Qualys Blog


Best of the Qualys Security Tips Twitter Contest

Congratulations to the three winners of the Qualys Security Tips Twitter contest: @TriumphCISO, @davidmostardi, and @danielkennedy74! We hope you each are enjoying your iPod Shuffle.

There’s lots of wisdom compressed into 140 characters each. Here are the best security tips from the contest, listed in reverse chronological order:

@clay_keller all data encrypted at rest & in transit. Daily vulnerability scanning & app layer firewalls. Required code scans.

@danielkennedy74 Upgrade your IE 6.0 installation.

@danielkennedy74 Block network access to and for all IP’s originating in China.

@danielkennedy74 If you’re not documenting your IT controls & demonstrating compliance with regulatory requirements, you’re not showing due care

@danielkennedy74 You can’t fix what you don’t know about, ensure a strategy for vuln mgmt, app. scanning, & policy compliance is in place

@danielkennedy74 Prioritize application patches right alongside those for the OS in your patch management cycle, and don’t forget the Macs,Unix

@danielkennedy74 Ensure your cloud provider SLA covers forensic investigation, notification of data breach, monitoring and audit capabilities.

@Shpantzer The datacenter exists to serve the client side, the most secured cloud is compromised by the endpoint

@davidmostardi Defense-in-depth is only path to security. Firewall & Layer7 inspection & AV & OS patches & user education & good sysadmins!

@TriumphCISO Computing Tip: Select vendors strong in Security-as-a-Service with best practices closely aligned with your company’s.

@OwlPoint tip: Ensure u have strong IT Governance Policies & Processes. Clouds make it easy 4 BU’s & departments to bypass IT

@TriumphCISO Computing Tip: Select domestic vendors as the legalities are daunting when breaches occur at the international level.

@TriumphCISO Computing Tip: Know where your data resides! Stipulate it remains in your country or in your custody regardless.

@TriumphCIO Computing Tip: verify #security delivery of your 3rd party cloud vendors, ideally via neutral testing vendor/analyst

@TriumphCISO Computing Tip: Get what you pay for!! Go with a high-end service provider with an established security record.

@TriumphCISO Computing Tip: Check an international vendor for European Safe Harbor accreditation as well.

@TriumphCISO Computing Tip: Check a vendor has been accredited meeting SAS 70 Type 2 and ISO 27001 security standards.

@TriumphCISO Computing Tip: Delegate duties your admins and service provider’s no 1 has free access across all security layers.

@TriumphCISO Computing Tip: Encrypt data at rest and in transit; otherwise, don’t put sensitive information in the cloud.

@TriumphCISO Computing Tip: Find out as much as you can about a SaaS provider’s security measures and infrastructure –

Leave a Reply