Security Training
On MSSP Personnel
October 30, 2014 Added by:Anton Chuvakin
A wise CSO once told me that in order to outsource a security process (such as security monitoring or device management) and achieve a great result, you have to know precisely how a great process of that kind looks like.
Comments (2)
Compliance-Based Infosec Vs Threat-Based Infosec
October 29, 2014 Added by:Brent Huston
Compliance-based infosec, when implemented correctly, is really the best kind of defense there is. The problem is, the only place I’ve ever seen it really done right is in the military.
Comments (0)
Healthcare Data Today: In Motion or Out of Control?
October 28, 2014 Added by:Patrick Oliver Graf
From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge.
Comments (0)
On MSSP SLAs
October 28, 2014 Added by:Anton Chuvakin
SLAs play a role here as well, and – you guessed it – what you need here also depends on the maturity of your change management processes.
Comments (0)
Distinguishing Acts of War in Cyberspace
October 27, 2014 Added by:Stefano Mele
Determining an act of war in the traditional domains of land, sea, and air often involves sophisticated interactions of many factors that may be outside the control of the parties involved.
Comments (1)
Cyber Security Careers: What You Need To Know To Advance In The Security Field
October 23, 2014 Added by:Tripwire Inc
Skilled people make the difference in protecting sensitive data, so it’s more critical than ever that public and private sectors begin training and hiring cyber security professionals.
Comments (1)
6 Actions Businesses Should Take During Cyber Security Awareness Month
October 22, 2014 Added by:Rebecca Herold
October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.
Comments (0)
Hacker Myths Debunked
October 20, 2014 Added by:Tripwire Inc
Ethical hacking can improve the security of various products, whereas malicious hacking seeks to undermine data integrity. It’s how people hack which shapes the nature of a particular incident.
Comments (0)
Acting on MSSP Alerts
October 16, 2014 Added by:Anton Chuvakin
Security incidents call for an immediate incident response (by definition), while alerts need to be reviewed via an alert triage process in order to decide whether they indicate an incident, a minor “trouble” to be resolved immediately, a false alarm or a cause to change the alerting rules in order to not see it ever again.
Comments (0)
Introducing the Shoulders of InfoSec Project
October 15, 2014 Added by:Jack Daniel
In information security we have a very bad habit of ignoring the past; many times it isn’t even a failure to remember, it is a failure to ever have known who and what came before.
Comments (0)
Do Not Jump To Conclusions
October 08, 2014 Added by:PCI Guru
The take away from this post is to think through the implications of the Council’s directives before you go off advising organizations that certain technologies are not PCI compliant
Comments (0)
Shellshock(ed)? How Did Your Security Program Do?
October 07, 2014 Added by:Tripwire Inc
All we should hear from security professionals is glee as their well-oiled machines switch into gear and they get to prove that they are able to operate at times when mere mortals quake in fear. For many though this is not the reality.
Comments (0)
Critical Vulnerability Kills Again!!!
October 06, 2014 Added by:Anton Chuvakin
Do not make your security architecture solely reliant on patching. Big vulnerabilities will happen and so will zero-days, so make sure that your entire security architecture does not crumble if there is one critical vulnerability: do defense in depth, layers, “least privilege”, controls not reliant on updates, monitoring, deception, etc.
Comments (0)
Accepting Identity Theft
October 06, 2014 Added by:Brent Huston
I can recall a time when I wasn’t concerned about data theft. Eventually, buzz words such as “breach” and “identity theft” became a regular part of my vocabulary.
Comments (0)
Five Anti-Analysis Tricks That Sometimes Fool Analysts
October 02, 2014 Added by:Malwarebytes
No malware author wants an analyst snooping around their code, so they employ tricks to inhibit analysis.
Comments (1)
Data Privacy Smoke and Mirrors
October 01, 2014 Added by:Dan Dieterle
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
Comments (0)
- Digital Reputation: Can’t Buy it, Gotta Earn It
- Two-Factor Authentication Transforms Even ‘123456’ Into a Secure Password
- Interview with Accuvant co-founder Dan Wilson
- Suits and Spooks DC 2015: The Agenda - Last Chance to Register
- Thought Experiment: Mandatory Online Banking Security Standards
- Defeat The Casual Attacker First!!
- New Legislation on Threat Intelligence Sharing May Have a Chance
- Google Says It’s Not Practical to Fix Flaws in Pre-KitKat Android
- Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
- Looking Logically at Legislation