Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Thursday, March 27, 2014

Four part article on Security Policy Management Maturity Model - From Algosec



Nice article with well placed sequence.

I have a strange feeling, many companies might be stuck at Level-1.



Part-1
http://blog.algosec.com/2014/01/security-policy-management-maturity-model-part1.html


Part-2
http://blog.algosec.com/2014/02/security-policy-management-maturity-model-benefits-moving-ladder-part-2-4.html


Part-3
http://blog.algosec.com/2014/03/security-policy-management-maturity-model-benefits-moving-ladder-part-3-4.html


Part-4
http://blog.algosec.com/2014/03/security-policy-management-maturity-model-benefits-moving-ladder-final-chapter-part-4-4.html

Posted by MVJBlogger at 9:55 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Labels: Philosophy, Security

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Search This Blog

Translate

About Me

MVJBlogger
View my complete profile

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Popular Posts

  • New Pen Test Poster from SANS
    Get it here. http://counterhack.net/Poster_PenTest_2015.pdf
  • Good news - Firefox (v58 - Jan 2018) will add a new feature - BLOCK canvas-browser-fingerprinting
    Mozilla is testing a new feature in the upcoming version of its Firefox web browser that will grant users the ability to block canvas f...
  • Serverless Architectures - We can't add any endpoint protection (firewall,HIPS,EDR) so, what can we do?
    No magic bullet here - Serverless computing forces software architects and developers to approach security the way it should've been a...
  • Useful Add-On - For Symantec DLP - for better dashboard with Real-time Data. (if you have extra money to spend)
    This might help those who need real-time data According to the article:-  MetriX provides those within security with an unprecedented...
  • njRat (not New Jersey Rat) Malware - infect 24K computers, and is used by 487 groups.
    This is the downside of (evil)code that can easily be ported or shared. According to the article:- "Symantec analysed 72...
  • I was not aware of this - Google DNS was hijacked for 22 minutes on March 16
    It does not seem to be Google's fault but the ISP  According to the article:-  Google's Public DNS servers are used...
  • You are not safe any more - Malvertising hits websites such as YouTube, Amazon and Yahoo
    If three of the most popular sites are being targeted by Malware how, can a common man survive. If you have not done this before , ...
  • Six examples - How employee accounts could be compromised.
    Everyone knows compromised accounts are hard (not impossible) to detect.  One of the problem is that employees don't like it when...
  • With negligent admins , hackers don't have to work hard - A hacker managed to obtain the sensitive documents (U.S. Military Drone Documents) by gaining access to a Netgear router that was using the default FTP login settings for file sharing.
    The authentication vulnerability in Netgear routers that hacker exploits to access the sensitive military data was initially discovered tw...
  • Value of a hacked PC in Pictures
    From: http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/

Categories

  • 3rd party
  • 3rd Party Risk
  • abuse
  • Active Directory
  • Add-On
  • admin error
  • advisory
  • AI
  • AMAZON
  • Android
  • App Security
  • Apple
  • APT
  • ATM
  • attack
  • Authentication
  • automation
  • automobiles
  • Availability
  • backdoor
  • Bad Programming
  • Bad Security
  • Banks
  • Basics
  • bec
  • best practice
  • Big Brother
  • Big Data
  • biology
  • Biometrics
  • BLOCKCHAIN
  • Botnet
  • browser
  • Bureaucracy
  • Business
  • buzzword
  • BYOD
  • c
  • certificate
  • checklist
  • child privacy
  • children
  • chrome
  • Cloud
  • Communication
  • COMPLIANCE
  • Compromise
  • confidentiality
  • Consumer Goods
  • containers
  • Contrarian View
  • COVID-19
  • creative
  • credentials
  • Credit Card
  • Credit Card Privacy
  • cryptocurrency
  • cryptomining
  • Cyber Insurance
  • CyberAttack
  • Cyberespionage
  • CyberSecurity
  • Dangerous
  • Dashboard
  • Data Breach
  • data collection
  • Data exposed
  • Data Loss
  • database
  • DDoS
  • Defense-In-Depth
  • Denials
  • discovery
  • dishonesty
  • DLP
  • DNS
  • do-it-yourself
  • doubbt
  • double-standards
  • Dumb
  • email
  • encryption
  • end of life
  • endpoint
  • EOL
  • ERP
  • Exfiltration
  • exploit
  • exposed
  • extortion
  • extra
  • Fact-is-stranger-than-fiction
  • fake
  • fingerprinting
  • Fix
  • Flaw
  • Forensic tool
  • Forensics
  • Fraud
  • Free book
  • Free Courses
  • free poster
  • Free Software
  • free tools
  • Funny
  • Future Tech
  • Gadgets
  • GDPR
  • General
  • General Knowledge
  • Geo-Tracking
  • gone with the wind
  • Good News
  • Good Reads
  • Google
  • gov
  • Government
  • GRC
  • Guidelines
  • Habits
  • Hack Tools
  • hacked
  • Hacking
  • Hacktivism
  • Hall Of Shame
  • hardware bug
  • health
  • HealthCare
  • Hijack
  • HIPAA
  • History
  • HOW-TO
  • HP
  • Human Nature
  • human vulnerability
  • Hypocricy
  • IAM
  • Identification
  • identity theft
  • illiterate
  • Incident Response
  • Industry News
  • infection
  • Insider Threat
  • inspiring
  • interesting
  • internal theft
  • Invention
  • IoT
  • iPhone
  • Ir-responsible
  • ISACA
  • ISP
  • Jargon
  • Law
  • Layered Security
  • laz
  • laziness
  • lazy coding
  • Legal
  • LIES
  • LIFE
  • Linux
  • mail
  • Malware
  • Management
  • Marketing
  • Medical
  • Mergers and Takeovers
  • Metadata
  • Methodology
  • Metrics
  • mfa
  • Microsoft
  • misinformation
  • mistakes
  • Mobile
  • Mobile App
  • Money
  • Monitoring
  • Multi-Factor
  • Myths
  • Nature
  • Negative Report
  • networking
  • new feature
  • nice
  • no-confidence
  • non-profit
  • Open Source
  • OS
  • Outdated
  • OutSourced
  • password
  • patches
  • PDF
  • Pen Test
  • Penalty
  • Philosophy
  • Phishing
  • PII
  • PKI
  • Policies
  • Poster
  • Predictions
  • Privacy
  • process failure
  • product knowledge
  • Programming
  • Protection
  • Public Incidents
  • Questions
  • QUIZ
  • Quotes
  • Ransomware
  • RAT
  • Repeated Failures
  • Report
  • Research
  • Risk
  • ROI
  • RSA
  • SANS
  • SANS top 20
  • scams
  • scareware
  • Science
  • Scientists
  • screw-up
  • Security
  • Security Analytics
  • security awareness
  • Security Breach
  • Security Ignorance Syndrome
  • Security Mistakes
  • serious
  • serverless
  • SIEM
  • SIS
  • smart devices
  • smart home
  • smart phones
  • SmartHome
  • SOAR
  • Social Network
  • Software
  • spyware
  • State Sponsored
  • Storage
  • Strange
  • supply chain
  • surveillance
  • Survey
  • Symantec
  • Synergy
  • Technology
  • Terminology
  • testing
  • Theft
  • third party
  • third party insecurity
  • Threat
  • tips
  • tracking
  • training
  • traking
  • Trojan
  • Trust
  • tutorial
  • unethical
  • Universe
  • USB
  • useful
  • Victims
  • Video
  • virtualization
  • Vmware
  • VPN
  • Vulnerability
  • Watchout
  • wearable tech
  • Web
  • web attack
  • White Papers
  • WiFi
  • windows
  • Wireless
  • Wisdom
  • Worm
  • XP
  • zero trust
  • zero-day

Blog Archive

  • ►  2020 (71)
    • ►  July (8)
    • ►  June (6)
    • ►  May (10)
    • ►  April (8)
    • ►  March (16)
    • ►  February (12)
    • ►  January (11)
  • ►  2019 (145)
    • ►  December (10)
    • ►  November (9)
    • ►  October (11)
    • ►  September (10)
    • ►  August (22)
    • ►  July (8)
    • ►  April (10)
    • ►  March (17)
    • ►  February (24)
    • ►  January (24)
  • ►  2018 (352)
    • ►  December (18)
    • ►  November (30)
    • ►  October (25)
    • ►  September (19)
    • ►  August (37)
    • ►  July (43)
    • ►  June (49)
    • ►  May (36)
    • ►  April (26)
    • ►  March (22)
    • ►  February (9)
    • ►  January (38)
  • ►  2017 (155)
    • ►  December (30)
    • ►  November (29)
    • ►  October (35)
    • ►  September (14)
    • ►  August (5)
    • ►  July (14)
    • ►  June (2)
    • ►  May (8)
    • ►  April (6)
    • ►  March (6)
    • ►  February (4)
    • ►  January (2)
  • ►  2016 (64)
    • ►  December (3)
    • ►  November (1)
    • ►  October (2)
    • ►  July (7)
    • ►  June (3)
    • ►  May (7)
    • ►  April (19)
    • ►  March (6)
    • ►  February (8)
    • ►  January (8)
  • ►  2015 (127)
    • ►  October (16)
    • ►  September (18)
    • ►  August (20)
    • ►  July (21)
    • ►  June (23)
    • ►  May (22)
    • ►  April (3)
    • ►  March (1)
    • ►  February (2)
    • ►  January (1)
  • ▼  2014 (411)
    • ►  December (7)
    • ►  November (1)
    • ►  October (6)
    • ►  September (4)
    • ►  August (20)
    • ►  July (27)
    • ►  June (8)
    • ►  May (33)
    • ►  April (68)
    • ▼  March (191)
      • AET - Dirty little secret weapons used by hackers.
      • The Top 10 Google Glass Myths - Someone finally di...
      • RSA and NSA relationship - Deeper than what we tho...
      • Can Surveillance be a business model of the Internet?
      • FYI - SANS has a new check-list for Mobile Devices
      • "Thingularity" - I like this buzzword and it makes...
      • Interesting - Contact lens with Infrared vision -
      • No encryption/decryption , still simple and secure...
      • (Someone can) Unlock your car remotely - Demonstra...
      • Metadata - Another experiment that shows how much ...
      • DDoS Threat Landscape report - Botnet Activity is ...
      • Mobile Apps - Why are they considered to be of hig...
      • Google waze - Hacked, reroutes drivers due to a ...
      • Spelling error helped the Boston Bomber to slip th...
      • Communicating Risk to Executive Leadership -Common...
      • Health Insurance provider penalized for Data breach.
      • Analysis of 3 billion attacks - No surprising res...
      • Jargon - Threat Vector - What is it?
      • Jargon - Attack Surface - What is it?
      • Patch Management Failure - Key enabler of cybercrime
      • Four part article on Security Policy Management Ma...
      • Remember the saying "Birdie told me" now, the bird...
      • T-Mobile - Free International Roaming (120+ Countr...
      • Interesting question - How Do the FBI and Secret S...
      • "Data broker industry" - What is that? - In 2012 ...
      • Security,Smart-Devices and stretching Trust bounda...
      • Biometrics - New virgin territory "Ear Wax" (after...
      • Six examples - How employee accounts could be comp...
      • Not sure how far this is true - Anonymous Ukrain...
      • This headline confuses me - Smarter People Are Mor...
      • "Win32:Zbot" dissected - This could come hidden i...
      • After Microsoft (which admitted) now, Google denie...
      • NSS Report - Titled "Why your data breach is my pr...
      • SANS - Cheat Sheets - Now has a new one for DFIR
      • Looks like botnet market is getting competitive - ...
      • WATCHOUT - Malware targets MONSTER.COM and CAREERB...
      • Paying ransom does not guarantee access to your data
      • Insider Threat - 5 ways to limit them , according ...
      • Technology - MYLAR - Build online services that c...
      • Open Source Software - Do enterprises need them?
      • Credit Monitoring Useful? (or Not), the recent eve...
      • Neiman Marcus and Target - Both missed the alerts/...
      • Free - Book from Microsoft - Network Virtualizatio...
      • Bruce has a few open questions for IBM - Based on ...
      • Tools / Utilities - Free Security Tools - Top 125 ...
      • Dangerous - Previewing the email alone is enough t...
      • Off-Topic - Few excellent and inspiring quotes
      • Send a text message to an ATM - Then collect Cash ...
      • Secure Domain Foundation (SDF) - Formed Yesterday.
      • Tools / Utilities - AV/Anti-Malware Malwarebytes ...
      • Useful Add-On - For Symantec DLP - for better das...
      • Virtual CISO at no cost .(I am not kidding)
      • Interim Solution - Temp Fix available for an Unpa...
      • Android Vulnerability - If exploited - Reboot endl...
      • Finally someone agrees - You are not in control of...
      • Who is Hacking who? - I am totally confused.
      • Another day, another data breach - California DMV
      • "Pileup flaws" - short for privilege escalation an...
      • "TECHTOPUS" - Affected the salaries Million+ Silic...
      • Tools / Utilities - SIFT - SANS Investigate Forens...
      • Evil but brilliant - A Malware that can perfectly ...
      • Webservers running Linux Kernel 2.6 - We now offi...
      • 6 Questions for SIEM vendor - From AlienVault
      • Funding IT security projects - How ALE based calcu...
      • Nature - Fruit fly uses calculus, or something lik...
      • Now , WPA2 is also vulnerable
      • Fake Tor Browser in AppStore - Apple does not remo...
      • Vulnerability Management - Nice doc from SANS
      • Ransomware next targets could be enterprises
      • Layered Security - Solution that is better that st...
      • NSA Fires back - They ( Google, Microsoft and oth...
      • One of EA Server hacked , then setup for Phishing
      • Rarely in the news - SAP ERP Security Myths.
      • Spyware(proof of concept) - for Google Glass - Gi...
      • Credit Monitoring Useful?- Finally someone is aski...
      • HOW-TO:- Did not know this - iOS7 Mail function.
      • HOW-TO:- For SIEM folks - Sending Symantec DLP log...
      • BYOD - Issues to consider from a legal perspective
      • Security Philosophy with a dose of reality - 12 st...
      • Ever heard of UXSS - Universal Cross-Site Scripting
      • Malware - Year 2013 saw 82000 variants per day
      • "DeepFace" from Facebook can identify people in Pi...
      • Heard of "Operation Windigo" ? - What about 25000...
      • RAT Dissected - I mean Remote Administration tool ...
      • Another Target article again - Why? because we cou...
      • Alarm Overload - Can turn any smart security syste...
      • Cyber Incident - Do Business leaders have any plans?
      • I was not aware of this - Google DNS was hijacked ...
      • 19 years old beats 3000 entrants to win cybersecur...
      • Free Software - Microsoft OneNote
      • For Science Fans - New direct evidence of the expa...
      • Interesting - Ron Miller wonders why NSA can track...
      • Smart Homes with Dumb Security
      • Something common on our desktops that we may not p...
      • Some of the UK's biggest banks race to update Wind...
      • Sometimes actions based on Good intentions can hav...
      • Interesting Article - Covers a few key security ar...
      • Strange but True - Want to spy on somebody, (Legal...
      • Pen Testing Anonymously - Using Tor and Privoxy
      • No Patch - Sleep today, wake up with headache tomo...
    • ►  February (46)
Simple theme. Powered by Blogger.