Information Security
Follow Up to the Out of Band Authentication Post
May 16, 2012 Added by:Brent Huston
Sadly, there are more than a few who are struggling to get OOBA right or done at all. As with most things, it helps to do a little research. Organizations should perform due diligence on their vendors and factor vendor risks into the equation of purchases and project planning...
Comments (0)
NIST Workshop: The Technical Aspects of Botnets
May 16, 2012 Added by:Infosec Island Admin
NIST seeks to engage all stakeholders to identify the available and needed technologies and tools to recognize, prevent, and remediate botnets; explore current and future efforts to develop botnet metrics and methodologies for measuring and reporting botnet metrics over time...
Comments (0)
Who Are You Preaching to Anyway?
May 16, 2012 Added by:Neira Jones
Hard core security conferences continue to happen and continue to be successful, and long may it continue. We still need the techies to make sure we have the right tech to support the people and processes in our businesses. We also need the techies to try and keep ahead of the bad guys...
Comments (0)
Some Observations on Klout Scores
May 16, 2012 Added by:Ben Rothke
Influence is extremely difficult to measure. In the academic world, the Hirsch number is an index that attempts to measure the impact of a published work, but like every index it can be manipulated. So is Klout an effective method of measuring online influence? From my analysis, no...
Comments (0)
IC3: 2011 Internet Crime Report
May 15, 2012 Added by:Pierluigi Paganini
IC3 represents a perfect example of how technological services could help in the prevention and analysis of criminal activities, and highlights that the real weapon against Internet crime is awareness and information sharing...
Comments (0)
Why Security Through Obscurity Still Does Not Work
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
Comments (0)
Infosec is Not a Religion
May 15, 2012 Added by:Scot Terban
Infosec is not a religion. There are no Cardinals, there are no Bishops, there are only a bunch of people who want their opinion to be heard and listened to ad nauseum. It’s as simple as that, and if you start clothing it in the robes of ecclesiastical rhetoric, you FAIL...
Comments (1)
Cybercrime Does(n't?) Pay
May 15, 2012 Added by:Beau Woods
Although many studies fail at basic science, I'm hopeful that the information security industry will get better both at true academic research and at coming up with accurate metrics for the most important data. We'll get there as we mature as an industry, but it will take a while...
Comments (0)
Treat Passwords Like Cash
May 15, 2012 Added by:Danny Lieberman
Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...
Comments (0)
Making Things Worse by Asking all the Wrong Questions
May 14, 2012 Added by:Rafal Los
Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...
Comments (2)
Securing Your Company Against BYOD-Created Threats
May 14, 2012 Added by:Ashley Furness
The increasing emergence of Bring Your Own Device (BYOD) policies has both good and bad implications. Here are four strategies your company should implement to keep data secure while supporting employees' choice to use their own laptops, smartphones and tablets in the workplace...
Comments (2)
Vulnerabilities: Context Matters
May 14, 2012 Added by:Jack Daniel
You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...
Comments (0)
Are We Reaching Security Conference Overload?
May 14, 2012 Added by:Tom Eston
We have more security and hacking conferences than ever, but now there is also more overlap. These choices can make it harder for researchers to present new and relevant content and also tough to decide which conferences to attend from a attendee perspective...
Comments (0)
The Importance of Mobile Device Management for Enterprise Security
May 14, 2012 Added by:Drayton Graham
Almost everyone has their own mobile phone these days, nd they are quickly becoming a necessity in business. In order to enable the kind of freedom BYOD brings, the corporate network and data needs to be protected. Mobile Device Management is a solution that will help with this...
Comments (1)
A Reason Why the PCI Standards Get No Respect
May 11, 2012 Added by:PCI Guru
The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...
Comments (0)
The Fight Against Spam Might Get a Little Easier
May 11, 2012 Added by:Theresa Payton
Facebook recently announced efforts to stop spammers by creating the Antivirus Marketplace. The service will provide a free six month license to antivirus software. McAfee, Symantec, Sophos and others are teaming with Facebook to offer free antivirus software...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?