Security Risk Advisors


ThreatView - August 2012 QSA vs ISA

August 21, 2012 | Posted in GRC by Carl Angeloff

Many organizations that must comply with the Payment Card Industry Data Security Standard (PCI DSS) are asking what the differences are between QSA's and ISA's and which direction they should take with their program.  We address this question in the … Continue Reading

We recently co-presented a case study with Vas Rajan (CISO, INGDirect) discussing how we jointly developed a security risk management program for customer-facing mobile apps. We discussed the security risks and challenges, and a programmatic approach… Continue Reading

5. You’re still using Telnet, FTP, HTTP, [insert clear text protocol here]

Clear text protocols are all but eliminated on Internet-facing systems, but a substantial amount of them still remain on internal networks. With prevalent password reuse and si… Continue Reading

4. Your network shares are sharing way too much information…to EVERYONE

Network shares are designed to do just that, share information with those who need it.  The problem is too many folders are being shared to everyone in the company and that genera… Continue Reading

3. Your remote access technology uses a blank or easily guessable password

You may be noticing a pattern by now; blank or weak passwords that lead directly to system administration.  Remote administration technologies make life easier for administrato… Continue Reading