Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
The ROI Of Infosec: 11 Dos and Donts For Management Buy In
Newest First  |  Oldest First  |  Threaded View
RyanSepe
RyanSepe,
User Rank: Ninja
2/29/2016 | 1:50:57 PM
Dont portray IT security as a complication.
It's important to understand that the business is the main reason as to why you need to successfully implement security. Without it, there would be none to implement. I always prefer to say that its not security vs functionality, its more like security to complement functionality.
ivadumont
ivadumont,
User Rank: Apprentice
2/28/2016 | 5:19:16 PM
Re: #8The ROI Of Infosec: 11 Dos and Donts For Management Buy In
I really think that everybody don't have the same view. But for this case most of us will convey that security is an important part.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
2/27/2016 | 5:28:58 PM
#8
I'd reword #8, though the point is well taken.  Executives hate to be "reminded of" legal details and compliance obligations.  Rather, they prefer to view legal and compliance issues as a matter of risk management.  Present things that way and you're much more likely to at least get informed action.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4169
PUBLISHED: 2022-11-28
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and them...
CVE-2022-41732
PUBLISHED: 2022-11-28
IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.
CVE-2021-45036
PUBLISHED: 2022-11-28
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
CVE-2022-44399
PUBLISHED: 2022-11-28
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.
CVE-2022-31877
PUBLISHED: 2022-11-28
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.