Posted By Chris | November 25th, 2010
proVM Auditor, our flagship software offering, continues to be a success for us and our clients (We have a 100% renewal rate). With proVM Auditor, we are able to give our clients the ability to more easily manage their vulnerability data and actually put it to use. We have seen our clients go from performing … Continue reading
Tags: automation, Information Assurance, Information Security, proVM Auditor
Filed In: Business Practices, Compliance, IT Infrastructure Security, Management Practices, Software and Automation
Posted By Chris | October 8th, 2010
http://meritalk.com/blog.php?user=SteveOKeeffe&blogentry_id=2458 Asks some interesting questions. I put my two cents at the bottom. Continue reading
Tags: Compliance, FISMA
Filed In: Compliance
Posted By Chris | August 23rd, 2010
Management style is an area of operations that has more impact on an organization’s security posture than most would assume. There are a lot of policy level decisions with legal ramifications that management is faced with on a daily basis as part of their overarching responsibilities. Driving standards and approved operating procedure from the management level can exude some fantastic benefits if approached in a suitable manner. Creating and adhering to well-developed processes takes a lot of the guess work out of daily activities of employees, and moreover, provides a solid foundation to ensure that all requirements are being met and that all employees know the rules of the game. Continue reading
Tags: Information Assurance, Information Security, Management, philosophy, Security, security training
Filed In: Business Practices, Management Practices
Posted By Chris | August 18th, 2010
As part of the IATAC SME (Subject Matter Expert) Program, we are occasionally forwarded questions and asked for our input. The most recent request for information was interesting, so I thought I’d share my response here. Due to Federal Information Security Management Act (FISMA) Certification and Accreditation (C&A) requirements, the government and military operate using … Continue reading
Tags: Approved IA Products List, Approved Product List, C&A, CoN, DIACAP, IATAC, SME
Filed In: Business Practices, IATAC SME Program, IT Infrastructure Security, Software and Automation
Posted By Chris | August 17th, 2010
“The new malicious program penetrates smartphones running Android in the guise of a harmless media player application. Users are prompted to install a file of just over 13 KB with the standard Android extension *.APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the … Continue reading
Tags: Android, malware, mobile, Trojan-SMS
Filed In: Malware, Mobile
Posted By Chris | August 9th, 2010
With the launch of an updated version of proGD (1.0.0.19), a software we developed to automate the manual process of scanning with DISA Gold Disk, a DoD MS Windows scanner, I thought it made sense to publish a brief post about how automation can really lighten the load of information security professionals in any organization. … Continue reading
Tags: automation, proGD, software
Filed In: Software and Automation
Posted By Chris | September 7th, 2009
The question of taking advantage of a third-party vendor or developing public key infrastructure (PKI) within our your organization is a pretty tough question that doesn’t seem to have a clear-cut answer. Each method has its own pros and cons that I’ll try to outline for you here, and there are a lot of factors … Continue reading
Tags: Information Security, Infrastructure, Public Key Infrastructure (PKI), Risk, Security, social contract, vendors
Filed In: Public Key Infrastructure
Posted By Chris | May 19th, 2009
Of all of the good client/vendor relations I’ve seen, there seems to be one fundamental trait that each good relationship has had in common – the client knowing exactly what it wants in the short and long term. But how often do we usually run into clients that know EXACTLY what they want? Most of … Continue reading
Tags: business, contracting, partnership, philosophy, social contract, vendors
Filed In: Business Practices