The Truth About Regulatory Compliance

By Steven Fox, Founder of SecureLexicon

Given the business impact of regulations like PCI DSS, Sarbanes Oxley, and GLBA, this is understandable. While savvy business leaders understand the limitations of these guidelines, there are among us less enlightened individuals who view these as a cure for organizational security issues.

Black Hat: Articulating the Value of Security

By Steven Fox, Founder of SecureLexicon

How do we market security? The cyber-bullies among us might still use Fear, Uncertainty, and Doubt. While this may produce short term acquiescence, that approach ultimately alienates us from the decision makers. Ultimately, security professionals must identify what is valuable to the business and then associate the need for security with those assets

Anti-Malware Strategy Crucial for Businesses

By Steven Fox, Founder of SecureLexicon

This is the first part of my Black Hat interview with Andrew D. Hayter, Anti-Malcode Program Manager for ICSA Labs. In this installment, Mr. Hayter highlights the challenges businesses face in mitigating malware-related risks.

Black Hat: Risk and Application Security

By Steven Fox, Founder of SecureLexicon

The majority of IT security spending is focused on perimeter security. These measures are reactive in nature. “With the advent of Web Services and SOA, the attack surface is more exposed and is getting more complex. The more complex a system is, the easier it is to compromise. Security should be considered early in the software development process.

• Categories

  • Anthony M. Freed (25)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (539)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (103)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (591)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (300)
  • Fame Foundry (1)
  • FEATURE ARTICLE (427)
  • Financial (577)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (363)
  • Greg George (5)
  • H1N1 (15)
  • hackers (529)
  • healthcare (124)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (525)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (28)
  • Insider Threat (480)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (61)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (491)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (201)
  • national security (443)
  • PCI (299)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (542)
  • Rachel James (10)
  • reach (2)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (492)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (7)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (13)
  • Tripwire (18)
  • Uncategorized (620)
  • virtualization (91)
  • Webcast (48)

• ISR Headline Index

  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers
  • Risk Based Enterprise Compliance Programs
  • Data Loss Prevention Has Jumped the Shark
  • File-Sharing Software Threat to Health Privacy

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs