Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for November, 2010

Simplified Vulnerability Management – Mission Statement

Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager,…

Post by Morey Haber November 5, 2010

Health Care Data Requires Sensitive User Access Control

Of the many recently reported data breaches from hospitals and health care organizations

Post by Peter McCalister November 4, 2010

Control Virtual Sprawl With Privilege Identity Management

Virtual sprawl is the new plague of IT.

Post by Peter McCalister November 3, 2010

Benchmarks as a Point of Reference

I have been reading Stephen Hawking’s new book, “The Grand Design” and am completely stunned by the analogies he uses to simplify perception, measurements, and even quantum physics. This book is not light reading and has had me looking up terms using old college textbooks and Google multiple times. The one thing that fascinates me…

Post by Morey Haber November 3, 2010
, , , , , , , ,

Security is a Team Sport

In organizations that aren’t sophisticated with measuring the value of risk, getting budget for security can be a tough gig. SC Magazine has an entire blog dedicated to an active running list of publicly known breaches, yet no matter how many examples you show, sometimes the logic that it will never be you is just…

Post by Peter McCalister November 2, 2010

eEye @ CSI 2010

I just returned from the Computer Security Institute CSI 2010 conference in National Harbor, Maryland. While there, I spoke on the topic of Logic Bombs using modern examples like Aurora and Stuxnet. This was my first time attending a CSI conference and I must honestly state, I was thoroughly impressed with the quality of the…

Post by Morey Haber November 1, 2010

Misuse of Privilege in Virtualized Environments

A key factor to consider when approaching virtualization security is that the hypervisor is always going to be a high-value target due to its control over the entire virtual environment.

Post by Peter McCalister November 1, 2010