Governance & Risk Management Archives

Information Security Management System

Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again. (more…)

Where does Data Loss Prevention (DLP) fit into a Risk Management Framework?

As stated in a previous post, effective Data Loss Prevention (DLP) will be an important component of an overall Risk Management Framework. The Risk Management framework should include the following: (more…)

Data Classification

Data Classification – Determining what constitutes “sensitive data” is usually not a difficult thing for most people. For me personally, it would be my social security #, my account information – banking, credit card information. And, sadly as the years go by, my birthdate is getting to be more sensitive… (more…)

Cyber Security Awareness Training – It’s the smart thing to do!

Cyber Security Awareness Training – There is plenty of technology that can be applied in all manner of ways to help protect against a breach, but if the employee culture doesn’t embrace being mindful of security, it makes the CISO’s job a little harder. (more…)

Configuring Log Event Source Series – Sun Solaris (7, 8, 9 & 10)

Configuring Log Event Source Series – Sun Solaris (7, 8, 9 & 10), Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server. (more…)

Best Practices Series: VMware Storage Management Best Practices

Welcome for another blog post in our cyber security best practices series. (more…)

Best Practices Series: Virtual Networking for VMware

Best Practices – A growing number of organizations are now standardizing in a virtualized server deployment and they want to consolidate servers that belong to different trust zones. A trust zone is loosely defined as a network segment within which data flows relatively freely, whereas data flowing in and out of the trust zone is subject to stronger restrictions. The introduction of virtual technology does (more…)

Configuring Log Event Source Series – IBM AIX

Welcome to our first post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server.

This configuration instruction contains the following information for configuring an IBM AIX event source. The tested platform is based on IBM AIX version 4.x and 5.x (Security and Authentication messages only).

By default, an AIX system will not (more…)

Configuring Log Event Source Series – HP UX

Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX. (more…)

Best Practices for Achieving PCI DSS Compliance

The Payment Card Industry Data Security Standard, or PCI DSS, provides a well-defined list of security requirements, but many organizations are left with more questions than answers when it comes to determining how best to address each requirement in a (more…)

Previous 242526 Next