Archive - November 2000
Security and Compliance Synergies with DLP and SIEM
Data Loss Prevention (DLP) can greatly help organizations understand and control the data that is used, stored and transmitted and it is seeing increasing use in PCI-DSS compliance. Another technology, Security Information and Event Management (SIEM), collects and analyzes data in real time from multiple sources including server logs, network devices, firewalls and intrusion detection systems. In this article, we will enumerate how the combination of SIEM and DLP can improve the security and compliance of a corporation. Taken together SIEM and DLP can work so that data flow within a corporation is transparent, therefore, affording more control to the corporation and less ability to misuse that information.
Leveraging Vulnerability Scoring in Prioritizing Remediation
Eric Vanderburg
The average organization has numerous types of equipment from different vendors. Along with the equipment, businesses also utilize multiple software applications from various developers throughout the organization. This diversity provides many helpful opportunities, but also creates a higher probability for vulnerability. Risk managers are able stay aware of new vulnerabilities through vendor systems or services such as SANS @RISK, the National Vulnerability Database (NVD), the Open Source Vulnerability Database (OSVDB), or Bugtraq, but how do they prioritize the vulnerabilities. Certainly risk managers need to know which vulnerabilities with the highest risk can be resolved before lesser vulnerabilities? Understanding these vulnerabilities and their impact relevant to other vulnerabilities is quite a challenge.
To overcome this challenge, several scoring systems have been developed. These include the US-CERT (United States Computer Emergency Readiness Team) Vulnerability Notes Database and the Common Vulnerability Scoring System (CVSS). This article provides an overview of both systems and how risk managers can use them to prioritize remediation.
Achieving High Availability with Change Management
Eric Vanderburg
Change management is a key information security component of maintaining high availability systems. Change management involves requesting, approving, validating, and logging changes to systems. This process can bring significant benefits to an organization. Namely, it can strengthen the decision making ability of an organization by training personnel to fully think on and evaluate changes before they are made and it provides a knowledge base of past changes and the lessons learned from situations.
Fail Secure – The Correct Way to Crash
Eric Vanderburg
Anyone who has taken a martial art class could speak to the importance of learning how to fall. In the course of training, a person will fall many times and it is important to know how to fall properly so that injury does not occur. Similarly, software needs to be able to crash in such a way that injury in the form of an information security vulnerability does not occur.
Systems and software will crash and attackers will try to make it crash to reveal potential vulnerabilities in its startup routine. The job of security professionals and security minded developers is to architect a solution that fails securely by determining what should happen if a component in a system were to fail. This concept, called “Fail Secure”, is defined by Wikipedia as “a device or features which, in the event of failure, responds in a way that will cause no harm, or at least a minimum of harm, to other devices or danger to personnel.”
Reducing privacy and compliance risk with data minimization
Eric Vanderburg
What if I told you that you could reduce risk and costs at the same time? Skeptical? I would be. It sounds like some cheesy marketing ploy chuck full of hidden costs or high upfront costs with low ROI. No, I am not pitching a product or trying to sell you a solution. I am however trying to get your attention. I am talking about data minimization.
Companies collect millions of gigabytes of information, all of which has to be stored, maintained, and secured. There is a general fear of removing data lest it be needed some day but this practice is quickly becoming a problem that creates privacy and compliance risk. Some call it “data hoarding” and I am here to help you clean your closet of unnecessary bits and bytes.
