Browsing Category: Compliance

Categories: Compliance

By Andrew Storms

Let’s be clear, SAS70 should be sentenced to a quick and painful death in the bottom of a giant pit protected by 20-foot thick concrete walls where it should be buried forever, along-side other IT criminals such as Windows ME and IE6.

Read more...

There’s been a huge jump in malicious, web-based infections targeting companies in the last year, a nearly 400 percent increase from last year, according to research released today by network security company FireEye. The company’s “Advanced Threat Report – 1H 2012,” blames the jump on attackers’ ability to penetrate organizations’ usual security infrastructures.

Read more...

Categories: Compliance

By Joe GottliebIt’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path.There are some must-haves that need to be in place – or at least discussed—in order for a security metrics initiative to have any chance of success:

Read more...

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers. 

Read more...