You can't secure what you don't acknowledge.SM

Tuesday, September 27, 2011

Web security essentials: something old and something new

Here are some new bits I've written on Web security that you may be interested in. First a bit on SQL injection - the greatest Web flaw of all in my humble opinion:
SQL Injection – The Web Flaw That Keeps on Giving

And a bit on how to use your users to your advantage to minimize Web security risks:
Getting users on your side to improve Web security

...and finally a piece on why I think that time to market is no longer the excuse for Web security flaws and what's really holding us back today:
Time to market is no longer the excuse

You know the deal, be sure to check out for links to all of my additional security whitepapers, podcasts, webcasts, books and more.

Monday, September 26, 2011

Common firewall management challenges whitepaper

Here's a new whitepaper I recently wrote on the ins and outs - and dos and don'ts - of managing enterprise firewalls:

Firewall Management: 5 Challenges Every Company Must Address

In the paper I cover things such as rules and regulations impacting firewall management, assessing firewall policy risks, managing changes and being able to prove where things stand with your firewalls at any given point in time.


Compliance or risk: what the real IT leaders focus on

Whatever your approach to managing IT and information security, here's a new bit I wrote for Security Technology Executive magazine on fixing what needs to be fixed before you do ANYTHING else:
Fix Your Low-Hanging Fruit or Forever Hold Your Peace

Once you have the urgent flaws on your most important systems out of the out of the way, here are some pieces I wrote for on dealing with compliance while, at the same time, actually managing your information risks:

Managing information risk inherent to an effective compliance strategy

Avoid duplicated efforts to cut the cost of regulatory compliance

The long-term consequences of not addressing compliance today


As always, be sure to check out for links to my additional information security articles, whitepapers, podcasts, webcasts, books and more.