Qmunity: Your Colleagues. Your Connections. Your Content.
Sign in
|
Join
|
Help
|
NetIQ.com
H
OME
B
LOGS
F
ORUMS
N
OTIFICATIONS
G
ROUPS
N
ETIQ
S
UPPORT
Security Web
Home
Contact
Follow Us
Follow us on Twitter
Follow us on Facebook
Syndication
RSS for Posts
Atom
RSS for Comments
Email Notifications
Go
Recent Posts
Reliance on AntiVirus Software: The Real Failure of PCI DSS
Report Ties Abysmal Compliance Stats with Data Breaches...
VMware wants to be your Cloud Computing Vendor...
Secure Open Source Cloud Computing! Does OpenStack Stack Up?
Cumulo-Hypus (Or is the "cloud" all hype?)
Tags
Access Control
Change Control
Cloud Computing
Compliance
Credit Card Data
Data Breach
Data Protection
Data Security
Forrester Research
Gartner
Geoff Webb
Heartland
Heartland Breach
Insider Attack
IT process automation
NetIQ
PCI
PCI DSS
PCI Standards Council
RSA
RSA Conference
SC Magazine
Secure Configuration Manager
Security
Virtualization
View more
Archives
August 2010 (3)
July 2010 (2)
June 2010 (6)
May 2010 (3)
April 2010 (3)
March 2010 (8)
February 2010 (4)
January 2010 (1)
December 2009 (1)
November 2009 (1)
October 2009 (1)
September 2009 (2)
August 2009 (3)
July 2009 (3)
June 2009 (3)
May 2009 (5)
April 2009 (7)
March 2009 (6)
February 2009 (8)
January 2009 (10)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
Reliance on AntiVirus Software: The Real Failure of PCI DSS
As I discussed in my last post , the Verizon RISK Team 2010 Data Breach Investigations Report ties poor rates of compliance with PCI DSS to data breaches. Specifically, 79% of the organizations that suffered breaches and were subject to PCI DSS were not...
Published
Mon, Aug 23 2010 12:49 PM
by
Todd Tucker
Filed under:
PCI DSS
,
Compliance
,
File Integrity Monitoring
,
FIM
,
Verizon RISK Team
,
Data Breach Report
,
AntiVirus
,
physical compromise
,
malware
,
hacking
Report Ties Abysmal Compliance Stats with Data Breaches...
I finally had the time to read the Verizon RISK Team 2010 Data Breach Investigations Report , which was published a few weeks ago. I had found last year’s report very insightful, as it provides a detailed analysis of their investigations of hundreds...
Published
Tue, Aug 10 2010 11:16 AM
by
Todd Tucker
Filed under:
PCI DSS
,
Credit Card Data
,
HIPAA
,
Verizon Breach Report
,
Database Activity Monitoring
,
NERC
,
compromised records
,
Verizon RISK Team
,
Data Breach Report
,
HITECH
VMware wants to be your Cloud Computing Vendor...
Choice is a balancing act; too much and customers may be overwhelmed; too little and customers are locked in to a certain vendor. In terms of security, a single vendor may degrade into what has been cleverly termed a monoculture . As has been pointed...
Published
Thu, Aug 05 2010 12:05 PM
by
Garve Hays
Filed under:
Virtualization
,
Geoff Webb
,
Cloud Computing
,
Red Hat
,
VMware
,
OpenStack
Secure Open Source Cloud Computing! Does OpenStack Stack Up?
In a previous entry , I mentioned standardization for "cloud" computing. So I was happy to see the New York Times Bits technology blog run an article on the launch of OpenStack from Rackspace . As a customer, I always insist on a published specification...
Published
Thu, Jul 22 2010 4:45 PM
by
Garve Hays
Filed under:
Virtualization
,
Cloud Computing
,
Google
,
VMware
,
Standards
,
Amazon
,
OpenStack
Cumulo-Hypus (Or is the "cloud" all hype?)
I actually find myself agreeing with Larry Ellison ... But I guess he is right once in a while! Maybe that is why he can take some time off work to go win the Americas Cup . But I digress... I too think there is a lot of hype around the "cloud."...
Published
Fri, Jul 02 2010 1:28 PM
by
Garve Hays
Filed under:
Security
,
Geoff Webb
,
Cloud Computing
,
NIST
Administering servers in “the cloud”?
I'm no Cliff Stoll , but several years ago, I did catch someone breaking into my system . In the mid 1990s, I administered the servers for a small Internet service provider (ISP). We had received several complaints that service was slow. As I investigated...
Published
Fri, Jun 18 2010 1:34 PM
by
Garve Hays
Filed under:
Security
,
Virtualization
,
Geoff Webb
,
Cloud Computing
,
CERT
Where’s my Super Suit… Errr… User Password?
In the movie " The Incredibles ," as the tentacled robot creates a path of destruction, Lucius Best, better known as Frozone, is scrambling around his apartment exclaiming " Where's my super suit ?" In computer security, the super...
Published
Fri, Jun 11 2010 9:07 AM
by
Garve Hays
Filed under:
Security
,
Password
,
Principle of Least Privilege
Does Your Car Key Open Your House?
I was working with a colleague the other day and watched as he logged on to several Windows servers over Remote Desktop. In each case he typed in a username and password; it was painful to watch! Hadn't he ever heard of Windows Credential Manager...
Published
Tue, Jun 08 2010 7:05 AM
by
Garve Hays
Filed under:
Security
,
Active Directory
,
Windows Credential Manager
,
Password
,
Keychain
,
IE Credential Cache
,
Password Safe
,
KeePass
,
Firefox Password Manager
Bad rap for Microsoft Security
I may not always agree with Microsoft's comments on security, but I think they sometimes get a bad rap, and in this case , I have to say that I'm not sure that "security concerns" are the full story. The short version is that Google...
Published
Mon, Jun 07 2010 12:30 PM
by
Geoff Webb
Filed under:
Security
,
Info Security Magazine
,
Google
,
Microsoft
Compliance is “Hot”: And we’re not the only ones who think so!
It’s the beginning of June in Houston, Texas (where NetIQ is headquartered) and it’s starting to get HOT! But, we’ve recently had some exciting news from the good folks at SC Magazine regarding NetIQ Secure Configuration Manager , our...
Published
Mon, Jun 07 2010 10:47 AM
by
Renee Bradshaw
Filed under:
PCI DSS
,
SC Magazine
,
Compliance
,
Secure Configuration Manager
,
HIPAA
,
PCI
,
FDCC
,
PCI Standard
,
SOX
,
NERC CIP
,
NERC
,
TechEd
What security customers want…Hint: It’s not necessarily world peace
I’ve just spent an eventful week in the southeast United States visiting with some security and compliance customers. Those of you familiar with my blog know that I’m a relative newcomer to this market, having cut my teeth and spent (or mis...
Published
Thu, Jun 03 2010 12:59 PM
by
Renee Bradshaw
Filed under:
Security
,
Compliance
Security, Compliance, Chicken, Egg, and who turned out the lights?
It's a common theme - good security should make compliance easier (and cheaper) but you have to show how whatever you're doing helps meet some compliance mandate, otherwise it won't get funded. So, you start with compliance and work back to...
Published
Thu, May 20 2010 2:27 PM
by
Geoff Webb
Filed under:
Security
,
Compliance
,
Enterprise Systems Journal
,
NERC CIP
Database Activity Monitoring: Defender of the Corporate Database
The next time you’re tempted to “borrow” your co-worker’s subscriber log-in information for Hoover’s , consider the plight of Goldman Sachs. In early May, the company was slapped with $3 million lawsuit by Ipreo Holdings...
Published
Tue, May 18 2010 4:33 PM
by
Renee Bradshaw
Filed under:
Data Breach
,
Compliance
,
Data Breach Notification Act
,
CSI
,
Data Protection
,
Verizon Breach Report
,
Data Security
,
Database Activity Monitoring
Measuring Performance, or, well, anything
I talked recently to Holly Dolezalek over at Processor Magazine about metrics for things like performance and end-user experience. She was kind enough to print some of my commentary in her excellent piece published today. One area where we didn't...
Published
Fri, May 07 2010 2:34 PM
by
Geoff Webb
Filed under:
Security
,
Security Metrics
,
Holly Dolezalek
,
Processor Magazine
It's all about the data. Here's to SB-1186
It doesn't matter what mandate is your current headache-du-jour - PCI , HIPAA (ok, someone must be worried about it), NERC CIP , SOX or some other acronym , the fact is security of critical data should be the overarching theme. It's all about...
Published
Mon, Apr 26 2010 6:25 AM
by
Geoff Webb
Filed under:
Security
,
Data Breach
,
Information Week
,
Data Protection
,
PCI
,
Data Security
,
George Hulme
,
HIPPA: NERC CIP
,
SOX
,
SB-1186
1
2
3
4
5
Next >
...
Last »
Home
|
Terms of Use
|
Privacy Policy
|
NetIQ.com
|
Attachmate.com
NetIQ, an Attachmate Business