Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
3 Security Measures That Can Actually Be Measured
Newest First  |  Oldest First  |  Threaded View
BigIng123
50%
50%
BigIng123,
User Rank: Apprentice
9/28/2020 | 11:03:33 AM
We need more security measures
I thought that creating a strong and different password and not installing the unknown soft is enough to remain safe online. But I've found that list lately https://utopia.fans/security/checklist-of-necessary-security-measures-on-the-internet/ and understood that there are much more security measures to follow. It's a pity not many people know and care about it.
Octerain
0%
100%
Octerain,
User Rank: Strategist
4/5/2018 | 1:55:19 AM
Re: More abstract nonsense about metrics
Yes rfra, this is what they call "modern reporting". You talk a lot and then say very little. I agree that measure and metrics versus reports and statistics are what we should be doing, but very little is provided in real IP or solutions that others can interpret and implement. The pragmatics will side versus the academics. The one with the eloquent speech will get the budget.
rfra
80%
20%
rfra,
User Rank: Apprentice
4/3/2018 | 3:34:56 PM
More abstract nonsense about metrics
You should re-title this article to "3 non-specific pipe dream ideas for which I present nothing to actually measure".  I'm so sick of all this industry talk about security metrics and nobody ever produces actual useful examples.


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4626
PUBLISHED: 2020-11-30
IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362.
CVE-2020-4627
PUBLISHED: 2020-11-30
IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.
CVE-2020-4696
PUBLISHED: 2020-11-30
IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789.
CVE-2020-4900
PUBLISHED: 2020-11-30
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.
CVE-2020-4624
PUBLISHED: 2020-11-30
IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information.