Latest Posts
SCADA and ICS Cyber Security - Facing the Facts
May 05, 2013 Added by:Eric Byres
In the past, the main reason for securing a SCADA/ICS network was to protect against inadvertent network incidents or attacks from insiders. The risk of an external malicious cyber-attack was considered minimal.
Comments (0)
Five Questions Boards of Directors Need to Ask About Cloud Governance
May 01, 2013 Added by:InfosecIsland News
ISACA has issued new guidance outlining key questions for boards of directors to ask to ensure their enterprise’s cloud initiative is in line with business objectives and the organization’s risk tolerance.
Comments (1)
The Stand Alone Complex and Jihad
May 01, 2013 Added by:Krypt3ia
We have seen Anonymous as a form of SAC and now I think we can make a substantial case for the jihad being one too. If this idea becomes more memetic and resonates with those of a like mind then we will see more of these types of attacks as well as those out there (not only AQ) trying to entice others to action as well.
Comments (0)
Infographic: Staying Safe While Using Public Wi-Fi
May 01, 2013 Added by:InfosecIsland News
To help users avoid online fraud and malware risks, ThreatMetrix provided the following infographic which highlights several scenarios of how cybercriminals can access sensitive transactions over public networks.
Comments (2)
Why Are We Failing at Software Security?
May 01, 2013 Added by:Nish Bhalla
While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.
Comments (0)
Top 10 Encryption Benefits
April 30, 2013 Added by:Steve Pate
If deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today’s business environments. Below are top 10 benefits for those considering encryption.
Comments (0)
The Severe Effects of Syria’s Cybered Conflict
April 29, 2013 Added by:Jarno Limnéll
The conclusion to be drawn from the effects of Syria’s cybered conflict is that using of cyberspace needs to be seen as an integral part of any contemporary and future conflict.
Comments (0)
Takeaways from the 2013 Verizon Data Breach Investigations Report for Software Development Teams
April 29, 2013 Added by:Rohit Sethi
The 2013 Verizon Data Breach Investigations Report has some important data for software development teams, particularly when considering the likelihood of certain threats to your system.
Comments (0)
Could the AP Twitter Hack Have Been Prevented?
April 26, 2013 Added by:Gianluca Stringhini
This is the first time that people realize that Tweets can have a large effect on financial institutions. The question that people are asking is: could this compromise have been avoided?
Comments (0)
Using Least Privilege to Effectively Meet PCI DSS Compliance
April 25, 2013 Added by:Andrew Avanessian
PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.
Comments (0)
Debit and Credit Card Breach Notifications are Too Little, Too Late
April 25, 2013 Added by:Marc Quibell
I've been reading some interesting articles recently concerning the cyber theft of peoples' credit and debit card data to then be sold and/or for everyday use on the 'net. As usual, by the time the victims figure out what happened, the damage is already done.
Comments (2)
On Dutch Banking Woes and DDoS Attacks
April 25, 2013 Added by:Don Eijndhoven
If you don't live in the Netherlands or don't happen to have a Dutch bank account, you can certainly be forgiven for not having caught wind of the major banking woes that have been plaguing the Dutch.
Comments (0)
Can You Really Hack An Aircraft?
April 24, 2013 Added by:Keith Mendoza
I was really hesitant to throw myself into this mix; however, as a member of the aviation community (as a lowly private pilot), I feel that I need to do my part to help clear things up and put things in perspective.
Comments (0)
Raising the Bar on Application Security Due Diligence
April 24, 2013 Added by:Rohit Sethi
Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.
Comments (0)
Security vs. Personnel and Employment Applications
April 24, 2013 Added by:Allan Pratt, MBA
Does your company use those out-of-date applications where the applicant must provide his or her Social Security number and driver’s license number? If so, throw them out immediately. You could be setting your business up for a potential lawsuit.
Comments (0)
Google: Black Hat or White Hat?
April 23, 2013 Added by:Larry Karisny
Google has a perfect opportunity to be a leader in cybersecurity. Google’s recent network -- and acquisitions and hires -- in Austin, Texas, is an opportunity to do security right the first time.
Comments (1)
Is Your Scanning Vendor Cheating?
April 22, 2013 Added by:Gary McCully
Is Your Scanning Vendor Cheating? Do Vendors Request Whitelisting just to Inflate Numbers?
Comments (0)
Deconstructing 'Defensible' - Too Many Assets, not Enough Resources
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
Comments (0)
Who Really Opposes CISPA?
April 19, 2013 Added by:Electronic Frontier Foundation
Despite recent amendments, CISPA still features vague language that could put your personal information in the hands of military organizations like the National Security Agency.
Comments (1)
Cyber Security Goes Ballistic
April 16, 2013 Added by:Jarno Limnéll
Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.