Whitelisting has been for sure a relatively standard and sometimes as a hardening security measure but it depends how we implement and maintain it and where it is initially enforced. Whitelisting could be against you if setup at the wrong spot or with inadequate supportive elements. I highly recommend whitelisting behavior rather than whitelisting elements… Continue reading Is Whitelisting a Good Security Practice?
Category: Security Management
Why Common Vulnerability Scanning Practice is Useless?
I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful! Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional… Continue reading Why Common Vulnerability Scanning Practice is Useless?
No Silver Bullet in Computer Security
There is no silver bullet in any aspect of information security. All the answers like EDR, MFA, SIEM… might get you in a better or worse security posture, it all depends to how you implement and manage but none of them are silver bullet in their area (malware protection, authentication, monitoring…). It is all about… Continue reading No Silver Bullet in Computer Security
Accurate Vendor Risk Assessment
How to have an accurate vendor risk assessment? Assessing your vendors, suppliers, business associates…or any other term you give to who is providing services to your firm is crucial and even might be required from a regulatory stand point (i.e. like in HIPAA). I do not want to get into detail of what would be… Continue reading Accurate Vendor Risk Assessment
Vendor Risk Assessment: Hassle or Blessing?!
A Security Questionnaire, RFI, VRA (Vendor Risk Assessment), VR Management…helps customers identify and evaluate the risks of using a vendor’s product or service. Performing such a review is sometimes mandatory based on the industry (e.g. healthcare). During this standard business process, customer collects written information about security capabilities of a supplier and you could barely… Continue reading Vendor Risk Assessment: Hassle or Blessing?!
Coding Skills and Security Administration
Know how to code and take your computer security effectiveness to next level
Simple Sign of Security Program Has Already Been Failed
The simple sign is your Trust and Confidence: Do you have faith in your security program? For a moment be honest and ask yourself: am I confident with my company security program? Do I have faith in our security team? Do they really know what they are doing? Does my information security officer worth pay… Continue reading Simple Sign of Security Program Has Already Been Failed
The Only Reason A System Has Not Been Hacked!
Real hackers do not randomly find a flaw in a system. There is a systematic approach to hack a system! Regardless of size and type of an online entity and its online presence, a giant company with ten thousand of employee, or a home user of the Net, the only reason a system (may) have… Continue reading The Only Reason A System Has Not Been Hacked!
One Strategy to Win the Cyber-security Battle: Change the Focus!
Sales pitch force us to worry about things that are not so important; Change your mindset to win the battle! “Battle” would not be the right term if we didn’t have a market full of competition to sell cybersecurity products rather than focusing on the right and real way of defense. In other words, focusing… Continue reading One Strategy to Win the Cyber-security Battle: Change the Focus!
Tools vs. Techniques
Operations fail by focusing on tool rather than technique! In context of information technology, with all primary operations like Systems administration, Patching and updating, Backup and replication, Malware protection…and all related sub-tasks, focus on Tools is an enemy of the process! Defining, developing or choosing a technique in advance is crucial to an IT operation.… Continue reading Tools vs. Techniques