Latest Blog Posts


Tips for Writing Good Security Policies

November 13, 2014 Added by:Brent Huston

Almost all organizations dread writing security policies. When I ask people why this process is so intimidating, the answer I get most often is that the task just seems overwhelming and they don’t know where to start.

Comments  (3)


How Can ICS Cyber Security Risk be Quantified and What Does it Mean to Aurora

November 13, 2014 Added by:Joe Weiss

Risk is defined as frequency times consequence. There is little information on frequency of ICS cyber attacks.

Comments  (1)


How to Steal Data From an Airgapped Computer Using FM Radio Waves

November 12, 2014 Added by:Tripwire Inc

More and more organisations today have some airgapped computers, physically isolated from other systems with no Internet connection to the outside world or other networks inside their company.

Comments  (0)


Three Danger Signs I Look for when Scoping Risk Assessments

November 12, 2014 Added by:Brent Huston

Scoping an enterprise-level risk assessment can be a real guessing game.

Comments  (0)


ISPs Removing Their Customers' Email Encryption

November 11, 2014 Added by:Electronic Frontier Foundation

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted

Comments  (1)


First Victims of the Stuxnet Worm Revealed

November 11, 2014 Added by:InfosecIsland News

Kaspersky Lab today announced that after analyzing more than 2,000 Stuxnet files collected over a two-year period, it can identify the first victims of the Stuxnet worm.

Comments  (0)


7 Security Threats You May Have Overlooked

November 11, 2014 Added by:Patrick Oliver Graf

In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks.

Comments  (0)


Preventing and Recovering From Cybercrime

November 10, 2014 Added by:Pierluigi Paganini

Prevention means to secure every single resource involved in the business processes, including personnel and IT infrastructure.

Comments  (2)


What Makes a Good Security Audit?

November 10, 2014 Added by:Electronic Frontier Foundation

In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.

Comments  (0)


Data Breaches are a Global Problem

November 06, 2014 Added by:Brent Huston

For those of you who maybe just thought that data breaches were only happening against US companies, and only by a certain country as the culprit, we wanted to remind you that this certainly isn’t so.

Comments  (4)


MSSP: Integrate, NOT Outsource!

November 06, 2014 Added by:Anton Chuvakin

My early research conversations with both MSSP customers and providers themselves reveal the theme: those who think “integrate, NOT outsource” usually get much more value out of the MSSP relationship.

Comments  (0)


Remote Access No More: Reddit Requires Worker Relocation Before End of Year

November 05, 2014 Added by:Patrick Oliver Graf

To make sure remote workers are able to safely access their corporate network, administrators need to make sure that all endpoints – the company-owned devices employees use for remote work – are secure.

Comments  (1)


Can Hackers Get Past Your Password?

November 05, 2014 Added by:Steve Durbin

Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.

Comments  (2)


Risk Management is more than a Risk Assessment

November 04, 2014 Added by:Rebecca Herold

Every business, no matter how small, needs to have a risk management process in place to be able to effectively mitigate information security risks.

Comments  (1)


Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls

November 04, 2014 Added by:Electronic Frontier Foundation

In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker.

Comments  (1)


Ask The Experts: Why Do Security Testing of Internal Computer Networks?

November 03, 2014 Added by:Brent Huston

It is true that the most attacks against information systems come from external attackers, but that does not mean the internal threat is negligible.

Comments  (3)

« First < Previous | 2 - 3 - 4 - 5 - 6 | Next > Last »