Latest Posts


Cyber Attacks: Iran Will Retaliate

October 03, 2011 Added by:Joel Harding

What does Iran mean by ‘We will retaliate in cyberspace’? Iran has a record of Shamshir rattling and ‘trash talk’. Yes, Iran has formed a cyber command. Yes, there is a hacker group called the Iranian Cyber Army, and they were defacing pages in China and even took down Baidu...

Comments  (0)


Insider Threat: Guard Indicted for Chinese Espionage

October 03, 2011 Added by:Headlines

Bryan Underwood, a former contract guard working at a U.S. Consulate in China, has been charged in a superseding indictment with one count of attempting to communicate national defense information to a foreign government...

Comments  (0)


Protecting Your Privacy Is Your Responsibility

October 02, 2011 Added by:Allan Pratt, MBA

Do you wonder what happens with your financial information when a background check is conducted for a job? Do you wonder what happens to your driver’s license information when you’re asked to provide it on a medical form? Truth is, you’re the only one who can safeguard your privacy...

Comments  (1)


How Social Media Impacts Your Compliance Program

October 02, 2011 Added by:Thomas Fox

In a September 26, 2011 article in Forbes magazine, titled “Social Power and the Coming Corporate Revolution”, author David Kirkpatrick argues that the social media revolution has so empowered employees and customers that they will soon be calling the shots, not management...

Comments  (0)


Requirements that Cannot be Marked ‘Not Applicable’

October 01, 2011 Added by:PCI Guru

QSAs are questioning the relevance of this clarification in outsourced and environments totally operated through bank-owned terminals and networks. TPCI SSC is clarifying these requirements is to ensure that QSAs are confirming that outsourced environments truly are out of scope...

Comments  (0)


Legal Consequences of Breaches to Security and Privacy

October 01, 2011 Added by:Craig S Wright

Intermediaries have the ability to stop transgressions on the Web now, but the lack of clear direction and potential liability associated with action remains insufficient to modify behavior. In the face of tortuous liability, the economic impact of inaction is unlikely to lead to change...

Comments  (0)


Maintaining Quality in Outsourcing Telco Services

September 30, 2011 Added by:Bozidar Spirovski

The issue with telco services is that quality is difficult to define because there are parameters that are difficult to track: sound quality, response of system to tone-dial menu selection of an IVR, intermittent interruptions of communications, and temporarily unavailable service...

Comments  (0)


Usernames and Passwords Are Facilitating Fraud

September 30, 2011 Added by:Robert Siciliano

Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...

Comments  (0)


FTC Proposes Revisions to COPPA Rule

September 30, 2011 Added by:David Navetta

The proposed amendments would modify the Rule in five areas: definitions, parental notice, parental consent mechanisms, confidentiality and security of children’s personal information, and safe harbor programs. Each may have a significant impact on a company’s current online practices...

Comments  (0)


Hacker Halted: 10% Discount plus Get a Free iPad2 and 2 Nights Accommodations

September 30, 2011 Added by:Infosec Island Admin

Special for Infosec Island Members: Attend EC-Council's signature event in Miami - Hacker Halted USA - and get a free iPad2 + two nights hotel + an additional 10% discount when signing up for the conference pass or for selected training. Offer ends September 30, 2011...

Comments  (0)


Microsoft is Waging Cyberwar

September 30, 2011 Added by:Joel Harding

A federal court judge taps his gavel and the request for taking down a domain and all sub-domains is approved. This indicates to me that a corporation is taking care of me, a private citizen. It also indicates that the government cannot or will not protect me...

Comments  (0)


Researchers Demonstrate Diebold Voting Machine Hack

September 30, 2011 Added by:Headlines

"These man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines. We think we can do similar things on pretty much every electronic voting machine. This is a national security issue. It should really be handled by the Department of Homeland Security..."

Comments  (0)


Security Trends: Which to Avoid and Which to Embrace

September 30, 2011 Added by:Ken Stasiak

With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...

Comments  (0)


Financial Analyst Fined And Jailed for Data Breach

September 30, 2011 Added by:Headlines

Rebollo was arrested in 2008 after an investigation revealed that he had downloaded, possessed, and sold consumer information contained in Countrywide databases. Rebollo distributed financial information and contact information pertaining to approximately 2.5 million individuals...

Comments  (0)


Why Data Centers Need SSAE 16

September 29, 2011 Added by:Chris Schellman, CPA, CISSP, PCI QSA

SSAE 16 is one of the most widely known tools for providing assurances to data center customers. Yet, a myth that the SSAE 16 standard is not applicable to the industry persists. Data center providers have no choice but to arm themselves with the following facts about SSAE 16 applicability...

Comments  (4)


Smarter Security Steps Part 3: Safe and Secure Technology

September 29, 2011 Added by:Brian McGinley

We have moved from being a computer-assisted society to one that is computer-dependent. Control is critical to maintaining a secure operation. That requires assistance from technical experts. But good control begins with a company’s employees, an area you can’t afford to ignore...

Comments  (0)


How do You Evaluate a Risk Assessment?

September 29, 2011 Added by:Thomas Fox

The key to the Timken approach is the action steps prescribed by their analysis. This is another way of saying that the risk assessment informs the compliance program, not vice versa. This is the method set forth by the US Department of Justice in its Compliance Program best practices...

Comments  (0)


Should You Fear the BEAST?

September 29, 2011 Added by:f8lerror

BEAST is a Man-In-The-Middle (MitM) attack that injects plain text into the encrypted stream sent by the victim's browser via JavaScript during a MitM attack. Using injected plain text and the encrypted results, BEAST can eventually decrypt the entire HTTPS request and cookies...

Comments  (0)


Securing Flash Drives within the Enterprise

September 29, 2011 Added by:Kanguru Solutions

Flash drives have revolutionized the business world with their convenience and portability. However, for infosec professionals, flash drives are a dual edged sword. If lost or stolen, a single unencrypted flash drive has the potential to cause a costly data breach...

Comments  (1)


Small Business Slow to Adopt Data Backup Systems

September 29, 2011 Added by:Headlines

"Business owners will need to understand what the cloud is and what it can do for their businesses in the areas of cost control, data security, data protection, accessibility, efficiency and productivity to facilitate a smooth running technological platform for their business..."

Comments  (0)