Defence in Depth: The art of stratifying your security system

October 5, 2007 — Giannella
Defence in Depth is all about protecting the information by building up a number of layers around it. It isn’t simply putting up and firewall and walking away. Defence in Depth is building a number of layers around the information that work together to provide a strong and (hopefully) impenetrable.

An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment. Different security products from multiple vendors may be on different vectors within the network, helping prevent a shortfall in any one defence leading to a wider failure.

Read the rest of this entry »

Posted in Documentation, Learning, Security. Tags: , , , , . 1 Comment »

Vulnerability Management: Good Practices

October 4, 2007 — Giannella
We live in the age where technology is involved in almost every business process and threats such as vulnerability exploitation are an unfortunate reality.

In this post I’ll be pointing out some factors one should keep in mind when looking to manage software vulnerabilities.

Click the image above to enlarge it

Read the rest of this entry »

Posted in Learning, Security. Tags: , , . No Comments »