Operations

2/5/2018
02:00 PM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

7 Ways to Maximize Your Security Dollars

Budget and resource constraints can make it hard for you to meet security requirements, but there are ways you can stretch your budget.
1 of 8

Image Source:  lovelyday12

Image Source: lovelyday12

1 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Michael Lines
0%
100%
Michael Lines,
User Rank: Author
2/15/2018 | 3:07:00 PM
And start with risk...
All good points in terms of what companies can do to maximize the effectiveness of their security program. The item I would add, and suggest should be step one, is to view their security program through the lens of risk. What are the critical assets of the company (which can be data, business processes or systems), what are the most likely threats to those assets, what vulnerabilities exist against likely attacks, and finally what are the ramifications from a successful attack. From that, the CISO can develop a list of actions to close the gaps, prioritized by their risk score. Risk assessment and ongoing management allow the cash, time and staff-strapped CISO to make the most use of the limited resources they have to reduce the overall risk to the enterprise, and perhaps even more important, be able to justify what they are doing and why to their leadership and regulators. 
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AI,  8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.