Information Security
Security BSides San Francisco 2012 Will Live On!
January 30, 2012 Added by:Security BSides
“Events like BSides are essential to the information security industry and the professional development of current and future information security leaders. Being in a position to provide the necessary financial support to guarantee that BSidesSF takes place is a blessing..."
Comments (1)
Metasploit: The Penetration Tester's Guide
January 30, 2012 Added by:Ben Rothke
The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...
Comments (1)
BSides San Francisco Feels RSA Conference Pressure
January 30, 2012 Added by:Jack Daniel
The RSA Conference organizers are enforcing a non-compete clause in their sponsor and exhibitor agreements which is forcing several Security BSides sponsors to withdraw their funding, leaving the free community-oriented BSidesSF event at risk...
Comments (0)
All Out Cyber War: Analysis of the Middle-Eastern Conflict
January 29, 2012 Added by:Rafal Los
You just can't avoid it, so I had to write it. The escalation of rhetoric has gone past media hype and has spilled over into mainstream politics, and now onto the lips of people who should really know better than to perpetuate some of this madness...
Comments (4)
Compliance and Security Trends
January 29, 2012 Added by:Danny Lieberman
Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...
Comments (0)
Social Engineering: Don't Talk to Strangers
January 29, 2012 Added by:Jim Palazzolo
Policy development must be constructed around conversations that will take place during an attack, and reinforced after the policy has been deployed. Re-training of individuals on security awareness will help to decrease the amount of risk involved in day-to-day operations...
Comments (0)
A Failed Attempt at Optimizing an Infosec Risk Assessment
January 28, 2012 Added by:Bozidar Spirovski
Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...
Comments (3)
Spending Your 2012 IT Security Budget - Beware of Cheap
January 28, 2012 Added by:Rafal Los
If you can't be good, be cheap - the battle cry of the second-rate vendor. After spending 4 years as part of a world-class sales organization, I can tell you that with no uncertainty that I've seen some of my competitors do some absolutely insane things to compete...
Comments (3)
Five Tips on How to Prevent the Next Data Breach
January 28, 2012 Added by:Robert Siciliano
You may be aware of the uber techie bad boy hackers of Anonymous/LulzSec/AntiSec/WikiLeaks/ScriptKiddies and the organized web mobs of the world. Did you know they have wreaked havoc to the degree that almost a billion records have been compromised?
Comments (0)
Tenth Anniversary of Gates Trustworthy Computing Memo
January 27, 2012 Added by:Fergal Glynn
January 15th was the 10th anniversary of Gates Trustworthy Computing memo. I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny. I hope you enjoy...
Comments (0)
IT Security Issues for 2012
January 27, 2012 Added by:Simon Heron
The pace of technological innovation is getting faster. At the same time, the work place is changing significantly, driven by organizations’ need to be more competitive and efficient. These two factors mean that there is a lot of change on the horizon for 2012...
Comments (0)
Urgent: Help Us Save Security BSides San Francisco
January 27, 2012 Added by:Security BSides
We initially received an overwhelming response from sponsors, but were recently notified that companies which sponsor RSA cannot sponsor another event in a five mile radius. If RSA enforces this, we could lose 90% of our funding and may not have an event in a few weeks...
Comments (3)
Psychology of Information Security - The God Complex
January 27, 2012 Added by:Rafal Los
I'm willing to bet that if you went down the list of all the security policies that your organization has, there would be at least a few that you break based on the 'this doesn't apply to me, I know better' principle. This is also know in psychology as the "God Complex"...
Comments (4)
The Emerging Threat to Public-Key Encryption
January 26, 2012 Added by:Alan Woodward
We are now entering a new era where we have programmable, relatively inexpensive, small, quantum computers visible on the horizon, and we know that such computers have the potential to undermine the mathematics upon which current public-key encryption depends...
Comments (0)
Restaurant Challenges US Bank and PCI DSS after Seizure of Funds
January 26, 2012 Added by:Andrew Weidenhamer
"The PCI system is less a system for securing customer card data than a system for raking in profits for the card companies via fines and penalties. Visa and MasterCard impose fines on merchants even when there is no fraud loss at all, simply because the fines are profitable...”
Comments (1)
Security is in the Cracks
January 26, 2012 Added by:Danny Lieberman
In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)