December 12, 2011 Added by:Rafal Los
It's important to understand what your company does and then figure out what the critical bits are. Sometimes it's your customer lists, or a secret ultra-high efficiency engine design, or the next big thing in stealth bombers. The point is that you simply need to know your business...
December 12, 2011 Added by:Andrew Weidenhamer
The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...
December 12, 2011 Added by:PCI Guru
Even if Square’s software encrypts the data, the underlying OS will also collect the data in cleartext. Forensic examinations of these devices have shown time and again that regardless of what the software vendor did, the data still existed in memory unencrypted...
December 11, 2011 Added by:Robert M. Lee
Cyber warfare took place long before the release of Stuxnet, but its release caused the world to realize the benefits of using a domain of warfare with limited entry costs and the possibility of non-attribution, which is the ability to operate without positively being connected to an operation...
December 11, 2011 Added by:Bill Gerneglia
“The face of cyber threats has rapidly evolved from curious college kids taking their hand at hacking to an enormous global ecosystem of cyber-crime. Companies need a comprehensive approach to security technology, education and awareness and a very small number have truly mastered all three...”
December 10, 2011 Added by:Kelly Colgan
As more shoppers turn to their laptop, iPads and mobile phones to get items crossed off their list, thieves are on the prowl to hack into systems to obtain customer information – email addresses, passwords, credit card data, PayPal account info, etc...
December 09, 2011 Added by:Rafal Los
At the end of the day, shouldn't we all be professionals? I know it's nice to think that everyone is honest - but as the infosec world expands and there is a massive influx of people trying to make a name for themselves - there will be dishonesty. This is where the community comes in...
December 09, 2011 Added by:Steven Fox, CISSP, QSA
This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...
December 08, 2011 Added by:Ben Rothke
Social media is now mainstream in corporate America, and the security and privacy issues around it are hot. In the past, many firms simply said no to social media at the corporate level. But that will no longer work, as social media isn’t a choice anymore, it’s a business transformation tool...
December 08, 2011 Added by:Nick Owen
Carriers are not incentivized to secure their users accounts. SMS is really just an email sent to a phone over a provider that barely cares about security. 99% of SMS messages don't require security so don't expect the carriers to add any soon...
December 08, 2011 Added by:PCI Guru
A number of clients recently prompted me on my take regarding Redirects and Reposts as they attempt to shrink their PCI compliance footprint as small as possible. A lot of them like the idea of the repost because it requires only a simple change to their existing e-Commerce sites...
December 08, 2011 Added by:Brent Huston
As explained in the maturity model post before, the closer the detection control is to the asset, the higher the signal to noise ratio it should be and the higher the relevance o the data should be to the asset being protected (Huston’s Postulate)...
December 08, 2011 Added by:Rafal Los
The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...
December 08, 2011 Added by:Scot Terban
Security is a “Zero Sum Game” - no matter what you do, no matter how many policies you have or blinking lights on an appliance that is alleged to keep out APT, in the end you really have not won the day. In fact, if you have not been hacked or abused that day, it was really just a fluke...
December 07, 2011 Added by:Dan Dieterle
A look at the top viruses for each country shows a lot of cookie based viruses. Which may or may not be real viruses, but the rates are high none the less. But how does this compare to what other vendors are finding?
December 06, 2011 Added by:Robert Siciliano
Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013