A well-known expression says “The right people at the right place!“. I would like to extend it to the security perimeter, saying “Use the right tool at the right place!” or “Use the right tool for the right purpose!“. Today’s security landscape is extremely large so complex! Lot of raptors are ready to deliver their [...]
|
|||||
|
|
I received yesterday a mail spam about a commercial SSH solution. The mail presented their product like this: “Find out how SSH can ease the burden of PCI DSS, SOX and other mandates and IT audits with a robust data security solution used by millions worldwide! <deleted name> delivers unparalleled Managed File Transfer and Data-In-Transit [...] “Log Management”, “SIEM”, “Correlation”, “Incident Management”, more and more organizations have a SIEM project in the pipe. SIEM means “Security Incident & Event Management“. Just to remind you, a SIEM is a set of tools which helps to collect and analyze logs from several sources on a corporate network. Basic functions of a SIEM are: [...] This afternoon I followed a webcast about the protection of your brand in the web 2.0 jungle. A fact is that the reputation of a brand built during years can be destroyed in only a few minutes! Think about that! Just to remind you, the “web 2.0″ is the huge amount of last generation websites [...] “Swine Flu”, what a hot topic! The disease continues to progress and infects more and more people every day. Medical experts estimate an exponential number of new cases due to the summer period: We travel more across countries for holidays and meet more people, increasing the risk to catch the virus and bring it back [...] When I talk to customers about monitoring, they often have a vague idea about the way to implement a solution. Monitoring must be part of your security policy. Your tools (whatever the product you choose – no name here) must help you to stick to the CIA principle: Confidentiality (to monitor the alerts sent by [...] This page about e-mail disclaimer is quite old but remains up to date. Today, all major companies attach disclaimers to their outgoing e-mails. Usually, nobody takes time to read them. You should! Some of them are really funny to not say stupid. Most of the time, disclaimers have a legal character: Even if it will [...] I got my new corporate laptop today, a Dell Latitude E6500, very nice computer. Working as a security consultant, I’m always on the road, connecting my laptop on customers or evil (free Wi-Fi access point or conference) networks . Fortunately, my company allows consultants, if they want, to manage their laptop by themselves (operating system [...] I just received an official e-mail from a security appliance manufacturer. The message was an official communication about their products line. End of 2008 (almost 2009!), I’m really surprised how this communication was handled! First, a Word document was attached to the message. Why? Word documents may carry viruses or malicious code, they are not [...] Kroll onTrack is a well-know company which performs data recovery. Once a year, they publish the top-ten of strange cases they faced during the last twelve months. “Strange”… is the right word! ;-) Check out the 2008 chart: Kroll Ontrack Top Ten Data Mishaps and Recoveries. My favorite is the number 4: “Baby Teeth – [...] |
|
|||
|
Copyright © 2010 /dev/random - All Rights Reserved |
|||||
