There’s lots of wisdom compressed into 140 characters each. Here are the best security tips from the contest, listed in reverse chronological order:
@clay_keller all data encrypted at rest & in transit. Daily vulnerability scanning & app layer firewalls. Required code scans.
@danielkennedy74 Upgrade your IE 6.0 installation.
@danielkennedy74 Block network access to and for all IP’s originating in China.
@danielkennedy74 If you’re not documenting your IT controls & demonstrating compliance with regulatory requirements, you’re not showing due care
@danielkennedy74 You can’t fix what you don’t know about, ensure a strategy for vuln mgmt, app. scanning, & policy compliance is in place
@danielkennedy74 Prioritize application patches right alongside those for the OS in your patch management cycle, and don’t forget the Macs,Unix
@danielkennedy74 Ensure your cloud provider SLA covers forensic investigation, notification of data breach, monitoring and audit capabilities.
@Shpantzer The datacenter exists to serve the client side, the most secured cloud is compromised by the endpoint
@davidmostardi Defense-in-depth is only path to security. Firewall & Layer7 inspection & AV & OS patches & user education & good sysadmins!
@TriumphCISO Computing Tip: Select vendors strong in Security-as-a-Service with best practices closely aligned with your company’s.
@OwlPoint tip: Ensure u have strong IT Governance Policies & Processes. Clouds make it easy 4 BU’s & departments to bypass IT
@TriumphCISO Computing Tip: Select domestic vendors as the legalities are daunting when breaches occur at the international level.
@TriumphCISO Computing Tip: Know where your data resides! Stipulate it remains in your country or in your custody regardless.
@TriumphCIO Computing Tip: verify #security delivery of your 3rd party cloud vendors, ideally via neutral testing vendor/analyst
@TriumphCISO Computing Tip: Get what you pay for!! Go with a high-end service provider with an established security record.
@TriumphCISO Computing Tip: Check an international vendor for European Safe Harbor accreditation as well.
@TriumphCISO Computing Tip: Check a vendor has been accredited meeting SAS 70 Type 2 and ISO 27001 security standards.
@TriumphCISO Computing Tip: Delegate duties your admins and service provider’s no 1 has free access across all security layers.
@TriumphCISO Computing Tip: Encrypt data at rest and in transit; otherwise, don’t put sensitive information in the cloud.
@TriumphCISO Computing Tip: Find out as much as you can about a SaaS provider’s security measures and infrastructure –