Blog Posts Tagged with "Security"
NIST Steering Group to Support Trusted Identities in Cyberspace
March 15, 2012 Added by:Infosec Island Admin
"The committee will guide creation of an ‘Identity Ecosystem’ in which businesses and individuals can have more confidence in the security and privacy of their online transactions. The committee will also be responsible for identifying resources that will support the effort..."
Comments (0)
The Emperor's Advanced Persistent Clothing
March 12, 2012 Added by:J. Oquendo
When "experts" start believing their own hodge-podge of "truths", it spreads like a cancer and ends up in the ears of decision makers. When will security pros stop focusing on marketing in hopes of selling shares of the Brooklyn Bridge and focus on actually securing something?
Comments (3)
It's not Illegal if You Consent: Malware's Dirty Little Tricks
March 08, 2012 Added by:Rafal Los
Bad guys often rely on the end-user's lack of awareness, employing some dirty tricks like creating a convincing web page that looks just like your antivirus software, or something equally dastardly. But there's another trick that makes me crazy: End User License Agreements...
Comments (0)
Security Tips When Providing Free Wi-Fi at Your Business
March 08, 2012 Added by:Robert Siciliano
Wi-Fi is great for bringing in customers and as a promotional tool that creates customer loyalty. Merchants such as hotels, coffee shops, burger joints and anyplace with a store front, chairs and tables is offering free Wi-Fi. But what about all the Wi-Fi security threats?
Comments (0)
NIST Draft Addresses Security Threats and Privacy Controls
March 07, 2012 Added by:David Navetta
NIST notes that many of the changes were driven by particular security issues and challenges requiring greater attention including, insider threats, mobile and cloud computing, application security, firmware integrity, supply chain risk, and advanced persistent threats...
Comments (0)
Secure Now or Forever...
February 24, 2012 Added by:Pamela Gupta
Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...
Comments (0)
Security BSides Austin 2012: Keeping Security Weird
February 23, 2012 Added by:Security BSides
BSides Austin is an eclectic group of infosec pros gathered to hear awesome talks and have outrageously fun discussions. Our mission is to provide an inclusive, some say quirky, yet open environment for sharing and collaborative discourse on security topics that most interest you...
Comments (0)
Security: UR Doin It Rong
February 22, 2012 Added by:Wendy Nather
A number of talks at conferences focus on what we are doing wrong. The reason for this is practitioners are afraid to talk about how they're defending themselves for fear that someone will take it as a challenge and de-cyber-pants them before they've even gotten to the Q&A session...
Comments (3)
Don't Be Naïve about Anonymous or the Occupy Movement
February 22, 2012 Added by:Robin Jackson
If you are an information security professional, then I urge you to quit worrying about what conferences you're going to speak at and get serious about shoring up the defenses of every computer system that you are responsible for immediately...
Comments (4)
IPv6 Protocol Implementation is Not a Security Panacea
February 22, 2012 Added by:Headlines
"The same thing that made the IPv6-enabled Internet valuable has also made it an increasingly valuable venue for attacks. While the frequency of attacks is relatively modest on IPv6 today, we expect that accelerated adoption will be followed in-kind by an accelerated pace of attacks..."
Comments (0)
Why The Push For EMV Adoption In The United States?
February 20, 2012 Added by:PCI Guru
What is Visa USA trying to prove with this push of EMV? Apparently only Visa USA can tell us because, for the rest of us, there are no business cases we can construct to justify the switch to EMV. Obviously, Visa USA knows something that the rest of us do not. Or do they?
Comments (2)
Disclosures: How Much Sharing is Too Much?
February 15, 2012 Added by:Jack Daniel
What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...
Comments (0)
Twitter Finally Enables HTTPS as a Default Setting
February 14, 2012 Added by:Headlines
Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...
Comments (0)
Why Data Security Regulation is Bad
February 11, 2012 Added by:Danny Lieberman
The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...
Comments (0)
Straight Talk about Compliance from a Security Viewpoint
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
Comments (0)
Insecurity by Way of Compliance
February 08, 2012 Added by:Danny Lieberman
The US leads in data security breaches while the EU leads in data security. The EU has strong, uniform data security regulation, whereas the US has a quilt-work of hundreds of security directives where each agency has it’s own system for data security compliance...
Comments (2)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers