Blog Posts Tagged with "Information Security"
The Best in Practice
September 12, 2012 Added by:Randall Frietzsche
If we are charged with designing, architecting, implementing, deploying, integrating, training and supporting security technology, processes and policies within our organization, we might discover that this work is really an art more than a science...
Comments (0)
Microsoft BlueHat: Five Questions with Katie Moussouris
September 12, 2012 Added by:Fergal Glynn
One of the big stories from this year’s BlackHat conference was Microsoft’s inaugural BlueHat contest which challenged researchers to design a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities. Katie Moussouris discusses...
Comments (0)
Java, Flash, and the Choice of Usability Over Security
September 10, 2012 Added by:Le Grecs
Convenience vs. Security: My goal of not installing Flash and Java on a new system didn't last more than a few hours. Yet, as infosec professionals, following the disable unnecessary services philosophy, we advise not installing these types of applications for security reasons...
Comments (0)
How I Learned about File Encryption the Hard Way
September 06, 2012 Added by:Scott Thomas
Learn about file versus whole disk encryption, as well as where keys are stored. Also learn to move the keys if you're going to wipe a drive. If I can offer anything to anyone about file encryption it would be to completely understand how it works before you play with live data...
Comments (0)
Will Your Smartphone Become your Wallet?
September 05, 2012 Added by:Allan Pratt, MBA
Will all smartphone users feel comfortable transforming their them into wallets? What about security? What if you lose your phone and the person who finds it hacks into your accounts? Now, these cool capabilities don’t sound so impressive. In fact, there are some serious consequences...
Comments (0)
Scot Terban ISC(2) Board Petition UPDATE
September 05, 2012 Added by:Scot Terban
It seems that when one “petitions” to run for the board, one must have the signatories send an email instead of just fill out their information on some excel sheet or online petition. If you are wanting to sign the petition for my being able to run for the BoD please email me...
Comments (0)
Real World Information Security
September 05, 2012 Added by:Tripwire Inc
Alex uncovered a poorly designed web page and convinced it to give up its secrets. What followed was a quick RDP war trying to plant our backdoor. I found myself with root level access having blasted away at it using Metasploit and uncovered several Easter eggs instructors had planted...
Comments (0)
Enterprise Security: Being Your Own Worst Enemy
August 30, 2012 Added by:Rafal Los
Enterprise security organizations can be their own worst enemies. Security is largely disconnected from the business, largely dependent on technology, and unable to be anything more than a cost center... and it seems like the more we rant and wave our arms the deeper the hole gets...
Comments (0)
Infosec Recruiters Examine Security Career Trends
August 30, 2012 Added by:InfoSec Institute
"Penetration testers, the guys that come onto the sites—they’re highly in demand... In terms of technology, I think these guys see security in a different light than other people. They sort of can see it as a whole picture. Penetration testers are looking at it in a completely different light...."
Comments (3)
Your Organizational Chart Tells a Security Story
August 28, 2012 Added by:Tripwire Inc
The common reason to push the security team over to the side or down the org chart is due to a belief that what they do isn’t a core value proposition for the company. By reinforcing the idea that security is low priority it creates impediments for the business and the security team to negotiate risk and work collaboratively...
Comments (1)
Throwing Stones in Glass Houses: Views on the Security Industry
August 26, 2012 Added by:Rafal Los
The Information Security industry is rife with negativity. Why are we so quick to pile on to others' pain? Isn the security community just more cynical by nature, is it psychological? Are we wired this way? As an industry, our goal is to create more resilient, more secure' and more defensible postures for everyone...
Comments (1)
On Infosec Friends
August 24, 2012 Added by:Javvad Malik
They are the guys who you look out for and they look out for you. If you see a bug in their code, you’ll sort it out for them. When they call you up at 3am for help with a security strategy presentation, you stay up with them all night working on it. When you are stuck on something, you’ll turn to them for help....
Comments (4)
Marketing to the Cynical, Skeptical, and Jaded
August 24, 2012 Added by:Jack Daniel
Words like engagement and community are overused by charlatans, marketing gurus, and social media experts- but if you cut the crap and actually engage the community, people will pay attention. Influencer is another abused term, but some people have more of a voice in the community than others. Ignoring people who aren’t ready to buy could be a very bad idea...
Comments (1)
Scot Terban ISC2 Board Candidacy
August 23, 2012 Added by:Scot Terban
Ok, so after a flurry of tweets about the candidacy of others, my name got thrown in there like so much pasta being chucked at a wall. Well, it stuck in my case and I decided to run. So, if you think that I can get in there and stir up some trouble, and maybe make some changes then VOTE FOR ME in this petition...
Comments (0)
Infosec: Be All You Can Be
August 22, 2012 Added by:Randall Frietzsche
So what is an Infosec professional? Like the Samurai we're really warriors, we're soldiers in a battle of good vs. not-so-good. We craft our skills, we increase our knowledge, we strive to be better than those who might do our Enterprises harm, breach our castle walls and loot our treasures of data and services...
Comments (7)
Sign Dave Lewis' Petition for the ISC2 Board Election
August 22, 2012 Added by:Infosec Island Admin
Dave Lewis wants to work to restore the CISSP exam and it’s place in the community as something to be respected, help bring the ISC2 into the wider acceptance, help make it a force for positive change, and ensure that the ISC2 is representative and accountable to it’s membership...
Comments (1)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor