Blog Posts Tagged with "Systems"
July 08, 2012 Added by:Robb Reck
Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...
June 20, 2012 Added by:Rafal Los
Whatever the incident or failure, the system can detect and respond in an automated fashion as long as its within the realm of known things. When things fail or break in a new way that has never been seen before, the system will take corrective action to restore service to the best of its ability...
June 19, 2012 Added by:Rafal Los
In really re-evaluating what my whole push behind enterprise resiliency is all about - I've come to realize that the stability / resiliency tradeoff is actually quite intuitive, it's just that not many of us were taught to think this way. What we're really saying is that stability is bad...
April 09, 2012 Added by:Javvad Malik
This domain has a good title and there is probably a lot one can talk about. There are not enough competent security architects on the market. Sure you can get a lot of penetration testers of or risk and compliance type people. But good architects are hard to come by...
October 23, 2011 Added by:Brent Huston
It’s impossible to protect everything in your environment if you don’t know what’s there. All system components and their dependencies need to be identified. This isn’t a mere inventory listing. Adding the dependencies and trust relationships is where the effort pays off...
July 29, 2011 Added by:Headlines
While we enjoy the opportunity to go home from the office at the end of the work day, SysAdmins are still on the job fighting off unauthorized access attempts, protecting our sensitive data, and working hard to improve network performance...
July 28, 2011 Added by:Rafal Los
Sony, Fox/Murdoch, et al, are all being harried by vulnerabilities left open in the backwaters of their infrastructure, not by bruteforce through the main gates. What little surprises might one find by using this time for review and planning?
June 01, 2011 Added by:Robb Reck
Information security works differently than IT. Rather than focusing on how to build a system that can meet a requirement, the security-minded will focus on how to build a system that cannot do anything but meet a requirement. The difference is subtle, but critically important...
June 01, 2011 Added by:Rob Fuller
When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...
May 04, 2011 Added by:Robb Reck
Creating secure systems from the ground up requires different skills than buying and bolting on technologies to implement security after the fact. You have the chance to build this new system with a strong foundation. Do not miss your chance to show how security should be addressed...
April 12, 2011 Added by:K S Abhiraj
Problems with protecting hosts from malicious code are understood. The problem posed by malicious hosts to entities and the environment is more complex. Since an entity is under the control of the executing host, the host can in principle do anything to the event and its code...
March 11, 2011 Added by:Headlines
"Stuxnet really didn't change anything. The vulnerabilities have all been there for awhile. Most SCADA networks are pretty wide open and are susceptible to attacks. Stuxnet did, however, open our eyes to what is possible now..."
March 07, 2011 Added by:Rafal Los
Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...
March 06, 2011 Added by:Dan Dieterle
Online systems are slowly becoming better at protecting data, mostly because they have been under constant attack for a long time. Hackers are very opportunistic, and cyber crime has become big business. Speed counts, and if it is faster just to target the POS system, you better believe they will...
February 11, 2011 Added by:Headlines
"We can continue to pursue outdated strategies and spend our time describing the problem until there is some crisis. Then it is likely that the United States will act, in haste, possibly with unfortunate consequences. Alternatively, we can take action on measurably effective policies...."
February 09, 2011 Added by:Headlines
"We detected suspicious files on the U.S. servers unrelated to our trading systems and determined that our web facing application Directors Desk was potentially affected. We immediately conducted an investigation, which included outside forensic firms and U.S. federal law enforcement..."
Why You Shouldn’t Use the OWASP Top 10 as ... Jessica Barden on 11-21-2014
Security or Checking a Box?... Fadvad FAscvax on 11-21-2014
Why Are We Failing at Software Security?... waqas nayyer on 11-21-2014