You are viewing 'security team'

Aligning Cybersecurity with Business Models

Matt Ireland

March 16, 2017 - Posted by Matt Ireland to Security Insight

IT Security Team

Does your organization face challenges with effectively aligning cybersecurity teams and business executives? In many organizations, it seems that business executives and cybersecurity teams don't always understand each other's roles. Executive leadership may not realize the cyber risks to their organization, such as APT threats, insider threats, espionage, phishing. Also, cybersecurity teams may not know what business systems are MOST important to protect before and during an incident. 

So how can you successfully align cybersecurity with the C-Suite, and keep the collaborative alignment effective? Before we answer that question, let's first talk about the challenges that have historically kept security and business executives out of alignment.

Strategic vision directly influences and impacts the success of implementation of cybersecurity controls. Cybersecurity MUST be positioned as a business enabler. And businesses... read more >

Developing a Strong Application Security Program: Part 2

The Agile Movement

Michael Born

September 29, 2016 - Posted by Michael Born to Security Insight

In my previous blog, Developing a Strong Application Security Program: Part 1, I looked at aspects of a successful application security program as it pertains to a more traditional waterfall Software Development Life Cycle (SDLC). In part two of this series, I’ll focus more on an agile-based SDLC and options for implementing a successful application security program.

Let’s briefly describe some of the differences between a traditional waterfall SDLC and agile SDLC. In a waterfall SDLC, there are clear project objectives through each phase of development. Typically, each project consists of several phases: planning, design, coding, and finally testing. Security teams are injected into the phases and should have sign-off authority on each phase before the project continues to the next. I detailed security’s role in this... read more >

Developing a Strong Application Security Program: Part 1

Michael Born

August 18, 2016 - Posted by Michael Born to Security Insight

InfoSec Employees

As a Security Consultant for NTT Security (US), Inc. Professional Security Services, I have the privilege of witnessing many application security programs. I see programs that work great, are healthy, and handle risk management very well. Then there are programs that have either missed the mark completely, or are healthy but have some maturing to do.

In this blog I’ll be focusing on organizations or development teams that use a more traditional “waterfall” style approach to application development. I’ll attempt to identify traits of a healthy application security program in order to provide ideas for programs that could use some maturing. If your organization uses a more modern “agile,” “iterative,” or “kanban” style of development we will address those specific challenges in Part 2 of the series.

I’m sure many of us have heard that successful... read more >

Prevention Blog Series

Secure Your Network: A Second Step in Security

Loren Paquette

April 14, 2016 - Posted by Loren Paquette to Security Insight

Ounce of Prevention

This blog is a continuation of the Prevention blog series. The first blog, "Four Tips to Secure Your Network," discussed prevention and four tips to immediately help secure your network. The second blog, "Scan Your Network: A First Step in Security," is the first of four steps to assist with security, and discussed ways to scan your network. This blog will cover the second step with ways to secure your network. Links to the other blogs will be provided as they are posted!

Security groups are ultimately responsible for securing our network. If it fails, it’s our fault. Blame is not our friend and casting it will not make you a good fisherman. People in general are hoping to find a mistake to justify their positions or to... read more >

The Seven Deadly Sins of Business and Information Security Alignment

George Hulme

January 14, 2016 - Posted by George Hulme to Security Insight

Business and Security Professionals

There are many challenges to getting a cybersecurity program right. The right technology must be deployed, managed, and tuned just right. CISOs and security managers must be able to get the executive support and budget they need to execute their plans, and their plans have to be well crafted. Not to forget that nearly everyone in the organization has to be security conscious and savvy, as nearly any organization is one phishing attack click away from being compromised.

With that in mind, security managers (and their teams) don’t need to make enemies of themselves. But they often do, and they end up setting back their own efforts as a result. Here are seven very common ways IT security sabotages its own efforts.

The Roadblocker: This is the security manager who has turned the CISO office into the “Office of No.” No wireless. No cloud. No worker is to use the mobile devices of their choice. It’s the best known way to lose... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS