January 30, 2012 Added by:Security BSides
“Events like BSides are essential to the information security industry and the professional development of current and future information security leaders. Being in a position to provide the necessary financial support to guarantee that BSidesSF takes place is a blessing..."
January 30, 2012 Added by:Ben Rothke
The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing...
January 30, 2012 Added by:Jack Daniel
The RSA Conference organizers are enforcing a non-compete clause in their sponsor and exhibitor agreements which is forcing several Security BSides sponsors to withdraw their funding, leaving the free community-oriented BSidesSF event at risk...
January 29, 2012 Added by:Rafal Los
You just can't avoid it, so I had to write it. The escalation of rhetoric has gone past media hype and has spilled over into mainstream politics, and now onto the lips of people who should really know better than to perpetuate some of this madness...
January 29, 2012 Added by:Danny Lieberman
Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...
January 29, 2012 Added by:Jim Palazzolo
Policy development must be constructed around conversations that will take place during an attack, and reinforced after the policy has been deployed. Re-training of individuals on security awareness will help to decrease the amount of risk involved in day-to-day operations...
January 28, 2012 Added by:Bozidar Spirovski
Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...
January 28, 2012 Added by:Rafal Los
If you can't be good, be cheap - the battle cry of the second-rate vendor. After spending 4 years as part of a world-class sales organization, I can tell you that with no uncertainty that I've seen some of my competitors do some absolutely insane things to compete...
January 28, 2012 Added by:Robert Siciliano
You may be aware of the uber techie bad boy hackers of Anonymous/LulzSec/AntiSec/WikiLeaks/ScriptKiddies and the organized web mobs of the world. Did you know they have wreaked havoc to the degree that almost a billion records have been compromised?
January 27, 2012 Added by:Fergal Glynn
January 15th was the 10th anniversary of Gates Trustworthy Computing memo. I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny. I hope you enjoy...
January 27, 2012 Added by:Simon Heron
The pace of technological innovation is getting faster. At the same time, the work place is changing significantly, driven by organizations’ need to be more competitive and efficient. These two factors mean that there is a lot of change on the horizon for 2012...
January 27, 2012 Added by:Security BSides
We initially received an overwhelming response from sponsors, but were recently notified that companies which sponsor RSA cannot sponsor another event in a five mile radius. If RSA enforces this, we could lose 90% of our funding and may not have an event in a few weeks...
January 27, 2012 Added by:Rafal Los
I'm willing to bet that if you went down the list of all the security policies that your organization has, there would be at least a few that you break based on the 'this doesn't apply to me, I know better' principle. This is also know in psychology as the "God Complex"...
January 26, 2012 Added by:Alan Woodward
We are now entering a new era where we have programmable, relatively inexpensive, small, quantum computers visible on the horizon, and we know that such computers have the potential to undermine the mathematics upon which current public-key encryption depends...
January 26, 2012 Added by:Andrew Weidenhamer
"The PCI system is less a system for securing customer card data than a system for raking in profits for the card companies via fines and penalties. Visa and MasterCard impose fines on merchants even when there is no fraud loss at all, simply because the fines are profitable...”
January 26, 2012 Added by:Danny Lieberman
In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013