12 Jun 2012
ISACA International Event
Dallas, Texas, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
7 Aug 2012
ISACA International Event
Chicago, Illinois, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
11 Sep 2012
ISACA International Event
San Francisco, California, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
2 Oct 2012
ISACA International Event
Orlando, Florida, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
6 Nov 2012
ISACA International Event
New York, New York, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
11 Dec 2012
ISACA International Event
Las Vegas, Nevada, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
|
Volume 1, 2012
by Michael Mendelsohn, CISSP, Antoine Philipovitch, William Welch, CISM, and Robert Zanella, CISA
One of today’s big security marketing pushes is enterprise single sign-on (ESSO).
|
Volume 4, 2011
by Sivarama Subramanian, CISM
This article attempts to define metrics that measure the effectiveness of application security in an organization.
|
Volume 4, 2011
by Joel Scambray, Vincent Liu and Caleb Sima | Reviewed by Connie Spinelli, CISA, CFE, CIA, CMA, CPA
This book is an eye-opening resource for grasping the realities of today’s web application security landscape.
|
Volume 2, 2011
by Himanshu Dwivedi, Chris Clark and David Thiel | Reviewed by Jeimy J. Cano M., Ph.D., CFC, CFE, CMAS
This book presents a series of suggestions and security tips for developing mobile applications.
|
Volume 2, 2010
by Ronke Oyemade, CISA
|
Volume 4, 2006
by Steven J. Ross, CISA, CISSP
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).
Contributed by ISACA on 30 Jun 2010
|
The CISO for the city of Portland, Ore., advises that every enterprise be aware of one must-have secure Web gateway feature before buying.
Contributed by ISACA on 30 Jun 2010
|
As cloud computing moves from marketing hype to reality -- real customers with real utilization, it's increasingly important that information security practitioners understand the significant change in computing the cloud heralds and how that impacts enterprise risk
Contributed by ISACA on 30 Jun 2010
|
The biggest security problem in the Web 3.0 world will be controlling state over time with a jungle of new syntax.
Contributed by ISACA on 29 May 2010
|
Companies are widening their security holes by haphazardly installing all the technological defenses they've purchased
Contributed by ISACA on 29 May 2010
|
Details the creation of a small tool program which aids the operation of the Snort IDS in dynamically assigned IP address environment.
Contributed by ISACA on 29 May 2010
|
|
On the AS/400 (System i) it is possible to audit for default passwords using the ANZDFTPWD command.
A default password is defined as a password which is the same as the user profile.
The command behaves slightly differently depending on the value of the s...
Posted By : Ian Cooke | 0 comments
|
The main idea I am trying to advocate with these posts is a simple one.
Compare a database you are auditing against a database that you know already meets the standards required by the organisation you are auditing.
This is achieved by creating “CSV ty...
Posted By : Ian Cooke | 1 comments
|
|
Before we get into auditing Oracle privileges a reminder of a few definitions might be helpful.
A user privilege is the right to run a particular type of SQL statement, or the right to access an object belonging to another user, run a PL/SQL package, and...
Posted By : Ian Cooke | 1 comments
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 0 comments
|
|
Posted By : masarker | 0 comments
|
APT Defense Strategy
By Kevin J. Murphy, CISSP, CISM, CGEIT
September 30, 2010
WHAT IS APT?
APT is an acronym for Advance Persistent Threat. Isn’t that descriptive? In reality there is a lot behind the APT which might not be that obvious from underst...
Posted By : Kevin J. Murphy | 1 comments
|
|
|