You are viewing 'Corporate Security Policy'

Late Night Security Program Weaknesses

#WarstoryWednesday

Tim Roberts

April 05, 2017 - Posted by Tim Roberts to Security Insight

Security Guard Asleep Assessment Background

Businesses that are adjacent to hotels are the best…for security consultants. When you have a high-gain wireless antenna, a rogue access point plugged into a network or able to compromise a vulnerable wireless access point, you pretty much don’t have to leave the comfort of your hotel room or parked vehicle for the assessment. I have been on a handful of these fortunate layouts and it certainly helps when staying under the radar. One of my first red team assessments had a hotel right next to the business we were assessing. The only thing separating the extended stay hotel and business was waist-high foliage, with little to no lighting or camera coverage. With this assessment, after hours testing was in scope, thus making the assessment that much easier.

On-site Social Engineering... read more >

Aligning Cybersecurity with Business Models

Matt Ireland

March 16, 2017 - Posted by Matt Ireland to Security Insight

IT Security Team

Does your organization face challenges with effectively aligning cybersecurity teams and business executives? In many organizations, it seems that business executives and cybersecurity teams don't always understand each other's roles. Executive leadership may not realize the cyber risks to their organization, such as APT threats, insider threats, espionage, phishing. Also, cybersecurity teams may not know what business systems are MOST important to protect before and during an incident. 

So how can you successfully align cybersecurity with the C-Suite, and keep the collaborative alignment effective? Before we answer that question, let's first talk about the challenges that have historically kept security and business executives out of alignment.

Strategic vision directly influences and impacts the success of implementation of cybersecurity controls. Cybersecurity MUST be positioned as a business enabler. And businesses... read more >

Prevention Blog Series

Secure Your Network: A Second Step in Security

Loren Paquette

April 14, 2016 - Posted by Loren Paquette to Security Insight

Ounce of Prevention

This blog is a continuation of the Prevention blog series. The first blog, "Four Tips to Secure Your Network," discussed prevention and four tips to immediately help secure your network. The second blog, "Scan Your Network: A First Step in Security," is the first of four steps to assist with security, and discussed ways to scan your network. This blog will cover the second step with ways to secure your network. Links to the other blogs will be provided as they are posted!

Security groups are ultimately responsible for securing our network. If it fails, it’s our fault. Blame is not our friend and casting it will not make you a good fisherman. People in general are hoping to find a mistake to justify their positions or to... read more >

Successful Security Programs: Security vs. Risk Management vs. Compliance

Who Wins?

Michael Born

March 01, 2016 - Posted by Michael Born to Security Insight

Successful Security Programs

In my time here at Solutionary as a Security Consultant, I’ve had the pleasure of seeing first-hand varying levels of maturity in information security programs. I’ve seen programs that work really well and I’ve seen some that could use quite a bit of maturing. In this blog, I’m going to attempt to identify programs that work well and how their success is achieved.

Compliance Focused Program

I have rarely seen a security program succeed when it is solely focused on meeting requirements enforced by some sort of compliance body. Don’t get me wrong, compliance should always be a part of a security program but should not be the main motivation for a security program. I’ve witnessed a lot of compliance driven programs that put compliance at the forefront of security decision making and fail for several reasons. Two of the most common ways these programs fail are described in detail... read more >

Information Security Bench Strength

Don’t let your backup player cost you the game

Jeremy Nichols

January 12, 2016 - Posted by Jeremy Nichols to Security Insight

Football Bench

It was a tough football season for all my fellow Cowboys fans. We started off with two straight wins, but once Tony Romo and Dez Bryant got injured, the promising season came crashing down. I had hoped that other players would rise to the occasion and improve each week, but the Cowboys bench wasn’t as deep as expected. As soon as Tony Romo hit the turf in the Carolina Panthers game on Thanksgiving, I knew that he had reinjured his collarbone and was likely out for the rest of the season. From previous seasons, I was worried about the, ahem, less than qualified backup quarterbacks. And unfortunately, I was right. What a difference quality backup can make.

In information security, depth and a standard skill set is an absolute must for any team, just like it should be in football. You can’t afford to have a “less than qualified backup” in security. It doesn’t matter if you’re talking about administrators, engineers, analysts,... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS