig high-quality web security articles for hackers

How to Draft an Incident Response Policy

Section 1. IntroductionSimultaneously with their growing online presence, companies and individuals become increasingly susceptible to cyber-security attacks. Most organizations prefer to avoid and mitigate the damage caused by such attacks by establishing and implementing information security policies and plans.When drafting information security polic
Publish At:2017-09-18 17:00 | Read:4028 | Comments:0 | Tags:Management Compliance & Auditing

Entry Level Risk Management: Creating a First Security Risks Register

Organizations of all sizes apply risk management to their operations. In larger ones, this will normally be through a formal Enterprise Risk Management (ERM) methodology. An ERM can ensure higher level risks are left to senior managers, with lower-level risk decisions delegated to qualified people (i.e. through experience and training). In smaller orga
Publish At:2016-07-15 12:10 | Read:3864 | Comments:0 | Tags:Management Compliance & Auditing

Legal Issues of New and Emerging Technologies

1. INTRODUCTION    12. PRIVACY ISSUES    12.1 Security vulnerabilities threatening the privacy of NET users    12.2 Using NET for unlawful surveillance    12.2.1 Unlawful use of beacons    12.2.2 Unlawful collection of personal data through social networking platforms    12.2.3 Unlawful use of RFID technology    13. ISSUES RELATED TO GATHERING EVIDENCE
Publish At:2016-02-24 20:05 | Read:5834 | Comments:0 | Tags:Management Compliance & Auditing

SAP Afaria Security: Attacking Mobile Device Management (MDM) Solution

It is known that the BYOD trend is changing the way enterprises are managed, delivered, and, most importantly, secured. While BYOD has its benefits, such as increased productivity, it poses security risks to the organization because of connections with the corporate network and access to corporate data. To minimize the threats, businesses should adopt
Publish At:2016-02-01 11:25 | Read:6103 | Comments:0 | Tags:Management Compliance & Auditing

Why ITIL, COBIT and Other Non-Infosec Based Frameworks Are Infosec’s Best Friends

As a current or aspiring security professional, you will know of a range of information security frameworks and enablers. These might include standards, e.g. ISO 27001, PCI DSS; risk management methodologies, e.g. Octave, IRAM 2, and security specific guidelines, e.g. the NIST Special Publications (SP) 800 series and Federal Information Processing Stan
Publish At:2016-01-26 10:45 | Read:4414 | Comments:0 | Tags:Management Compliance & Auditing

Breaking Bad Behavior: Why Non-SIEM Behavioral Analysis May Not Be All It’s Cracked Up to Be

Executive SummaryBehavioral Analysis is becoming a huge buzzword in the IT and Information Security industries. With the idea that you can automatically determine whether or not what’s going on within your network is legitimate or not is a huge benefit to any organization. But, challenges exist. The sheer volume of data available makes finding at
Publish At:2016-01-19 16:00 | Read:5525 | Comments:0 | Tags:Management Compliance & Auditing

Tips for Being a Pragmatic CSO

The cybersecurity landscape is ever-changing, with new threats and technologies appearing every single day. There are more data breaches than ever, more compliance guidelines, and more new technology to secure in the workplace that has the potential to be misused by untrained employees. So why, then, does senior management tend to see security as an ov
Publish At:2015-10-21 08:50 | Read:4771 | Comments:0 | Tags:Management Compliance & Auditing