The Control Policy Group

The biggest bugs are hiding in the system integration interfaces your integration team glued on the day before delivery. They go home, you get fired.

Read more

Excel is easy to use, but you can lose or destroy your data pretty easily. Although risk assessment standards such as ISO 27001 or PCI DSS 1.1 have a one dimensional hierarchical structure of controls – you can get into big trouble once you try and link controls to vulnerabilities, assets and threats. The model starts getting multi-dimensional and that’s where Excel breaks down quickly and you lose data integrity.

Read more

This article reviews the main areas for concern for protecting information assets from internal threats and vulnerabilities. It starts with an anecdote from an interview with a senior manager and concludes with a recommendation for implementing an approach to protect data directly (as opposed to commonly-used methods that attempt to protect the network and limit user permissions).

Read more

One of the most common problems a CIO/VP information technologies has is understanding what are the most effective security products.   The cost of evaluating a new security technology can be very high, and often an IT manager will need to take a decision to implement a particular type of product (for example two-factor authentication) before she knows if the products will be effective.

Read more

Abstract

Data loss prevention is a rapidly emerging network security technology area that has matured from simple regex-based Web / email content filtering products into products such as Fidelis Security Systems XPS that perform deep inspection of documents such as Microsoft Word and Adobe PDF with high levels of precision and recall.

Read more

Attack the attackers

I believe many people involved with IT security have a feeling of frustration that stems from continuously reacting to external forces: spam attacks, spyware attacks, insider threats, analyst reports and new product announcements. What should you do?

Consider the three basic tenets of IT Security

Read more

Tight development schedules often create serious software vulnerabilities.

The CEO committed to shipping June 1, the VP engineering is under the gun, the programmers know they are cutting corners, your resellers are getting ready to jump ship to your latest competitor. Is it worth it, knowing that the cost of fixing a bug in production software is 100X the cost of fixing it during the implementation process?

How can you eliminate vulnerabilities in your software at the source?

Read more

Control Policy Group in Warsaw is the first professional security consultant in Europe to become a qualified partner of PTA Technologies in Israel.

We are proud of this achievement and happy to collaborate with our esteemed colleagues at PTA.

We have created  PTA ISO 27001 library and contributed it to the risk expert community world-wide under a Creative Commons Attribution License in hope that it will help consulting colleagues like us be more productive in their risk assessment efforts.

Practical Threat Analysis is an important component in our  program of combating fraud and data loss attacks at large institutions in Poland and their management boards.

Our Business Threat Modeling methodology functions on risk-economic basis in Euro – evaluating a firm’s risk using a structured PTA database of multiple dimensions and complex relationships between vulnerabilities, threats, assets and security controls.

Contact us today for a free consultation on managing data loss and fraud risk. We always are looking for interesting projects.