Advanced Threats: Driving Senior Leadership Awareness
In today’s changing security environment, where advanced persistent threats (APT) are playing such a dramatic and notable role, it is the security organization’s responsibility to ensure that senior leadership understands and accepts risk associated with modern-day advanced threat actors. Regardless of your security maturity levels, you should at least be having the conversation about Advanced Threats. It is incumbent upon security leaders to drive this conversation within your organization in an effort to shift expectations away from thinking…
The Honeynet Project Maps Real-Time Attacks From Around the World
Members of The Honeynet Project’s Giraffe Chapter released a new real-time attack map earlier today. The map shows live attacks from locations around the world, provided by distributed honeypots operated by Honeynet Project chapters. Currently the map is in an alpha release stage, and additional data and input sources are planned for future releases. [Update 9/25/2012: Additional data feeds have been added]
Effectively Measuring Risk Associated with Vulnerabilities in Web Applications
An objective risk rating framework enables our team to compare a standardized measurement of risk across an organization. It also allows our clients to prioritize steps needed in an action plan to mitigate, accept, or transfer organizational risk. Prioritization of vulnerability remediation should be organized objectively based on factors used in the risk rating framework, such as: ease of exploitation, severity of impact if exploited, and level of effort to remedy. If you are considering adopting a risk-rating framework, it is important to tailor a solution that best suits your organizational needs. The following risk rating scale was developed to satisfy the specific needs of our clients, and we hope it provides you with valuable guidance as you plan for the management of risk within your organization…