Blog Posts Tagged with "Defense in Depth"
Security Mistakes You Will Make on Your Next Cloud Project
July 18, 2012 Added by:Danny Lieberman
The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...
Comments (0)
ICS-CERT: Removable Media Flash Drive Attacks
July 10, 2012 Added by:Infosec Island Admin
A shift supervisor was using a portable flash drive for downloading information from an HMI connected to the industrial control systems. Antivirus scanners run on the removable media, the HMI machine, and other systems found the Hamweq virus on the removable media, but the other systems were clean...
Comments (0)
Spring Cleaning for Your Security Toolbox
July 08, 2012 Added by:Robb Reck
Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...
Comments (0)
Five Things a Healthcare CIO Can Do to Improve Security
May 31, 2012 Added by:Danny Lieberman
In a complex healthcare organization, large scale security awareness training is a hopeless waste of resources considering the increasing number of options that people have (Facebook, smartphones..) to cause damage to the business. Security awareness will lose every time it comes up against an iPad or Facebook...
Comments (0)
IT Security: Preventing Insider Threats
May 24, 2012 Added by:Robert Siciliano
An employee at Fannie Mae, knowing he is about to be fired, installed a logic bomb set to detonate almost 3 months after his departure. The detonation would have taken the organization off line for almost a week and cost millions and millions of dollars...
Comments (0)
How Does Your Bank Protect Your Data?
May 15, 2012 Added by:Robert Siciliano
Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...
Comments (0)
Driving a Web Application Firewall Toward Better Security
May 10, 2012 Added by:Andrew Sanicola
Web app firewalls can be a useful ally toward greater security for those who know how to use them properly. Whether you’re in the market for a new firewall or are already an owner, understanding it is a tool designed to be driven is an important step toward increased security...
Comments (0)
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
Assumptions: A Common but Dangerous Programming Practice
March 13, 2012 Added by:Fergal Glynn
Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...
Comments (0)
Hidebound Governments Unprepared for Cyber Threats
February 05, 2012 Added by:James Colbert
“Even if they brilliantly secure their networks, the greatest threat that organizations face is that they are still vulnerable if their minimum wage security guards are disgruntled or their physical access control systems can be easily bypassed...”
Comments (0)
Security: Failing Gracefully, or Just Failing?
February 01, 2012 Added by:Dave Shackleford
We’re pretty good at if-then analysis for controls in security. Let’s turn it around though and start thinking if-then in the negative sense. Prevention tools and processes need to fail gracefully and lead us into detection and response mode...
Comments (0)
The Myth of Defense in Depth
January 25, 2012 Added by:Rafal Los
There are two parts to the idea of defense in depth - there is the concept and the implementation. It's easy to talk about the concepts behind defense in depth - but to implement them effectively in today's technology landscape... well that is an entirely different cup of tea...
Comments (5)
The Human Factor
December 24, 2011 Added by:Jim Palazzolo
When we truly understand that every server we secure, policy enforced, card swipe device locked down, banking website code scrubbed, and public facing connection port blockaded has a human being at the end we will then fully grasp the concept of "defense-in-depth"...
Comments (0)
Following the Trail of Web-Based Malware
December 15, 2011 Added by:Mark Baldwin
The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...
Comments (0)
Size Isn't Everything
October 26, 2011 Added by:Javvad Malik
Having a long padded out password isn’t enough. Because there are a whole multitude of things that should be taken into consideration before declaring something is the answer to all your security issues. It’s a security concept called defense in depth...
Comments (1)
PCI Defense In Depth
October 17, 2011 Added by:PCI Guru
It has been more than five years since the “sa” default password debacle and yet you still encounter applications that use service accounts to access their database and those service accounts have no password. The rationale? “We did not want to code the password into the application..."
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox