June 01, 2011 Added by:Thomas Fox
The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary...
June 01, 2011 Added by:Headlines
“We must plan, train, exercise and operate in a way which integrates our activities in both cyber and physical space. We will grow a cadre of dedicated cyber experts to support our own and allied cyber operations and secure our vital networks...”
June 01, 2011 Added by:Rafal Los
I've been learning a lot lately from one of my senior colleagues who's been doing this software security assurance thing much longer than I have, and the more time I spend with him the more I understand that it all comes down to one very simple question: Why?
June 01, 2011 Added by:Rebecca Herold
Covered entities and business associates would need to account for disclosures of PHI in electronic health records that are part of a designated record set for treatment, payment and health care operations in addition to the existing requirements for accounting for access to PHI...
May 31, 2011 Added by:J. Oquendo
It should come as no surprise that ModSecurity is not an offensive tool. Far from it however, I am going to use it as a method to redirect my targets over to my Metasploit machine. My goal is to explain the use a of defensive tool for offensive purposes...
May 31, 2011 Added by:Infosec Island Admin
You have the right to privacy in your papers and your domicile, but does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?
May 31, 2011 Added by:Kelly Colgan
The proposed bill is nothing more than an outdated, bandwagon approach that creates more red tape for businesses, weakens state law, and overprotects small- to medium-sized companies that suffer data breaches. Bottom line: It offers little, meaningful help to the consumer...
May 31, 2011 Added by:Headlines
"We have a solution that can address the security and compliance needs of customers in process control industries including electric power utilities, public works and oil & gas. You just cannot get that level of capability, reliability and integration with legacy IT or ICS solutions..."
May 31, 2011 Added by:Global Knowledge
I make a point to preach password security to most co-workers I supported – especially those who dealt with personnel records, credit card info, and other potentially sensitive documents. Below are some tips that will make your passwords a hundred times harder to hack...
May 31, 2011 Added by:Headlines
The report concludes that the Laws of Armed Conflict should also extend to the cyberspace field of operations. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said an unidentified military official...
May 31, 2011 Added by:Luis Corrons
In a few years’ time, besides protecting ourselves against cyber-attacks we will also have to look for mechanisms that guarantee our rights against government abuse of power. Some people are talking about the introduction of “Internet passports” to identify Internet users...
May 31, 2011 Added by:Kyle Young
You could setup your N900 on a victim network and have ssh listing on your public IPv6 address and then log in to your N900 from an outside network over IPv6. You wouldn’t even have to do any port forwarding on the victim’s firewall/gateway/router...
May 30, 2011 Added by:Pascal Longpre
An attacker who has installed the target's VPN client and configuration patiently waits for the user to authenticate. When the user begins to enter its 6 digit SecurID password, the Trojan captures the characters entered and immediately sends them through SSL to the attacker's machine...
May 30, 2011 Added by:Joe Schorr
To truly improve their security posture, companies should create (and enforce) a mandatory ID Badge policy for visitors and employees. An effective policy coupled with good security awareness training will go a long way to closing up this particular gap in PCI-DSS 2.0...
May 30, 2011 Added by:David Navetta
The FTC complaint alleged that the sites collected children’s information, including ages and email addresses, during registration and then enabled children to publicly post their full names, email addresses, instant messenger IDs, geographic location and other information...
May 29, 2011 Added by:Anton Chuvakin
I think the concept of Magic Quadrant is brilliant. However, many wrong SIEM purchase decisions I’ve seen made usually stem from the decision maker’s own ignorance and not from whatever document or market visualization he has in his possession. Keep this in mind…
May 28, 2011 Added by:Chris Blask
Behind all the technology and corporations and globe-spanning markets and networks there are individual human beings. The actions and intent of those individuals shines through the layers between them and the rest of us like arc lights through kleenex. There is no replacement for intent...
May 28, 2011 Added by:Rahul Neel Mani
Innovation and doing more with less are not just buzzwords. That doesn't mean having Systems up and running can take a back seat either. David Awcock, Head of Technology Standard Chartered Bank, shares his ideas in an interview with Minu Sirsalewala Agarwal, on how he manages both...