SECURETARGET

Category: IT Management

  • what is information security management?

    information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there…

  • having something vs doing something

    There is a difference between knowing the path and walking the path, right? just because I have something, does not mean I know something, or I do something. just because there are technologies, software or tools for a thing, let’s say GDPR compliance metrics, patch management, ITIL platforms, vulnerability scanning, application security testing…and so on,…

  • Is EFS secure?

    I have seen many official statements about EFS being so insecure and we should not use it blah blah…and that is so surprising for me something from professional sources hearing a unprofessional statement, or better say, inaccurate assumption about one of the simplest and effective ways towards cryptographic practices!  Assuming you know what Encrypting File…

  • The Main Source of Cyber Threat Intelligence

    Which firm, company or solution can have the most comprehensive source of threat intelligence? The question should come to your mind when you are shopping for this security matter for any reason. Sources can have different type of data and then convert it to useful information via either active or passive mechanisms to gather intelligence,…

  • Is Whitelisting a Good Security Practice?

    Whitelisting has been for sure a relatively standard and sometimes as a hardening security measure but it depends how we implement and maintain it and where it is initially enforced.  Whitelisting could be against you if setup at the wrong spot or with inadequate supportive elements. I highly recommend whitelisting behavior rather than whitelisting elements…

  • Monitoring: The Forgotten Discipline

    Monitoring: The Forgotten Discipline

    The Myth of “Proactive” Every company claims to be proactive. They buy dashboards, automate alerts, and call it visibility. But visibility without interpretation is just noise. And noise is the enemy of monitoring. These days, the market is full of tools that promise prediction. None deliver it. They only record symptoms faster. What You Actually…

  • No Silver Bullet in Computer Security

    No Silver Bullet in Computer Security

    There is no silver bullet in any aspect of information security. All the answers like EDR, MFA, SIEM… might get you in a better or worse security posture, it all depends to how you implement and manage but none of them are silver bullet in their area (malware protection, authentication, monitoring…). It is all about…

  • Vendor Risk Assessment: Hassle or Blessing?!

    A Security Questionnaire, RFI, VRA (Vendor Risk Assessment), VR Management…helps customers identify and evaluate the risks of using a vendor’s product or service. Performing such a review is sometimes mandatory based on the industry (e.g. healthcare). During this standard business process, customer collects written information about security capabilities of a supplier and you could barely…

  • Tech Staff Justifies Incompetence!

    Have you ever listened to your tech team trying to justify all the tasks left behind, delayed or procrastinated? Do you have an IT team brining excuses for every project there are facing and try to blame everything except the root cause? Then you are not alone! Here is a known list of IT staff…

  • Simple Sign of Security Program Has Already Been Failed

    The simple sign is your Trust and Confidence: Do you have faith in your security program?   For a moment be honest and ask yourself: am I confident with my company security program? Do I have faith in our security team? Do they really know what they are doing? Does my information security officer worth pay…