SECURETARGET

Category: Security Management

  • is Dark Web really dark?

    it has been relatively a long time since threat intelligence sources started to integrate what they call as “dark web” into their system of data/intelligence gathering, prioritization and delivery as a service to threat hunters. nothing really wrong with that, it is actually a reasonable and even crucial part of any threat hunting system, but…

  • what is information security management?

    information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there…

  • having something vs doing something

    There is a difference between knowing the path and walking the path, right? just because I have something, does not mean I know something, or I do something. just because there are technologies, software or tools for a thing, let’s say GDPR compliance metrics, patch management, ITIL platforms, vulnerability scanning, application security testing…and so on,…

  • are you surprised by SolarWinds hack?

    it is really funny when they call it one of the most sophisticated hacks in history and stuff like that, because it is actually one the most stupid hacks of all the times. nothing is really surprising about Solarigate or whatever they call it to me except how those companies that forever they have been…

  • human firewall

    no doubt that users are the main problem in the whole concept of cyber defense, as we call it weakest link. Now, Awareness and Training as security community typically has been doing is neither effective nor actually deliverable. Imagine we would want to continue law enforcement and public awareness by means of “Most Wanted” posted…

  • is Security inconvenient?

    we presume Security is always equal inconvenient, either form consumer point of view, or developer. as a consumer you have to remember passwords and configure stuff, and as a developer to need to make sure you put controls around authentication process and how passwords are being used. I agree that is inconvenient but are we…

  • Attacks are not advanced, we are naive!

    cyber attacks that you hear about them in news these days are not advanced at all, this is security community acting so naive and blind, knowingly and unknowingly which then implies into thinking that attacks are sophisticated. in mature industries like agriculture, professionals study their enemies and for centuries they have been able to defeat…

  • Cyber Security: The Essential Role of Internet Service Provider

    It has been logically proven to me that some elements of cyber security of any internet user is solely on shoulder of ISP but that has been the last thing we ever cared perhaps because we tend to complicate simple things! ISP is supposed to be the only owner, or main layer to internet user…

  • Fix Cybersecurity Issues vs Making Money Out of Them!

    Have we really been fixing cyber-security issues and challenges, or we just want to make money out of “lack of awareness”? The simplest analogy I can think of is cigarette and generally tabaco industry. If we really believed that those are against society and individual health, how much is cost of cancer and other complications…

  • Organic Compliance! Deep Dive into a Clause, No Matter which…

    One of the effective techniques to handle ISO 27001 or any other security management standard or framework is to go deep into a matter regardless of where you want to start or even where to are forced to start.  In practice, the main challenging question and the answer for that to many organizations, when they…