Mobile and BYOD can increase productivity and agility, but can also allow end-users (or malicious users) to poke a thousand little holes in an organization’s defenses. Gaps or oversights in policy, process, training, and awareness can leave your company open to an unacceptable level of risk.
Getting past "fear-based" budgeting and focusing on the true cost of a breach can help management see security as something other than a "cost center". Here's some tips on how to make a business case for IT security.
Recently, the PCI Security Standards Council provided QSAs with a preview of some upcoming changes to the Data Security Standard (DSS) regarding the use of Secure Socket Layer v 3.0 (SSL) and its suitability for protection of payment card data; since then our QSA team has been awaiting an official pronouncement to clarify the scope and impact of the proposed changes.
Monika Morrow will be speaking at Bugcrowd Bug Bash during OWASP Bug Week tomorrow Wednesday December 10, 2014 7:00pm at Bugcrowd HQ in San Francisco.
Training is essential to the secure development life-cycle and the advancement of trustworthy computing.
Robert Imhoff will be speaking at (ISC)2 Security Congress at the upcoming 2014 conference to be held September 29th - October 2nd in Atlanta.
AppSec Consulting will be exhibiting in the Vendor Showcase at the 2014 North American PCI-SSC Community Meeting in Orlando, FL. The meeting is from September 9-11, we hope to see you there...
AppSec Consulting Sponsoring theSummit EFF Fundraiser