Enterprise Security
Who Are You Preaching to Anyway?
May 16, 2012 Added by:Neira Jones
Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...
Comments (0)
FBI Guidance of Combating the Insider Threat
May 15, 2012 Added by:Infosec Island Admin
The thief who is harder to detect and who could cause the most damage is the insider — the employee with legitimate access. They may steal solely for personal gain or be a “spy”—someone who is stealing company information or products in order to benefit another organization or country...
Comments (0)
Why Security Through Obscurity Still Does Not Work
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
Comments (0)
Federal Charges Filed in Case Involving Theft of Trade Secrets
May 14, 2012 Added by:Headlines
The indictment alleges that Janice Kuang Capener took information related to customers and the pricing and sales of products without authorization from secure Orbit databases, and used that information for herself and others to the economic detriment of the company...
Comments (0)
The Importance of Mobile Device Management for Enterprise Security
May 14, 2012 Added by:Drayton Graham
Almost everyone has their own mobile phone these days, nd they are quickly becoming a necessity in business. In order to enable the kind of freedom BYOD brings, the corporate network and data needs to be protected. Mobile Device Management is a solution that will help with this...
Comments (1)
Communication is King in E-Discovery Matters
May 10, 2012 Added by:Bill Gerneglia
A common vocabulary is certainly emerging making dialog between counsel and technologists productive and effective. However, equally important is that lawyers engage their client’s technology team in dialog on e-discovery issues because when counsel fails, the fall out can be costly...
Comments (0)
What Infosec Can Learn from Enron
May 09, 2012 Added by:Beau Woods
Auditors aren't the sole authoritative voice, and they can be fooled or coerced like anyone else. Too often internal and external auditors are trusted as the arbiters of right and wrong. This can fail an organization if executives don't understand the role auditors should play...
Comments (0)
Big Boy Politics: Rep. Frank Wolf Demonstrates
May 09, 2012 Added by:Joel Harding
Congressman Wolf, why don’t you establish a program, for the sake of national security, inspecting equipment originating from outside the US, looking for embedded malicious code and backdoors as well as inspecting software updates for that equipment for the same?
Comments (0)
Aren’t all Security Professionals Evangelists?
May 09, 2012 Added by:Andrew Weidenhamer
I often wonder is Evangelist the right title for some individuals. Considering that the main audience for a “Security Evangelist” is the security community, I’m not entirely sure how much conversion is actually happening as we all understand the importance of security...
Comments (2)
Legislation Would Stick Business with Cyberwar Costs
May 08, 2012 Added by:Headlines
"The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes... If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything..."
Comments (2)
Cybersecurity Risks in Public Companies: An Infographic
May 07, 2012 Added by:Fergal Glynn
Following new SEC guidance issued relating to disclosure of security risks in company filings, public companies are beginning to be measured by regulators and investors on the strength of their security solution and ability to protect intellectual property and customer data...
Comments (1)
The CERT Guide to Insider Threats
May 07, 2012 Added by:Ben Rothke
While there are many books on important security topics such as firewalls, encryption, identity management and more, The CERT Guide to Insider Threats is the one of the first to formally tackle the devastating problem of trusted insiders who misappropriate data...
Comments (0)
BYOD is really BYOPMD
May 07, 2012 Added by:Phil Klassen
BYOD should make the security society very nervous. For those who still believe that personal devices will never be a part of your network, remember, never say never. Regardless if non-corporate devices have accessed your network or not, the first step is acceptable use policy...
Comments (2)
Understanding Trust
May 07, 2012 Added by:Kevin W. Wall
In computer security, we should strive to make all trust relationships explicit and leave nothing to chance or misinterpretation. That's one key step in defining a trust model. At its core, information security is largely about the two goals of “ensuring trust” and “managing risk”...
Comments (0)
Project Enlightenment Attacks Reminiscent of Shady Rat
May 02, 2012 Added by:Headlines
“From a technical perspective, Project Enlightenment is another example of increasingly common cyber espionage activities. While the attack method was simple, it successfully compromised dozens of organizations and bypassed their existing security and detection measures...."
Comments (0)
Procrastination in Cybersecurity Legislation
April 30, 2012 Added by:Michelle Valdez
Congress is procrastinating with regards to cybersecurity legislation. The debates will continue about regulation and authorities and privacy rights but in the end, we all need to come together and find the best way to share threat data so that we can protect critical networks...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?