the State of Security

audit

The need for a new perspective

by Dwayne Melancon

OK, so this has been a topic of discussion around virtualization for a long time, but I just read a well-presented article on “Pesky Virtual Environments” from Trent Henry on the Burton Group blog. While the article is specific to how QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to adjust their [...]

Read More

Conference Report: ISACA North America CACS: “Wow, we’re not in Vegas anymore…”

by ~Previous Contributers

I’ve always loved the ISACA CACS conferences. Why? I guess because I love auditors. Not all auditors, mind you, but auditors that have a risk-based orientation, and who understand that the achievement of any goal (regardless of whether we’re talking about information security, operating effectiveness, or compliance goals) hinge on effective controls. And IT auditors [...]

Read More

Virtualization and PCI: Your Jedi Mind Tricks Won’t Work Forever

by Michael Lohr

IT Jedi Knight: These are not the servers you are looking for. Auditor: (To other auditor) These are not the servers we are looking for. IT Jedi Knight: There is no need to audit the hypervisor. Auditor: We do not need to audit the hypervisor. IT Jedi Knight: Now move along. Auditor: (To IT Jedi [...]

Read More

Virtualization security and unintended reliance

by ~Previous Contributers

Much has been written down about whether or not virtualization makes an IT organization more or less secure — often with lots of emotion, and sometimes with good logical rigor. One of the best analyses I’ve read is by Neil MacDonald (Gartner, Inc. “Security Considerations and Best Practices for Securing Virtual Machines” March 2007). Hopefully [...]

Read More

Next Entries →