Brad Causey, Mar 7, 2013
Risk is a factor in any enterprise, and managing that risk is always a challenge. In regulated industries, however, the challenge is heightened by goals that sometimes overlap but more often do not. In this Dark Reading report, we will examine the general considerations organizations must make when putting risk into a compliance context, as well as recommend specific strategies for leveraging organizational risk management work to achieve compliance goals.
Brad Causey, Feb 22, 2013
Application security is challenging because of the number of applications in use at most organizations, their visibility (or lack thereof) and their constant churn. In this Dark Reading report, we examine the best ways to build an explicit, systematic plan for discovering applications, identifying vulnerabilities and mitigating risk.
Brad Causey, Jan 18, 2013
Assessing an organization’s security risk is an important element of an effective enterprise security strategy. It’s also a key way to justify future security spending to upper management. In this Dark Reading report, we recommend how to conduct an IT security risk assessment — and how to translate the results into terms that make sense in dollars.
Brad Causey, Nov 29, 2012
Vulnerability scans are valuable, but you have to think and act like a hacker if you want to truly understand the ways in which your organization could be compromised. In this report, Dark Reading recommends the tools and methodologies that can be used to test your organization’s security.
| Read Report » | 2 MB
Brad Causey, Jun 4, 2012
In many organizations, the chief threat to critical data is not an external hacker, or even the everyday employee, but the user with access to the most data. Corporate executives, power users and even IT administrators may jeopardize the security of sensitive data by accessing it in insecure ways or moving it to insecure locations. Worse, the activity of many of these privileged users may not be regularly monitored—or there may be no way to monitor it at all. In this report, we outline key methods for tracking the behavior of privileged users and ensuring that they don’t abuse those privileges to the detriment of your enterprise data.
Brad Causey, May 28, 2012
When it comes to the battle against distributed denial-of-service attacks, you are not alone. With the increasing use of third-party service providers, your organization likely has a huge arsenal of bandwidth, technology and know-how at its disposal. The challenge is to effectively marshal those resources among your providers and integrate them with your own security measures into a strategic and comprehensive DDoS protection plan.
Brad Causey, Mar 13, 2012
A recent rash of certificate authority breaches has left a bad taste in many people’s mouths. There is no one reason for the breaches. The compromises were the result of a breakdown in people, processes and technology, but not necessarily the certificates themselves. We take a look at what’s wrong with certificate technology, what can be done to fix it, and what’s down the road for certificates and CAs.
| Read Report » | 910 KB
Brad Causey, Aug 3, 2011
Knowing how attackers find and use the vulnerability will help companies defend against it.
| Read Report » | 655 KB
Brad Causey, Jul 11, 2011
SQL injection is among the most prevalent—and most dangerous—techniques for exploiting Web applications and attacking back-end databases that house critical business information at companies of every size. And it persists despite relatively simple and effective countermeasures. Here, we explain how SQL injection works, and how to secure your Web apps and databases against it.