Table of Contents:
• A CIO’s Approach to Developing a Security Framework 101
• Penetration Testing Applications
• Practical Security: Browser Security Settings
• Upcoming Events
• Achieving Comprehensive PCI DSS 3.0 Compliance
• The SG Community
A CIO’s Approach to Developing a Security Framework 101
One of the biggest questions we always get asked by CIOs and other senior business management in regards to Information Security and IT Risk Management is where to begin. Do you focus on purchasing security tools first, developing policies and standards or getting an audit done and working from the results of that audit?
From our experience, while all of the above can assist in some way, developing a framework about how you will think about your security position is the number one priority before you make a major investment in tools, your staff’s time or the costs of hiring consultants. You may find that a lot of the costs you estimated originally may not be needed.
It’s not news that any entity that processes, transmits or stores account data, or can impact the security of cardholder data environment, is required to be compliant to PCI DSS 3.0. However, the business benefits of the security framework — a more secure network, protection of corporate brand and reputation, reduced risk of successful data breaches and network attacks — can easily be overshadowed.
(a long time parter of Securus) combines the power of configuration control and deep file integrity monitoring (FIM) with comprehensive log and security information event management capabilities to help deliver continuous and unmatched PCI DSS compliance. The above white paper serves as a useful guide for security personnel who want to learn how Tripwire® Enterprise, Tripwire Log Center® and Tripwire IP360™ could assist in meeting PCI DSS requirements. Qualified Security Assessors (QSAs) might find this document useful as well, as it highlights the areas of the PCI DSS requirements that can be verified and met by those solutions.
Download whitepaper here:
Latest SG Newsletter is now available. Featuring;
How I got root with Sudo – Solutions!
Enhancements to Imperva’s SecureSphere 10.5 Platform
Does Spear Phishing Work?
Careers with Securus Global
Securus Global – Community
We hope you enjoy reading the case studies in this months newsletter.
We’ve included a variety of articles to appeal to the range of our stakeholders, from the technically minded to the executive levels and everything in between. Eg:
* Board communications security and the move to mobile technologies
* How I got root with Sudo
* Security Pitfalls of a Shared Portal
* Tripwire – Security Configuration Management
* Securus Global – Community
This months edition is jam packed full of articles, including:
* Testing New Technologies – Smoke Detection, Alarms, CCTV etc.
* Cracking .NET Membership Password Hashes
* The “most asked question” – What should companies do to minimise their security risks?
* Upcoming Events – Breakfast Brief
* Mitigate DDoS Attacks with Cloud & On-Premise DDoS Protection
* 5 Critical Steps of a Complete Security Risk & Compliance Lifecycle
* What makes good application security knowledge?
* New Securus Global Social Engineering Services
* Industry Round-up
* Securus Global – Community
Securus Global’s approach to minimising your risks…
By now, you have probably read about the Target security breach: (Nothing new… this happens all the time).
At Securus Global, we are frequently asked by our clients how hackers compromise companies and in turn,
what can be done to minimise the risk of it happening to their own organisation.
By hiring the likes of Securus Global to test your systems in testing, pre-production and/or post production, we’ll be able to highlight any potential exposures you have and issue advice on how to fix them and ways to make you more resistant to such breaches all together.
Better yet, we would rather help you be in a position that your risks are identified beforehand, or even not to be there in the first place.
This is why in early 2014,
we’re offering client workshops
to explain the anatomy of such attacks and how the hackers are attaining this information from your companies.
These are 1-2 hour informal sessions (no cost), where we talk about what we have seen in the last 10 years, how the attacks are planned and take place but most importantly, what you can do to minimise the chances of this happening to your company.
Our latest newsletter is now available!
Bang for Bucks Security Investment
The Death of New Services and Consumer Confidence
Social Engineering – Should you test?
Framework for Security Standards
The “Act” of Privacy – A 10 minute guide to becoming an expert…
Qualys Webex Training – Vulnerability Management
Securus takes on MOvember!
Check out our latest Securus newsletter to see what’s been happening in the security sphere. From mandatory disclosure of data breaches, to vulnerability management, a review of penetration testing to changes in the PCI standards, in this issue, there is something of interest for everyone!