Latest Posts

7fef78c47060974e0b8392e305f0daf0

Stuxpocalypse: Hide Your Women and Children!

September 23, 2011 Added by:Infosec Island Admin

Sure, there are many systems out there running PLC’s and they are likely vulnerable to any number of attacks. However, can you please look back and see how long it actually took persons unknown to create the Stuxnet attack, and breathe a little before you go crying to the likes of the Monitor?

Comments  (13)

37d5f81e2277051bc17116221040d51c

The FFIEC Wants You to Know...

September 23, 2011 Added by:Robert Siciliano

Consumers are oblivious to the layers of security put in place by financial institutions to protect their accounts. All consumers really care about are ease and convenience. A better understanding of what goes on behind the scenes can help consumers adapt to new technologies...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Original Stuxnet Researcher Issues Dire Warnings

September 23, 2011 Added by:Headlines

"After Stuxnet was identified as a weapon, we recommended to every asset owner in America – owners of power plants, chemical plants, refineries and others – to make it a top priority to protect their systems... That wakeup call lasted about a week. Thereafter, everybody fell back into coma..."

Comments  (2)

91648658a3e987ddb81913b06dbdc57a

New Certification on the Block - EC Council's C|CISO

September 23, 2011 Added by:Ron Baklarz

I am anxious to follow the evolution of the EC Council's new C|CISO certification, as it looks as though it will fill some gaps missing from other "gold-standard" certifications, and that are necessary for one aspiring to be or currently practicing security at the C-level...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NATO to Lead Multinational Cyber Defense Effort

September 23, 2011 Added by:Headlines

“In the spirit of the Secretary General’s call for 'smart defense' through multinational efforts, the aim is to lower the cost of and facilitate national capability development. In the interconnected world of cyber space, we are only as strong as the weakest link...”

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Future Enterprise: Cyber Warfare

September 23, 2011 Added by:Bill Gerneglia

Cyber war is now an urgent issue that transcends lines between enterprises or governments. Unless a global cyber security framework can be engineered, a world of disorder will rapidly emerge - a turbulent world, where change has ceased to be beneficial and becomes ultimately destructive...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC - Chicago

September 23, 2011 Added by:Infosec Island Admin

The SOX Compliance series is targeted at a focused group of senior level executives to maintain an intimate atmosphere for the delegates and speakers. Since it is not a vendor driven conference, the higher level focus allows the delegates to network with their industry peers and speakers...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Cloud versus Local Storage Security

September 22, 2011 Added by:Emmett Jorgensen

Each storage medium offers its own benefits for different scenarios. It's up to the user to choose the option that best fits. Security is a major difference in these two types of storage. Until cloud storage becomes more secure, many will prefer local storage alternatives...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: The Playing Field

September 22, 2011 Added by:Infosec Island Admin

There are too many ways that a company can open itself up to vulnerabilities. It takes a rounded approach to do the due diligence for that company’s security posture. The information security business has become a leviathan of competing entities from the quacks to the bleeding edge...

Comments  (1)

888605c6c25c19e41bbbb986ea6d43c1

Notes on the GrrCON Information Security Conference

September 22, 2011 Added by:Jim Palazzolo

The goal of the conference was dissemination of information and giving individuals the ability to network with others in the field. What impressed me was the diverse pool of individuals at the conference. It was not uncommon to see someone sporting a purple mohawk, or pin stripe suit...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

It is Time to Address PCI Compliance Reporting

September 22, 2011 Added by:PCI Guru

The QA process: it all comes down to having used the correct language in responding to the ROC, rather than whether or not you actually assessed the right things. To add insult to injury, the PCI SSC advises QSACs to develop a template for the ROC with all the correct language written and proofed...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Adobe Issues Patch for Flash Zero Day Vulnerability

September 22, 2011 Added by:Headlines

"One of these vulnerabilities is being exploited in the wild in active targeted attacks... This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website..."

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

Security-Enhanced Linux Support

September 22, 2011 Added by:Jamie Adams

SELinux is an enhancement to the standard kernel that provides fine-grained security MAC rules. The Targeted policy provides security for commonly used daemons such as httpd, dhcpd, mailman, named, portmap, nscd, ntpd, portmap, mysqld, postgres, squid, syslogd, winbind, and ypbind...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Risk Assessment Guide for Federal Information Systems

September 22, 2011 Added by:Headlines

The revised guidance has been expanded to include more information on a variety of risk factors essential to determining information security risk, such as threat sources and events, vulnerabilities and predisposing conditions, impact, and likelihood of threat occurrence...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Smartphones and Banking Application Security

September 22, 2011 Added by:Brent Huston

As device manufacturers continue to add processing power and storage capacity, and platform vendors provide more applications for generating and consuming data, security will become a greater concern as attackers look upon it as their new playground...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

Infosec Island Call for Interviews: Hacker Halted - Miami

September 22, 2011 Added by:Infosec Island Admin

Infosec Island will be conducting a series of video interviews with companies and vendors at the Hacker Halted conference in Miami, FL in late October. The interviews offer the opportunity for companies to highlight their knowledge of emerging trends in the information security field...

Comments  (0)

14a516a8718c6b0a09598ac4f2777124

Creating a Culture of Security

September 21, 2011 Added by:Jim Anderson

Infosec practitioners tend to look for "bright shiny objects" and focus on those as the centerpiece of their programs. Often, training is an afterthought and awareness is relegated to "lunch and learn" status. Ross does an excellent job of covering the benefits of a constructive security culture...

Comments  (0)

065b7cfbbb03ac9d18cbf5ed0615b40a

Preparation Tips for the JNCIE-SEC Exam

September 21, 2011 Added by:Stefan Fouant

Not a day that goes by since having passed the JNCIE-SEC exam that I don't receive an inquiry in one form or another regarding how I prepared for the exam. So instead of constantly repeating myself, I figured I'd just put it up on the blog so others can benefit...

Comments  (1)

4c1c5119b03285e3f64bd83a8f9dfeec

On Definitions – Keeping it Simple with OSSM

September 21, 2011 Added by:Ben Kepes

Spending so much time in the rarefied atmosphere of the twitterverse, it’s easy to assume that everyone “gets it”. The truth is somewhat different – the vast majority of people out there are still coming to terms. For them the Cloud is an unheard of concept and unexplained territory...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Dutch Team European Champs for Global CyberLympics

September 21, 2011 Added by:Headlines

“CyberLympics presents a unique set of challenges that puts competing teams through a real life environment which include offensive hacking strategies but also deploying defensive capabilities to prevent being hacked. This approach makes the CyberLympics stand out..."

Comments  (0)