HackDig : Dig high-quality web security articles for hackers

Stop Wasting Your Time and Money with a “Checkbox” SCM Solution

By now, we know a lot about secure configuration management (SCM). We know the way it works, the integral processes of which it consists, the areas of your IT infrastructure that it can help secure as well as the different types of best practice frameworks and regulatory compliance standards with which it can help you to maintain compliance. All we’re missin
Publish At:2020-09-30 12:20 | Read:159 | Comments:0 | Tags:Featured Articles Security Configuration Management audit Co

The Center for Internet Security (CIS) Use Cases and Cost Justification

Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.”  In football, as in life and IT Security, starting with the basics is the most important step you can ta
Publish At:2020-08-07 00:40 | Read:375 | Comments:0 | Tags:Featured Articles Security Controls audit Center for Interne

Understanding the Purpose of Security Controls and the Need for Compliance

What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want to go?”What Is the Purpose of Controls and a Compliance Program?W
Publish At:2020-07-02 00:24 | Read:558 | Comments:0 | Tags:Featured Articles Security Controls audit Complaince IT Cont

Caveat Emptor: Identifying Insider Threats Acquired From Mergers and Acquisitions

With all the industry studies, articles and literature related to insider threats, it is baffling to see that very few have focused on how insider threats are acquired — in fact, paid for — during a merger and acquisition process. Organizations are so fixated on driving profits and staying competitive that they gobble up any tangible asset they can. Compani
Publish At:2017-08-02 12:30 | Read:5235 | Comments:0 | Tags:Risk Management Acquisition audit Insider Threat Risk Risk A

Security audit reveals critical flaws in VeraCrypt, promptly fixed with a new release

“VeraCrypt is much safer after this audit, and the fixes applied to the software mean that the world is safer when using this software.” The security researcher Jean-Baptiste Bédrune from Quarkslab and the cryptographer Marion Videau  have discovered a number of security vulnerabilities in the popular encryption platform VeraCrypt. A new audit of
Publish At:2016-10-18 19:15 | Read:3608 | Comments:0 | Tags:Breaking News Hacking Security Audit encryption TrueCrypt Ve

Why Technology Automation Is a Sure-Shot Way Of Strengthening Your Security Posture

When we traditionally think of the benefits of ‘automation,’ we think of ‘improved quality and efficiency; and savings in time, cost and energy.’ One often overlooked benefit that can be achieved from this is the mitigation of risk and the enhanced security.According to a recent study by AlgoSec (State of Automation in Security, Sprin
Publish At:2016-09-09 02:40 | Read:4807 | Comments:0 | Tags:Featured Articles IT Security and Data Protection audit Auto

Security issues in DHS systems potentially exposes confidential data at risk

Despite DHS components have strengthened coordination in performing their cyber missions a recent audit made by the OIG has found several security issues. Among the missions assigned to the DHS there is the coordination of activities related to the prevention, mitigation and recovery from cyber incidents, the Department also o
Publish At:2015-09-17 15:30 | Read:5654 | Comments:0 | Tags:Breaking News Reports Security Audit awareness cyber securit

Is Compliance Bad for Security?

Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure.Having worked in the industry for more than a decade, I know that this is demonstrably not true. My hypothesis is that compliance and security n
Publish At:2015-02-27 09:25 | Read:5082 | Comments:0 | Tags:Featured Articles Regulatory Compliance audit compliance

The Top Five NERC CIP Audit Fails

The power and electric industry has one underlying mission: the reliable delivery of electricity. Many in the industry see audit requirements, such as the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards to be a major distraction from their core mission. Nevertheless, the industry is m
Publish At:2014-10-22 10:35 | Read:3941 | Comments:0 | Tags:NERC CIP Regulatory Compliance audit CIP _NERC

My WordPress Website Was Hacked

Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly employed hosting companies. From Virtual Private Servers (VPS) to shared environments, to managed environments. In most instances we pay and configure them like any other consumer would so that we aren’t given an
Publish At:2014-08-28 01:30 | Read:5620 | Comments:0 | Tags:Audit awareness brute force hacked hacked site Malware malwa

What Leading Analysts Are Saying about IBM’s Acquisition of CrossIdeas

IBM recently acquired CrossIdeas, adding to the IBM Security Systems division and its existing identity and access management (IAM) portfolio. Prior to this acquisition, the company had already partnered with IBM in the Ready for IBM Security Intelligence program, and it integrated its identity and access governance solution platform with the IBM Security Id
Publish At:2014-08-23 04:40 | Read:5016 | Comments:0 | Tags:CISO Identity & Access access governance Acquisition audit c


Tag Cloud