security audit

RSS

  • Fail a security audit already -- it's good for you

    Posted October 4, 2011 - 12:24 pm

    Failing an audit sounds like the last thing any company wants to happen. But that's because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing whether enforcement of security matches the policies. In the broader context, though, an audit is a means to avoid a breach by learning the lesson in a "friendly" exercise rather than in the real world. If the audit is a stress-test of your environment that helps you find the weaknesses before a real attack, you should be failing audit every now and then. After all, if you're not failing any audits there are two possible explanations:

  • More hacks show Sony hasn't figured out what 'fix your security' actually means

    Posted May 26, 2011 - 10:14 am

    The list of major Sony data breaches is approaching double digits, all apparently due to SQL attacks against flaws it should have fixed on all its sites after it got pwned the first time.

  • Best Time to Perform a Comprehensive Security Audit

    Posted December 4, 2009 - 4:35 pm

    Companies should perform a very thorough IT audit every four years evaluating every system plus backup and restore, disaster recovery, and emergency procedures, says Michelle Johnston Sollicito, an e-business consultant and author.

  • Inside a data leak audit

    Posted May 11, 2009 - 11:19 am

    When the director of IT at a Boston-based, midsize pharmaceutical firm was first approached to participate in a data leakage audit, he was thrilled. He figured the audit would uncover a few weak spots in the company's data leak defenses and he would then be able to leverage the audit results into funding for additional security resources. But he got way more than he bargained for.

  • Most common data leak violations

    Posted May 11, 2009 - 11:16 am

    With more than two decades of security audits under his belt, Networks Unlimited President Harry Segal has seen it all. Here are the most common violations he encounters.

  • A tale of two PCI security audits

    Posted December 9, 2008 - 2:06 pm

    Ask security professionals what the most painful part of PCI security compliance is and most will start grousing about the auditors.

Ask a Question