vendor

vendors

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes?

Leave a Comment / CEHv11 / By

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Option 1 : Vendors risk management Option 2 : Patch management Option 3 : Secure development lifecycle Option 4 : Security awareness training …

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Read More »

CISSP Vendor, Consultant, and Contractor Agreements and Controls- Bk1D1T8St4

Vendor, Consultant, and Contractor Agreements and Controls Many organizations require expertise or talent that does not exist inside their organizations. These relationships may exist for goods or services, but both types of acquisition open the organization to risk. Ensuring that these relationships do not expose the organization’s sensitive information requires integrating the vendors, contractors, and consultants into the larger organizational security framework. Industrial Espionage Many organizations that rely on contractors have multiple contractors working side …

CISSP Vendor, Consultant, and Contractor Agreements and Controls- Bk1D1T8St4 Read More »

ISO-27001-Annex-A.12.5-Control-of-Operational-Software

ISO 27001 Annex : A.12.5 Control of Operational Software

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.5 Control of Operational Software Its objective is to ensure operating system integrity. A.12.5.1  Installation of Software on Operational Systems Control- To control the installation of software on operating systems, procedures should be implemented. Implementation Guidance- To control changes in software on operational systems, the following guidelines should be considered: Trained administrators should only upgrade operational software, applications and libraries upon appropriate management permission; Only approved executable code and non-developed code …

ISO 27001 Annex : A.12.5 Control of Operational Software Read More »