Optiv Blog

Get Control of the Mayhem: A Day in the Life of a Piece of Unstructured Sensitive Data

· By Ralph Martino · 0 Comments

Sensitive and relevant data, such as personally identifiable information (PII) or intellectual property, may be running rampant in your organization. It can be received or created and often duplicated. Additionally, you can receive sensitive and relevant data from partners or associates via email or FTP. Within your organization people and machines are also creating or generating sensitive and relevant data to support the business.

Continue reading

Observations on Smoke Tests – Part 1

· By Raina Chen · 0 Comments

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perform as intended. In the context of application security, smoke testing is leveraged in a slightly different way, to quickly evaluate the security of web applications. More specifically, Optiv performs smoke tests to reveal common security issues within applications and their respective environments. To do that, we first scan the application and its environment, then manually validate any issues identified by the scanner.

Continue reading

Help Keep Your Children Safe Online

· By Brian Wrozek · 0 Comments

The Children’s Internet Usage Study conducted by the Center for Cyber Safety and Education discovered that 30 percent of children ages 8-14 use the internet in a way they know their parents would not approve. That’s alarming. Luckily, October is National Cyber Security Awareness Month, which is an ideal opportunity for parents to set aside time to teach their children good digital habits to keep them safe online.

Continue reading

Predictions for Tomorrow’s Internet

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

Currently, an estimated 6.4 billion Internet-of-Things (IoT) devices are connected, with 67 percent residing in North America, Western Europe and China. By the end of 2017, IoT growth is predicted to continue with an explosive 8.4 billion connected devices with a high concentration in electric utility and commercial security applications

Continue reading

Six Key Alignments for CISO's on Cloud Security

· By John Turner · 0 Comments

Many CISO's and security teams are struggling with developing and executing an effective cloud security strategy, especially one that can keep up with the new technologies being deployed every day. Security leaders must take a foothold in the cloud to achieve positive outcomes, but first they must understand the fundamental difference cloud brings to the market.

Continue reading

What Changes will EO 13800 Bring to Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure?

· By Russell Pierce · 0 Comments

Anyone who has held the position of CIO or CISO in a government agency or bureau can tell you implementing an effective information risk management program has been more of a journey then a destination; and anyone who is surprised that we as a nation have struggled to protect our applications, data and infrastructure hasn’t been following the news.

Continue reading

Thank You for the Help!

· By Bill Heck · 0 Comments

One of the more influential things in my life that directed me towards a career in information security was the 1983 movie, WarGames. I was already a bit of a computer nerd in the early 80’s, but WarGames opened my eyes to the broad scale of what could be done from the comfort of your home. It wasn’t just about what I could do locally, but those ridiculously slow dial-up modems opened up a whole new world of possibilities!

Continue reading

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 18

· By Mike Hodges · 0 Comments

Manage the security lifecycle of all in-house developed and acquired software in order to prevent, detect and correct security weaknesses.

Continue reading

Secure SDLC Lessons Learned: #5 Personnel

· By Shawn Asmus · 0 Comments

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years. Part of the problem is that the breadth and depth of AppSec knowledge is rather astronomical; one could argue that it’s exponentially wider than network security and grows at a much faster rate. Based on what I’ve seen, teams tend to be perpetually short-staffed and undertrained.

Continue reading

Secure SDLC Lessons Learned: #4 Metrics

· By Shawn Asmus · 0 Comments

As the secure SDLC program matures, vulnerabilities should be caught and remediated earlier in the lifecycle. To know if the program is truly working, organizations must capture metrics. The specific metrics chosen should support and align with the organization’s business objectives and risk management program.

Continue reading
(134 Results)