Latest Posts


How to Plan Security and Meet Your Compliance

October 27, 2011 Added by:Gabriel Bassett

If you feel a bit lost with what tools you have in your (defenses, sensors, response) toolbox, you're in luck! The good news is the toolbox is already sitting on your hard drive. The bad news is, it's your compliance controls...

Comments  (0)


Welcome to the PCI Prioritization Approach

October 27, 2011 Added by:David Sopata

Organizations often start implementing security controls on all of their systems throughout the company without really knowing what systems should be in scope or which systems should not be in scope for PCI. Hence, the PCI DSS Prioritization Document and Tool was developed...

Comments  (0)


The Other Top Issues Facing Computer Security

October 27, 2011 Added by:Dan Dieterle

There is a disconnect between management and IT. Sometimes management doesn’t fully understand what the IT department is doing. Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers...

Comments  (0)


The Evolution of Online Fraud Prevention

October 27, 2011 Added by:Robert Siciliano

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them. Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation...

Comments  (0)


#EntSec -- Not Business Relevant

October 26, 2011 Added by:Ali-Reza Anghaie

Enterprise Security is Not Business Relevant. Now, that's quite the inflammatory statement but unless your business is security then it's true in practice today. Before the flaming begins let me start by saying I believe firmly it ~IS~ business critical but I want to make it actually relevant...

Comments  (0)


There's a Sucker Born Every Minute – and Charlatan’s to Make Sure They Pay for It

October 26, 2011 Added by:Ben Rothke

So why would anyone in their right mind buy something that is free? It seems that indeed there's a sucker born every minute and they are buying books by Kevin Roebuck. If buyers would do the slightest bit of analysis, they would see this deception.Unfortunately, Emereo is polluting the waters...

Comments  (2)


Is Cloud Computing Secure?

October 26, 2011 Added by:Brittany Lyons

The future of data storage online is certainly cloud computing, as it provides instant access to data under a heavy load and redundant backups for when the inevitable fail should happen. The security measures that go into protecting this future will only become more stringent as time goes on...

Comments  (0)


How FERPA Compares to HIPAA

October 26, 2011 Added by:David Sopata

Even through HIPAA has been around since 1995 it really had not gained momentum until the past few years when fines started being issued. However, there is a privacy law that has been on the books for much longer than HIPAA and it is the Family Educational Rights and Privacy Act or FERPA...

Comments  (0)


Size Isn't Everything

October 26, 2011 Added by:Javvad Malik

Having a long padded out password isn’t enough. Because there are a whole multitude of things that should be taken into consideration before declaring something is the answer to all your security issues. It’s a security concept called defense in depth...

Comments  (1)


Hacker Halted Miami: Qualys CTO Wolfgang Kandek on APTs

October 25, 2011

The term, "Advanced Persistent Threats" gives the impression that most organizations are not equipped to deal with sophisticated attacks. Wolfgang Kandek's Hacker Halted keynote exposes the reality behind the causes of these threats and makes the case for a new security model...

Comments  (0)


Are You Cyber Savvy?

October 25, 2011 Added by:Joel Harding

What really set him apart was Social Engineering combined with his hacking. He did his research, he would study, he would probe, and then he would do whatever it took to get a password, to get a free account, to get root access, to get into a facility and physically touch the system...

Comments  (0)


SpyEye Morphs to Hit Online Banking

October 25, 2011 Added by:Kelly Colgan

All your online activities inherently cannot be completely secured. This is something most of us have known for a long time, but as we’re pushing toward putting more of our lives in the digital domain, it’s a point that can’t be emphasized enough...

Comments  (0)


PCI and the Insider Threat

October 24, 2011 Added by:PCI Guru

The biggest problem with the insider threat is that it does not matter how much technology you have to protect your assets as it only takes one person in the right place to neutralize every last bit of your security solutions. Just ask anyone any of the recently breached organizations...

Comments  (0)


Emerging Companies Can Delay SOX Compliance

October 24, 2011 Added by:Headlines

New companies with a market capitalization under USD 1 billion will now be able to opt-out of regulations within section 404 of the Sarbanes-Oxley (SOX) Act for the first ten years after going public. This option was previously available to companies under USD 75 million...

Comments  (0)


Gleg releases Ver 1.7 of the SCADA+ Exploit Pack

October 24, 2011 Added by:Joel Langill

On October 20, Gleg released version 1.7 of the SCADA+ Exploit Pack for the Immunity Canvas framework, though this time around, I do not see a lot of unique value in the code updates. Modules of interest in this release represent the bulk of the ICS/SCADA vulnerabilities disclosed in September...

Comments  (0)


The Economic Benefit of Cloud Computing

October 24, 2011 Added by:Kevin L. Jackson

In considering cloud computing for the Intelligence Community, security is an obvious concern. Classified information should always be processed in properly protected and certified IC private or community clouds. If a secure cloud model can be designed, economic savings can certainly be realized...

Comments  (0)


The Benefits of Being a CISSP

October 24, 2011

Some people think a CISSP is a run-of-the-mill security certification... but it isn't. If you know how to use it to your benefit. You can wield unlimited power...

Comments  (6)


Six Security Assessments You’ve Never Had But Should

October 24, 2011 Added by:Stephen Marchewitz

You probably are familiar with the classic security assessments: internal and external penetration testing, security risk assessments, and PCI gap assessments. Consider performing these six assessments at least once in your organization to combat the constantly looming hacker threat...

Comments  (0)


Lean Knowledge Principles and Compliance Programs

October 24, 2011 Added by:Thomas Fox

The lean approach can be used in many of the process steps where documentation is the key. The discretion and expertise brought to bear in compliance programs can then be overlaid on this system. This approach can help a compliance department deliver a more robust compliance product...

Comments  (0)


Securing Mobile Data at the Application Layer

October 23, 2011 Added by:Steven Fox, CISSP, QSA

The OWASP Mobile Security Project focuses on the security of the applications. According to its contributors, it “is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications...”

Comments  (0)