Skip to main content

Home/ Consitio_20121/ Group items tagged IT-Security

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Juan Vicente Lladró

5 Top Trends Redefining CSO Priorities - Microsoft Security Blog - Site Home - TechNet ... - 1 views

blogs.technet.com/...redefining-cso-priorities.aspx

shared by Juan Vicente Lladró on 09 Dec 13 - No Cached
  • 1. Consumerization of IT
  • 95 percent of information workers use self-purchased technology for work
    • Juan Vicente Lladró
      Juan Vicente Lladró on 09 Dec 13
       
      Cada vez es más popular las políticas de BYOD, Bring Your Own Device, que acrecientan la fragmentación de la seguridad.
  • 2. Cloud Computing
  • ...10 more annotations...
  • 3. Advanced Persistent Threat
  • an enterprise needs to know that resources placed on the cloud have the proper level of security, yet moving to the cloud limits an organization’s ability to control systems and data.
  • The economic case for cloud computing can be persuasive
  • Unlike the highly visible infections of the past, such as the ILOVEYOU virus, an APT is designed to elude detection, making the job of detection and protection all the more difficult.
  • Cyber threat has changed, and the primary concern is no longer malware that incidentally impacts an organization, but rather the threat of very targeted attacks for purposes of industry espionage, cyber crime or – if a company is part of critical infrastructure – cyber war.
  • 4. Expanding Importance of Identity
  • as perimeters fall away and applications migrate to the Cloud, the value of authenticated identity has even more importance
  • NSTIC is the White House initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of sensitive online transactions.  Identity management will continue to a top concern for IT departments for the immediate future.
  • 5. Increased Government Role in Cybersecurity
  • “The architecture of the Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations.” and “Information and communications networks are largely owned and operated by the private sector, both nationally and internationally. Thus, addressing network security issues requires a public-private partnership as well as international cooperation and norms.”
  • Juan Vicente Lladró on 09 Dec 13
     
    Artículo muy interesante sobre las 5 tendencias que están redefiniendo las prioridades del Chief Security Officer
Gonzalo Gandía

Advice For Developing Secure Cloud Applications - 0 views

www.darkreading.com/...240164509

seguridad Seguridad Informática cloud

shared by Gonzalo Gandía on 09 Dec 13 - No Cached
  • Cloud providers should model all of their application's interfaces with threats to multi-tenancy in mind, such as information disclosure and privilege escalation, the report advises. In addition, providers should use a "separate schema" database design when building multi-tenant applications as opposed to adding a "TenantID" column to each table.
  • APIs are the front door into any application, and it is critical that they are properly secured
  • To secure APIs, the report recommends determining whether the APIs can be restricted so that only trusted hosts can call them and ensure that interservice communication is securely authenticated
  • ...1 more annotation...
  • primary threats to cloud computing: data breaches, data leakage, denial-of-service, and insecure application interfaces.
  • Gonzalo Gandía on 09 Dec 13
     
    Experts Offer Advice For Developing Secure Cloud Applications
Maria Ferri

Blogs - 0 views

www.criptored.upm.es/...blogs.htm

IT-Security blogs y gestión criptografía Itsecuring protección empresas seguridad informática hacking amenazas informáticas

shared by Maria Ferri on 01 Dec 13 - No Cached
  • Blog personal dedicado a comentar la actualidad en los campos de seguridad informática, técnicas forenses y auditoria de sistemas.
    • Maria Ferri
      Maria Ferri on 01 Dec 13
       
      Directorio de blogs sobre Seguridad Informática de la Universidad Politécnica de Madrid.
  • blogs de interés relacionados con la seguridad informática
  • ...26 more annotations...
  • IT-Insecurity
  • La inseguridad informática es la razón misma de la existencia de la seguridad informática
  • Un continuo de experiencias que permiten tanto a profesionales de la seguridad como a curiosos de la inseguridad compartir en un mismo escenario la pasión para descubrir día día lo sorprendente de la inevitabilidad de la falla.
  • Security by DEFAULT
  • Blog de Alejandro Ramos sobre técnicas de hacking y seguridad de la información.
  • Lost In Security
  • Blog de David Barroso sobre seguridad de la información y todo tipo de amenazas informáticas.
  • Seguridad de la Informacion y Auditoria de Sistemas
  • Blog personal dedicado a comentar la actualidad en los campos de seguridad informática, técnicas forenses y auditoria de sistemas.
  • Blog personal dedicado a comentar la actualidad en los campos de seguridad informática, técnicas forenses y auditoria de sistemas.
  • LEGAL PROTECT
  • Breve descripción: Artículos y ecos de noticias de la empresa de seguridad asturiana SIGEA
  • Seguridad y Gestión
  • Blog sobre gestión y seguridad de la información, en el que también se comentan noticias de actualidad relacionadas con esta temática y se habla de continuidad de negocio, gestión de servicios TI, LOPD, sistemas de gestión (ISO 9001, ISO 27001, ISO 20000, ITIL, BS 25999, etc.) y otros temas relacionados.
  • Security Art Work
  • SecurityArtWork es un blog con una visión global de la seguridad, donde se discuten desde aspectos tecnológicos hasta temas de seguridad legal, física, organizativa y normativa, regulación... y en el que participan profesionales de diferentes ámbitos de la seguridad: ingenieros, abogados, arquitectos, personal de seguridad privada...
  • Itsecuring
  • Blog de seguridad donde se comparten conocimientos prácticos de Seguridad tales como ISO27001, Mejores prácticas y Continuidad del negocio
  • Cryptography is on the move
  • Se proponen temas y noticias relacionadas con las novedades en criptografía. Se admiten miembros y seguidores del grupo en Linkedin. En la actualidad se viene siguiendo la competición abierta por el NIST en torno al nuevo estándar de SHA3. Se anima a los criptógrafos españoles a colaborar en el blog.
  • MCAFEE LABS BLOG
  • Los laboratorios de McAfee cuentan con un espacio en el que ofrecen amplia información sobre sus últimos descubrimientos en materia de seguridad, en concreto sobre las últimas amenazas en Internet y ofrecen todas las claves para que empresas y particulares estén alerta y seguros.
  • Seguridad Apple
  • Blog técnico sobre Seguridad en productos y sistemas operativos Apple. Mac OS X, iPhone, Safari, etc... Análisis Forense, Hacking, y utilidades
  • Punto Compartido
  • Blog dedicado a tecnologías SharePoint y Biztalk y la seguridad de los productos., escrito por Rubén Alonso, Microsoft Most Valuable Professional MVP en SharePoint.
  • Maria Ferri on 01 Dec 13
     
    Directorio de blogs sobre Seguridad Informática - Universidad Politécnica de Madrid. He destacado los blogs más interesantes, sobre seguridad informática, técnicas de hacking, amenazas, seguridad de la información, auditoría de sistemas, sistemas de gestión ISO 27001 - ISO 20000, criptografía, etc
Gonzalo Gandía

IT Security and Risk Management - 0 views

www.zdnet.com/agement-an-overview-7000022659

security Seguridad Informática protección empresa politicas

shared by Gonzalo Gandía on 10 Dec 13 - No Cached
  • Gonzalo Gandía on 10 Dec 13
     
    An Overview
Carmen Sempere

https://cloudsecurityalliance.org/wp-content/uploads/2012/02/Areenterprisesreallyreadyt... - 0 views

cloudsecurityalliance.org/...llyreadytomoveintothecloud.pdf

cloud security enterprises

shared by Carmen Sempere on 08 Dec 13 - No Cached
    • Carmen Sempere
      Carmen Sempere on 08 Dec 13
       
      Many companies are moving to the cloud, but they are still concerned about security issues regarding how they dat is segregated , how is privacy preserved, how can they move their data back to their systems if needed. Cloud-based services are still very immature and it is very risky to rely on a single cloud service provider. In summary it is apparently compelling that the cloud computing industry forums need to define  the standards and procedures for security, privacy, data moving and service recovery, in  order to boost the public confidence on the cloud. Without necessary regulatory and industry  standards, the acceptance of cloud based services, would be still "cloudy".
  • Carmen Sempere on 08 Dec 13
     
    White Paper - Are enterprises really ready to move into the cloud?
Gonzalo Gandía

What CISOs Need to Know about Cloud Computing - 0 views

securosis.com/...-to-know-about-cloud-computing

cloud computing Seguridad Informática

shared by Gonzalo Gandía on 10 Dec 13 - No Cached
  • cloud computing isn’t more or less secure than traditional infrastructure – it is different. Some risks are greater, some are new, some are reduced, and some are eliminated
  • Gonzalo Gandía on 10 Dec 13
     
    A review of how security risks change in cloud computing vs traditional computing
Manuel Carmona

IT Baseline Protection Catalogs - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...T_Baseline_Protection_Catalogs

shared by Manuel Carmona on 23 Jun 13 - No Cached
  • The IT Baseline Protection Catalogs, or IT-Grundschutz-Kataloge, ("IT Baseline Protection Manual" before 2005) are a collection of documents from the German Federal Office for Security in Information Technology (BSI) that provide useful information for detecting weaknesses and combating attacks in the information technology (IT) environment (IT cluster).
  • Manuel Carmona on 23 Jun 13
     
    En inglés. Catálogos con la línea base de la protección TIC elaborados por la Oficina Federal de la Seguridad de la Información Alemana.
itiooscar

Gartner: 7 major trends forcing IT security pros to change - Network World - 0 views

www.networkworld.com/...3-gartner-security-270663.html

Seguridad Informática

shared by itiooscar on 12 Dec 13 - No Cached
  • itiooscar on 12 Dec 13
     
    Presenta de modo sintético las nuevas formas de interactuar con las TIC y los nuevas arquitecturas TIC y sus riesgos asociados de seguridad. Un artículo muy interesante porque describe los entornos actuales TIC que se están consolidando y los nuevos retos en seguridad TIC que generan.
José Ramón

Acerca de... - VirusTotal - 0 views

www.virustotal.com/about

Herramientas

shared by José Ramón on 03 Dec 13 - No Cached
    • José Ramón
      José Ramón on 03 Dec 13
       
      es una herramienta gratis.
  • free online service
  • Runs multiple antivirus engines and website scanners
  • ...13 more annotations...
  • analyzes files
  • and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners
  • subsidiary of Google
  • as an information aggregator
  • The full list of antivirus solutions and website scanners used in VirusTotal can be found in the credits and collaboration acknowledgements section.
    • José Ramón
      José Ramón on 03 Dec 13
       
      Totalvirues no es suficiente para garantizar la seguridad del software, ha de combinarse con otras aplicaciones antivirus.
  • aggregates the output of a number of file and URL characterization tools.
  • Runs multiple file and URL characterization tools
  • Real time updates of virus signatures and blacklists
  • periodically updated as they are developed and distributed by the antivirus companies.
  • VirusTotal is not a substitute for any antivirus/security software installed in a PC, since it only scans individual files/URLs on demand.
  • Currently, there is no solution that offers 100% effectiveness in detecting viruses, malware and malicious URLs.
  • You may become a victim of deceitful advertising, if you buy such a product under those premises.
  • José Ramón on 09 Dec 13
     
    Herramienta gratuita
1 - 9 of 9
Showing 20 items per page