Access "Relying on basic network intrusion detection systems isn't enough"
How would you know if your organization has been breached? It's actually a simple question and the answer is often an assertion of some degree of incident detection capability. However, as one CIO wryly told me during a network assessment, if he chose to spend time and money building a detection architecture that actually worked, it might somehow prove he has security problems. Unfortunately, I don't think he was entirely kidding. Despite significant advances in detection technologies, many organizations are woefully behind the times with respect to building robust capabilities to successfully identify genuine incidents. Detection is not simply a technical toolset but a complex capability, one that ideally includes well-defined technical and process domains, managed by competent staff. Weakness in any one domain severely diminishes detection effectiveness.. Unfortunately, in many organizations, detection is simply not viewed as a strategic security capability. The result is that activities are limited to deployment of signature-based network intrusion ... Access >>>
Premium Content for Free.
HITECH Act increases HIPAA security requirements
HIPAA security compliance has been a mixed bag but HITECH ups the ante
Creating meaningful information security metrics
by Andrew Jaquith, Forrester Research, Inc.
Learn how to develop an effective information security metrics program and pitfalls to avoid.
- HITECH Act increases HIPAA security requirements
Joining security information management systems with identity management systems boosts security
by Randall Gamby, Contributor
Integrating security information management systems with identity management systems ties policy violations and vulnerabilities to user activity
Knowledge-based authentication poses privacy issues
Knowledge-based authentication helps catch fraud, but the authentication technology poses customer privacy issues.
- Joining security information management systems with identity management systems boosts security by Randall Gamby, Contributor
Is HITECH Act a game changer?
The HITECH Act increases penalties for a lack of HIPAA security compliance but will it really improve health care security?
Develop an effective information security career plan
by Lee Kushner and Mike Murray
A successful career in information security requires an effective information security career plan
Relying on basic network intrusion detection systems isn't enough
Organizations must enhance network intrusion detection systems with supporting processes to uncover genuine threats
- Is HITECH Act a game changer?
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...