Information Security
Data Loss Prevention - Step 1: Know What's Important
December 12, 2011 Added by:Rafal Los
It's important to understand what your company does and then figure out what the critical bits are. Sometimes it's your customer lists, or a secret ultra-high efficiency engine design, or the next big thing in stealth bombers. The point is that you simply need to know your business...
Comments (0)
PCI DSS Risk SIG Announced: Results Will Be Interesting
December 12, 2011 Added by:Andrew Weidenhamer
The one that I am most interested in seeing is the results of is the Risk Assessment SIG. Although IT Risk Assessments has been a term that has been used for decades now, they are still rarely performed and almost always poorly when they are in regard to effectively considering threats...
Comments (0)
Merchant Beware – New Mobile Payment Solution in the Wild
December 12, 2011 Added by:PCI Guru
Even if Square’s software encrypts the data, the underlying OS will also collect the data in cleartext. Forensic examinations of these devices have shown time and again that regardless of what the software vendor did, the data still existed in memory unencrypted...
Comments (0)
The Control Systems Community and Cyber Warfare
December 11, 2011 Added by:Robert M. Lee
Cyber warfare took place long before the release of Stuxnet, but its release caused the world to realize the benefits of using a domain of warfare with limited entry costs and the possibility of non-attribution, which is the ability to operate without positively being connected to an operation...
Comments (1)
Measuring Information Security Effectiveness
December 11, 2011 Added by:Bill Gerneglia
“The face of cyber threats has rapidly evolved from curious college kids taking their hand at hacking to an enormous global ecosystem of cyber-crime. Companies need a comprehensive approach to security technology, education and awareness and a very small number have truly mastered all three...”
Comments (0)
Cyber Crime Creates More Victims Per Hour than Babies Born
December 10, 2011 Added by:Kelly Colgan
As more shoppers turn to their laptop, iPads and mobile phones to get items crossed off their list, thieves are on the prowl to hack into systems to obtain customer information – email addresses, passwords, credit card data, PayPal account info, etc...
Comments (0)
Plagiarism in IT Security - Walking a Fine Line
December 09, 2011 Added by:Rafal Los
At the end of the day, shouldn't we all be professionals? I know it's nice to think that everyone is honest - but as the infosec world expands and there is a massive influx of people trying to make a name for themselves - there will be dishonesty. This is where the community comes in...
Comments (2)
SEC Calls for Cohesive Incident Response and Reporting
December 09, 2011 Added by:Steven Fox, CISSP, QSA
This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...
Comments (0)
Network Security in the Age of Social Media
December 08, 2011 Added by:Ben Rothke
Social media is now mainstream in corporate America, and the security and privacy issues around it are hot. In the past, many firms simply said no to social media at the corporate level. But that will no longer work, as social media isn’t a choice anymore, it’s a business transformation tool...
Comments (0)
Fraudsters Defeat Poor Risk Management - Not Two-Factor Authentication
December 08, 2011 Added by:Nick Owen
Carriers are not incentivized to secure their users accounts. SMS is really just an email sent to a phone over a provider that barely cares about security. 99% of SMS messages don't require security so don't expect the carriers to add any soon...
Comments (0)
PCI Compliance: On Redirects and Reposts
December 08, 2011 Added by:PCI Guru
A number of clients recently prompted me on my take regarding Redirects and Reposts as they attempt to shrink their PCI compliance footprint as small as possible. A lot of them like the idea of the repost because it requires only a simple change to their existing e-Commerce sites...
Comments (0)
The Detection in Depth Focus Model
December 08, 2011 Added by:Brent Huston
As explained in the maturity model post before, the closer the detection control is to the asset, the higher the signal to noise ratio it should be and the higher the relevance o the data should be to the asset being protected (Huston’s Postulate)...
Comments (0)
Data Loss Prevention - Without the New Blinky Boxes
December 08, 2011 Added by:Rafal Los
The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...
Comments (1)
The Nature of Infosec: A Zero Sum Game
December 08, 2011 Added by:Scot Terban
Security is a “Zero Sum Game” - no matter what you do, no matter how many policies you have or blinking lights on an appliance that is alleged to keep out APT, in the end you really have not won the day. In fact, if you have not been hacked or abused that day, it was really just a fluke...
Comments (2)
Malware Infection Rates – Who Has the Most Viruses?
December 07, 2011 Added by:Dan Dieterle
A look at the top viruses for each country shows a lot of cookie based viruses. Which may or may not be real viruses, but the rates are high none the less. But how does this compare to what other vendors are finding?
Comments (0)
Human Security is Weaker than IT Security
December 06, 2011 Added by:Robert Siciliano
Information technologies have evolved to a level at which the developers, programmers, and security specialists all know what they’re doing, and are able to produce products and services that work and are reasonably secure. Of course, there’s always room for improvement...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox