Remove 2013 Remove InfoSec Remove Risk
article thumbnail

First American Financial Pays Farcical $500K Fine

Krebs on Security

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. “The [employee] did not request a waiver or risk acceptance from the CISO.”

Insurance 333
article thumbnail

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. Infosec Registered Assessors Program (IRAP December 2020).

Marketing 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Are Computers Compromised (2020 Edition)

Adam Shostack

For others, such as the first, there’s a risk that journalists are going to say ‘really, we only know how 15% of incidents start?’ For example, I believe that patch management is way harder than you’d believe if you read infosec twitter, but so what? ’ (I would be surprised if it’s that high.).

InfoSec 124
article thumbnail

How Are Computers Compromised (2020 Edition)

Adam Shostack

For others, such as the first, there's a risk that journalists are going to say 'really, we only know how 15% of incidents start?' (I For example, I believe that patch management is way harder than you'd believe if you read infosec twitter, but so what? I would be surprised if it's that high.) That would be exciting and actionable.

InfoSec 100
article thumbnail

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

Just as in my post on NatWest last month , that entry point must be as secure as possible or else everything else behind there gets put at risk. By recognising this, they also must accept that the interception may occur on that first request - the insecure one - and that subsequently leaves a very real risk in their implementation.

Hacking 280
article thumbnail

Business Must Change: InfoSec in 2019

The Falcon's View

Consider, if you will, that fundamentally we in infosec want people to make better decisions. That's right, it's infosec. Those are the Three Ways of DevOps as introduced within The Phoenix Project way back in 2013. 3) InfoSec Bifurcation: Functional vs. Strategic. Truly, that's at the core of much that we do.

InfoSec 40
article thumbnail

ISO/IEC 27002 update

Notice Bored

Aside from restructuring and generally updating the controls from the 2013 second edition, the committee (finally!) Monitoring activities (8.16) - 'anomalies' on IT networks, systems and apps should be detected and responded to, to mitigate the associated risks. The fine details, however, do matter in practice.

IoT 102