General
Effective SIEM: Less Turtle - More Awareness
January 12, 2012 Added by:John Linkous
SIEM tools are highly focused on events. Even in cases where a SIEM can look outside of the world of events at one or two other pieces of data - say, at network traffic - that’s still woefully inadequate. We certainly need events and network traffic data...
Comments (0)
Cybersecurity in Today's World
December 31, 2011 Added by:Larry Karisny
Curt Massey spent a 35-year career protecting our national security. His military service, civilian law enforcement, corporate security and military contracting experiences have imbued him with the unpleasant knowledge of our core vulnerabilities and a visceral drive to build a team capable of finding answers...
Comments (0)
The State of Solid State
December 21, 2011 Added by:Emmett Jorgensen
Solid state disks are more reliable because SSDs do not contain any moving parts. There are no read heads, actuator arms or spinning platters that can break down in an SSD. SSDs can be moved around freely while in use and have a higher tolerance against shock and vibration than HDDs...
Comments (1)
Gamers: Hackers Latest Hot Target
December 18, 2011 Added by:Josh Shaul
If you are a gamer and you use any online gaming network or service, please be vigilant and cautious. Don't click on any offer that comes in via email, and don't signing up for anything gaming related unless you are doing so direct from the software manufacturer or gaming network...
Comments (0)
Analysis of the October 2011 Oracle CPU Database Patches
October 19, 2011 Added by:Alexander Rothacker
Oracle released its October Critical Patch Update with 57 vulnerabilities across multiple products. This low number of patches continues a trend where Oracle appears to be losing focus on database security, probably due to the many new products offerings and acquisitions...
Comments (0)
The Next Generation of Non-Volatile Memory
October 12, 2011 Added by:Emmett Jorgensen
When will manufacturers stop using Flash as the primary storage? Consider that in 2002 many experts assumed that Flash cells would not be stable when scaled past 45nm and predicted that it would need to be replaced by 2010. We know now that those predictions proved to be false...
Comments (4)
Data Loss Prevention – Technology is Just the Start
October 12, 2011 Added by:Simon Heron
The trouble is that technology is just one element of the solution. There is little doubt that while DLP software and devices can help, there is no single solution that can encompass all aspects of DLP, as different types of data have different threats and hence need different controls...
Comments (1)
Why Less Log Data is Better
October 05, 2011 Added by:Danny Lieberman
One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...
Comments (1)
Why Data Centers Need SSAE 16
September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA
SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...
Comments (4)
Small Business Slow to Adopt Data Backup Systems
September 29, 2011 Added by:Headlines
"Business owners will need to understand what the cloud is and what it can do for their businesses in the areas of cost control, data security, data protection, accessibility, efficiency and productivity to facilitate a smooth running technological platform for their business..."
Comments (0)
Blumenthal Bill Bumps Up Fines for Security Breaches
September 18, 2011 Added by:David Navetta
Richard Blumenthal (D-CT) introduced bill that would levy significant penalties for identify theft and other “violations of data privacy and security,” criminalize software that collects “sensitive personally identifiable information” without clear and conspicuous notice and consent...
Comments (0)
Nine Reasons Why You're Not Ready for DLP
August 31, 2011 Added by:Stephen Marchewitz
No matter what you are told, simply writing a check to a software vendor and installing some code will not prevent all data loss. Depending on the intricacies of the organization, the money that DLP solutions require may likely be better spent on other security initiates...
Comments (0)
The Urban Legend of Multipass Hard Disk Overwrite
August 28, 2011 Added by:Brian Smithson
Multipass disk overwrite and the “DoD 5220-22-M standard 3-pass wipe” are, at best, urban legends. At worst, they are a waste of time. A single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable...
Comments (6)
The Dangers of Second Hand Hard Drives
August 24, 2011 Added by:Emmett Jorgensen
Whether you are planning on selling, recycling or throwing away your old hard drives, you should always consider using one of these solutions: destruction, degaussing, or secure data erasure. Otherwise, there's no telling whose hands you data may end up in...
Comments (2)
Anonymous Conspiracies That Never Materialize
August 12, 2011 Added by:Scot Terban
Data dumps without context have no real intelligence worth. While this stuff is interesting, it’s certainly not earth shattering. What’s worse is that it makes you all look more and more like the boy who cried wolf than the Deep Throat. This is why I keep harping on Anonymous...
Comments (0)
Native Auditing In Modern Relational Database Management
August 03, 2011 Added by:Alexander Rothacker
Modern databases provide powerful built-in auditing capabilities that are often underestimated. There are downsides of native auditing like the ability for a malicious user to manipulate the audit trail. Overall, this feature allows customers to monitor database activity at a very granular level...
Comments (3)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)