The ROI Of Infosec: 11 Dos and Don'ts For ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

RyanSepe,
User Rank: Ninja
2/29/2016 | 1:50:57 PM

Don’t portray IT security as a “complication.”

It's important to understand that the business is the main reason as to why you need to successfully implement security. Without it, there would be none to implement. I always prefer to say that its not security vs functionality, its more like security to complement functionality.

Reply | Post Message | Messages List | Start a Board

ivadumont,
User Rank: Apprentice
2/28/2016 | 5:19:16 PM

Re: #8The ROI Of Infosec: 11 Dos and Don’ts For Management Buy In

I really think that everybody don't have the same view. But for this case most of us will convey that security is an important part.

Reply | Post Message | Messages List | Start a Board

Joe Stanganelli,
User Rank: Ninja
2/27/2016 | 5:28:58 PM

I'd reword #8, though the point is well taken. Executives hate to be "reminded of" legal details and compliance obligations. Rather, they prefer to view legal and compliance issues as a matter of risk management. Present things that way and you're much more likely to at least get informed action.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat Europe - December 5-8 - Learn More

Black Hat Middle East & Africa - November 15-17 - Learn More

SecTor - Canada's IT Security Conference Oct 1-6 - Learn More

More Informa Tech Live Events

White Papers

Breaches Prompt Changes to Enterprise IR Plans and Processes

Five Best Practices for AWS Security Monitoring

Eight Best Practices for a Data-Driven Approach to Cloud Migration

Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Black Hat USA 2022 Attendee Report

Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-35942
PUBLISHED: 2022-08-12

Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data ...

CVE-2022-35949
PUBLISHED: 2022-08-12

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js con...

CVE-2022-35953
PUBLISHED: 2022-08-12

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patche...

CVE-2022-35956
PUBLISHED: 2022-08-12

This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgra...

CVE-2022-35943
PUBLISHED: 2022-08-12

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter ...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]