Optiv Blog

Secure SDLC Lessons Learned: #5 Personnel

· By Shawn Asmus · 0 Comments

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years. Part of the problem is that the breadth and depth of AppSec knowledge is rather astronomical; one could argue that it’s exponentially wider than network security and grows at a much faster rate. Based on what I’ve seen, teams tend to be perpetually short-staffed and undertrained.

Continue reading 0 Shares

Maturing IR Capabilities into an Incident Management Program – Part 2 of 3

· By Jenn Black, Jeff Wichman, Case Barnes, Erik Schmidt, Curtis Fechner · 0 Comments

The capability to respond effectively to cyber incidents is one of the most critical components of an enterprise security program. However, many companies still lack a solid incident response program (IRP) entirely or don’t take incident response planning seriously enough.

Continue reading 0 Shares

Maturing IR Capabilities into an Incident Management Program – Part 1 of 3

· By Jenn Black, Optiv Enterprise Incident Management Team · 0 Comments

We’ve all heard that it’s not a matter of “if,” but “when.” This statement, while becoming its own stale mantra of sorts, is still the impetus for the necessary and dramatic shift taking place across enterprise-level cyber security program strategy. Incident response has become one of the most critical aspects of any overall security strategy, but a solid incident response program (IRP) is something many organizations – both large and small – either lack entirely or don’t take seriously enough.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #1 Application Catalog

· By Shawn Asmus · 0 Comments

Building an application catalog is a critical step towards maintaining governance over a secure SDLC program. The primary purposes of the catalog are to provide teams information on which technologies are in place in the enterprise (Java, .Net, third-party libraries, platforms) and criteria for identifying which applications are mission critical and/or high risk.

Continue reading 0 Shares

Cloud Powered Without Compromise

· By JD Sherry · 0 Comments

Security OF the cloud versus security IN the cloud. This by no means is intended to be a riddle. In fact, the irony is that cloud computing has solved many riddles that have plagued IT and businesses for decades except for one – how do you get technology deployed at the speed of business?

Continue reading 0 Shares

New NIST Cyber Recovery Guide, What’s Your Plan?

· By Kevin Hiltpold · 0 Comments

The adversaries trying to breach your cyber defenses have a plan, do you? A few weeks ago, the National Institute of Standards and Technology (NIST) released their Guide for Cybersecurity Event Recovery. The guide includes topics contained in a typical recovery plan and really boils down to documentation, communication and practice.

Continue reading 0 Shares

Is an Effective Vulnerability Management Program in Your Future?

· By John Ventura · 0 Comments

The sad truth about penetration tests is that they are almost always successful in demonstrating dramatic security events. Even junior assessors can go from minimal access, below the level of most employees, and gain administrative domain credentials for an internal corporate network.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 15

· By Steven Darracott · 0 Comments

The processes and tools used to track, control, prevent and correct the security use of wireless local area networks (LANs), access points and wireless client systems.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 13

· By Joshua Platz · 0 Comments

Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

Continue reading 0 Shares

Just Enough Insider Threat Defense

· By Heath Nieddu · 0 Comments

At a recent conference for IT leaders, I addressed the theme of, “How much cyber security is enough?” We all probably have had to answer the broad question of how much budget is appropriate relative to our peers, but a discussion about risk and value should quickly follow.

Continue reading 0 Shares
(215 Results)