What is vulnerability management?

Vulnerability management is the practice of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. Vulnerability management is integral to information security and information systems — and despite the similarity in terms, it is not the same as vulnerability scanning. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Scanning is an important component of vulnerability management, but it is…

Threat Management: Managing Alerts, Vulnerabilities and Incidents

Introduction There’s lots of language challenges when talking about alerts, vulnerabilities and incidents.  It’s a common error to speak about vulnerabilities when you are really referring to “vulnerability alerts”. Furthermore, a common confusion comes from talking about “incidents” when a vulnerability is found in a system.  A vulnerability can cause an incident when exploited –…

SANS Incident Response Planning

Below is a brief summary of the process, and in the following sections we’ll go into more depth about each step: Preparation—review and codify an organizational security policy, perform a risk assessment, identify sensitive assets, define which are critical security incidents the team should focus on, and build a Computer Security Incident Response Team (CSIRT).…

drawers in a bank symbolising a database

The Future of IoT is Blockchain

Imagine that you came across a beautiful piece of art on the Internet. You were mesmerised by it and immediately wanted to thank the artist by sending them a message about how they had inspired you and how well they had done. Midway through typing the message, you realise that a few words might not…

Encryption, Hashing and Salting

Encryption, Hashing and Salting Encryption and Hashing both serve different functions despite their similarities Yet the favourite information security interview question are are often: “Do you know the difference between encryption and hashing? Do you know what salting is? Do you think salting your hash is something to do with breakfast? Jokes aside, if you…

Favourite Network Security Interview Questions.

Our Favourite Network Security Interview Questions If you are aspiring to ace your Network security interview in the first go, you need to be prepared well. To help you in your interview preparation, here we bring the most frequently asked network security interview questions. Just go through these questions and answers, and be confident to…

Good reporting – How to get it right.

So what makes a good report? Here’s the eleven key priority areas, I’d suggest we need to focus on when writing reports. Simplicity Clarity Brevity Positivity Punctuation Approach Readability Accuracy Logical Sequence Proper Form Simplicity – Make it simple Let’s look at these in more detail: Simplicity Keep it as simple as possible – so…

Signs you could be suffering work burnout

Struggling to sleep or having difficulty getting up? Feeling like your work is pointless, a low mood, or lack of interest in what you do? It’s probably burnout. There’s plenty of work-related stress in our lives, but this is a normal reaction to factors such as occasional stressful deadlines or an unusually heavy workload.  Burnout…

Why you need to Inspect TLS Traffic

Working from home has made data security even more challenging for security managers, but finding the balance between user privacy  over TLS inspection versus the risks of not inspecting encrypted traffic is a perenial issue. Everyone I speak with, from architects to CISOs, wants to be able to inspect their company’s encrypted traffic between the…