HackDig : Dig high-quality web security articles for hackers

Understanding the Purpose of Security Controls and the Need for Compliance

What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want to go?”What Is the Purpose of Controls and a Compliance Program?W
Publish At:2020-07-02 00:24 | Read:156 | Comments:0 | Tags:Featured Articles Security Controls audit Complaince IT Cont

The CSA IoT Security Controls Framework

Building the Case for IoT Security FrameworkThe Internet of Things (IoT) is growing in technical, social, and economic significance. ENISA defines the increasingly complex IoT systems as “cyber-physical ecosystem[s] of interconnected sensors and actuators, which enables intelligent decision making.” These technologies collect, exchange and process data in or
Publish At:2020-07-01 01:14 | Read:92 | Comments:0 | Tags:Internet of Things Security Controls IoT security Security F

Foundational Controls Make the Hard Things Easier to Do

Let’s begin with a short story. Imagine that we have two large organizations in the public sector. These entities are very similar. Both are on the receiving end of cyber threats. Both adhere to multiple compliance standards. And both need to ensure that their IT systems are functioning and working as planned.But they’re not entirely the same. Take Organizat
Publish At:2020-06-26 01:36 | Read:124 | Comments:0 | Tags:Security Controls compliance Foundational Controls

How Zero Trust Will Change Your Security Design Approach

As a security architect within IBM Security Services, I often get asked the question, “What exactly is a Zero Trust architecture?” Well, there is no single or unique answer to that question for two reasons. First, Zero Trust is not an architectural model but rather a set of guiding principles that should be applied to existing and new designs. W
Publish At:2020-06-04 08:30 | Read:254 | Comments:0 | Tags:Security Services Zero Trust Access Management Enterprise Se

Cybersecurity in Education (K-12) with the CIS Controls

Why is cybersecurity important to Education?Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily available do
Publish At:2020-04-14 00:05 | Read:452 | Comments:0 | Tags:Security Controls cis controls data security Education ranso

A Fast Start to Your Security Immune System

There has been a lot of talk about the importance of building a holistic security immune system. That is, an intelligent, integrated way to protect a network using information from many different sources, all of which is ingested by powerful analytics tools to help correlate, prioritize and act on security incidents. When I put together security transformati
Publish At:2017-05-14 01:10 | Read:3656 | Comments:0 | Tags:CISO Network Risk Management Compliance Data Protection immu

Is Security Ready for the Next 20 Years of Technology?

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts.I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that consumed two
Publish At:2017-03-15 23:30 | Read:8481 | Comments:0 | Tags:Featured Articles Security Awareness Security Controls secur

Applying the Risk Management Framework

What is the Risk Management Framework?To sum up, the Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004.This was the result of a Joint Task Force Tra
Publish At:2017-02-22 01:15 | Read:8492 | Comments:0 | Tags:Featured Articles Security Controls risk RMF security

Why 53 Percent of Banks Think Security Controls Negatively Impact Customer Experience

How do you tell if a legitimate customer or a fraudster is signing into your online banking platform? How do you know if the authentication measures your organization is using are effective? How important is it to your organization to provide a seamless customer experience while maintaining adequate security controls? The Problem With Customer Security These
Publish At:2017-02-02 20:55 | Read:3758 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Bank Fraud Ban

Summer Security Interns: Tripwire’s Perspective

In 2015, Tripwire partnered with FIRST Robotics to bring on summer interns from local high schools. Our goal was to teach the students about various aspects of information security on both the offensive and defensive side.The goals I set out for our interns in 2015 were a bit lofty, to say the least. I had planned on teaching them about the various tools in
Publish At:2016-09-20 12:40 | Read:5041 | Comments:0 | Tags:Off Topic FIRST Robotics robot Security Controls SSL Verizon

How Lackadaisical Software Management Can Jeopardize Your Endpoint Security

Today, organizations can best defend against digital threats by practicing endpoint discovery. Knowing exactly which devices are installed on a network provides security professionals with key intelligence for effective incident response. Indeed, information security teams who lack that knowledge might fail to detect or contain an intrusion before it escalat
Publish At:2016-08-01 06:10 | Read:3569 | Comments:0 | Tags:EDR Featured Articles Network security Security Controls

Penetration Testing: Do We Need a New Term?

I am a penetration tester by trade. What does that mean I do in my day-to-day?Well, that depends on whom you ask, as it is open to interpretation. Penetration testing means different things to different people. What it meant a decade ago is different from what it means today, and that will be different from what it means a decade from now. So, maybe what we
Publish At:2016-07-22 08:30 | Read:3950 | Comments:0 | Tags:Events Featured Articles BSidesLV Infosec penetration testin

8 Top Tips for Successfully Implementing your Security Control

Have you discovered a security gap? Have you found a possible solution? Have you received funding for it?If you answered ‘yes’ to all of the above, you’re half way to successfully implementing a new control. Here are some other (often overlooked) actions you should consider to ensure the success of your project:1. Be sure the solution solv
Publish At:2016-01-05 08:05 | Read:3655 | Comments:0 | Tags:Featured Articles Security Controls Infosec Top Tips

3 Positive Signs for Better Security in Cloud Computing

Whether you’re a large corporation, a nonprofit organization, or an everyday person who wants to share your data with others, you’ve probably jumped on the cloud phenomenon already.Amazon’s cloud, the iCloud, and a range of others have interconnected the world with speed, efficiency and convenience. However, this system has earned a notorious reputati
Publish At:2015-12-29 13:20 | Read:4658 | Comments:0 | Tags:Featured Articles Security Controls Cloud cloud security Inf

The Agent vs Agentless Debate – Part 2: The Operations Side

This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective. In part 2, I offer advice that considers the implementation and ongoing operations management.Let’s look at operational considerations t
Publish At:2015-12-23 12:40 | Read:3872 | Comments:0 | Tags:Featured Articles Security Controls Agent Agentless Operatio


Share high-quality web security related articles with you:)