Information Security
On Cloud Adoption
January 02, 2013 Added by:Ben Kepes
One of my regular themes when talking about the cloud are the barriers to adoption or, to put it more coarsely, how we can remove the friction and allow more organizations to enjoy the benefits that the cloud can bring. It’s an area that a number of my colleagues talk about also – we pundits have the advantage of time to explore and enjoy the benefits that cloud brings, but we remain aware of ...
Comments (0)
What's Next For BYOD - 2013 And Beyond
December 30, 2012 Added by:Ian Tibble
The business case is inconclusive, with plenty in the "say no to BYOD" camp. The security picture is without foundation - we have a security nightmare with user devices, regardless of who owns the things...
Comments (0)
Executive Viewpoint 2013: Avecto
December 29, 2012 Added by:Paul Kenyon
With technology now available that allows even a true administrator to log in with standard user rights and do their role without ever needing a privilege account, we will start to see more and more organizations adopt a least privilege approach to computing...
Comments (1)
Security Resolutions for the New Year
December 28, 2012 Added by:Allan Pratt, MBA
As the New Year approaches, have you thought about your New Year’s resolutions? As a member of the information security industry, I would like to share five resolutions that you should definitely add to your list...
Comments (0)
Would a Malware BuyBack Program Work?
December 27, 2012 Added by:Jeffrey Carr
Most malware writers just want to be paid for their research; something that isn't happening frequently enough or at a rate that's considered fair by the researchers. As a result, some of those researchers are exploring grey markets in offensive malware development or are selling 0-days to clients...
Comments (1)
ISMS Certification Does Not Equal Regulatory Compliance
December 27, 2012 Added by:Rebecca Herold
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
Comments (0)
Stuxnet is Back! No, new agencies have misunderstood
December 27, 2012 Added by:Pierluigi Paganini
Everytime news related to Stuxnet is spread on the Internet, immediately the worldwide security community writes on cyber war and the possible consequences of a cyber attacks, but what is really happening this time?
Comments (0)
2013 - Year of the D(efense)
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
Comments (0)
The Obligatory 2013 Infosec Predictions Post
December 26, 2012 Added by:Simon Moffatt
Technology evolves so quickly that 12 weeks is an age when it comes to new ideas and market changes - and security is no different. However, the main areas I will personally be following with interest though, will be the BYOD/BYOA, personnel, preemptive security and social intelligence...
Comments (0)
Here’s How The Amazing Twitter Infosec Team Helps DevOps
December 25, 2012 Added by:Gene Kim
Want to see how infosec integrates into a DevOps work stream? Watch this fantastic talk by Justin Collins, Neil Matatall, and Alex Smolen from Twitter, called “Put Your Robots To Work: Security Automation at Twitter..."
Comments (0)
ESB Security Spotlighted At ZeroNights 2012
December 25, 2012 Added by:Alexander Polyakov
ERP systems, which store the information about finances, employees, materials, wages, and so on, are rightfully considered to be the most critical of such systems. Unauthorized access to those systems can lead to espionage, sabotage, or fraud...
Comments (0)
Prediction: BYOD May Go Away in 2013
December 25, 2012 Added by:Paul Kenyon
Considering this speed of change, taking a moment to reflect on the security risks ahead is not only prudent, but could save your organization from being blindsided. From my view, here's what I'd recommend organizations, from SMBs to the enterprise, prepare for in 2013...
Comments (3)
New attacks against banking, cyber Jihad or cyber warfare acts?
December 22, 2012 Added by:Pierluigi Paganini
The banking world must be prepared, it is one of the sectors that will be subject to a major number of attacks in next year, they are considered privileged targets for hacktivists, state sponsored hackers and cyber criminals...
Comments (1)
Bad Piggies, Graffiti and the IRT
December 21, 2012 Added by:Fergal Glynn
Chrome users have almost no way of evaluating the trustworthiness of Chrome extension publishers because Google doesn’t have any reputation ranking system, nor does it review applications and extensions before they’re published...
Comments (0)
Migrating South: The Devolution Of Security From Security
December 20, 2012 Added by:Ian Tibble
Is the typical security portfolio of system administrators wide enough to form the foundations of an effective information security program? Not really. In fact its some way short. Security Analysts need to have a grasp not only on file system permissions, they need to know how attackers actually elevate privileges...
Comments (0)
Refresher Series - Capturing and cracking SMB hashes with Cain and Half-LM rainbow tables.
December 20, 2012 Added by:f8lerror
On to the fun stuff, to capture a hash we want to use the Metasploit capture SMB auxiliary module, which is located in auxiliary/server/capture/smb. Leave the default settings with the exception of the CAINPWFILE. Set this to output the file where ever you like...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers