BreachExchange mailing list archives
How To Avoid Breaches Where You Least Expect Them
From: Lee J <lee () riskbasedsecurity com>
Date: Tue, 22 Oct 2013 20:26:02 +1100
http://www.darkreading.com/vulnerability/avoiding-breaches-where-you-least-expect/240162928 In the real world of constrained budgets and limited personnel, prioritization of security resources is a must. Many departments prioritize practices based on the severity of vulnerabilities, the value of a target, and the likelihood of a threat hitting said target. However, the flip side of that is to remember the real world is also a connected one. And as many security experts can attest, enterprises often forget to account for how attacks against the vulnerabilities in less critical systems can jeopardize the crown jewels. "Most companies focus their efforts on locking down vital assets, such as the infrastructure, servers, mission-critical applications, and work machines, and when assessing risk put too much emphasis on these as opposed to other systems deemed not as vital," says Vann Abernethy, senior product manager for NSFOCUS. "But we have seen attacks against these soft targets that either led to serious damage or were used as a way into the systems that were thought to be better protected." [...]
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- How To Avoid Breaches Where You Least Expect Them Lee J (Oct 24)