Latest Posts

58bc13ef5da5ac4fc32d41c3fbc0e460

The Leaking Vault 2011: Six Years of Data Breaches

September 15, 2011

The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

NIST Releases Secure Cloud Computing Guidelines

September 15, 2011 Added by:Headlines

NIST is responsible for accelerating the federal government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector and other stakeholders, including federal agencies...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defining the Edge of Responsibility in Mobile Applications

September 15, 2011 Added by:Rafal Los

It is critical to let your customers know where your responsibility ends. One of the most dangerous things an organization can do is try to push that perimeter and to protect every client. This can get incredibly costly, and incredibly difficult to defend in court...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Hacker Halted and the CyberLympics Hacking Challenge

September 15, 2011 Added by:Infosec Island Admin

Hacker Halted USA 2011 will not just be another IT security conference. It will be a masterpiece showcase that has some of the world's best security experts congregate at one location. Hackers Are Here. Where Are You?

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Strutting and Fretting Upon the Security Stage: Intro

September 14, 2011 Added by:Infosec Island Admin

I have heard others lament the state of the “security industry” and have posted about my own adventures in the land of FUD and Security Theater as well as a side trip into the lands of denial. My goal with this series is to cover the players, the game, and the realities of the security business...

Comments  (4)

8c4834b99847b9f7c9ee94b45df086f9

HHS to Start Auditing For HIPAA Compliance

September 14, 2011 Added by:Emmett Jorgensen

Despite both HIPAA and the HiTECH Act, healthcare data breaches have been popping up regularly. A recent study found over 70% of hospitals had data breaches last year. This has generated concern over Healthcare’s adoption of security procedures and the overall effectiveness of HIPAA...

Comments  (4)

4c1c5119b03285e3f64bd83a8f9dfeec

The Perception Risks of Multi Language PaaS

September 14, 2011 Added by:Ben Kepes

It’s exciting times for PaaS players as they race to be the broadest, deepest player – but I wonder if this headlong rush to be everyone to everything isn’t going to impact on what their developers think of them. Are the new breed of uber-platforms, trying to be all things to all people?

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Ten History-Making Hackers Who Shaped Technology

September 14, 2011 Added by:Headlines

The ensemble is somewhat surprising - a collection of both white and black hat innovators who's activities often landed them on either side of the law, but who nonetheless had a tremendous impact on information technology as we know it today...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Simple Network Security Monitoring Tools

September 14, 2011 Added by:Dan Dieterle

You can then drill down from high level topics like Destination Country to recreations of the actual data sent in a few clicks. You can look at the information transferred including scripts, programs, pictures and videos. You can also search the entire data collected for specific identifiers...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Senator Seeks Punitive Model for Data Security Laws

September 14, 2011 Added by:Headlines

The devil is in the details with these laws. But there are a number of questions here... These companies are already victims in these attacks, so why are we penalizing them after a breach? I think that's because it's easier to issue fines than it is to track down the criminals and go after them..."

Comments  (0)

B09c361cbdc6cf629affdc7db30a186d

Friends, Foes and Faceless Denizens – The Real Social Network

September 14, 2011 Added by:Steven Fox, CISSP, QSA

The successful compromises of physical security on my social engineering engagements have been enabled by information gleaned from Facebook / MySpace pages. In these cases, my research allowed me to influence employee behavior to circumvent logical and physical access controls...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

U.S. - E.U. Collaborate on Smart Grid Standards

September 14, 2011 Added by:Headlines

"The potential benefits of Smart Grids are enormous, they can only be fully reached if we can all agree on global solutions. It is promising to see that NIST and SG-CG will be supporting common positions and areas of collaboration to ensure a consistent set of international standards..."

Comments  (0)

39728eff8ac87a48cfb050f0df29ceaa

SIEM: An Epitaph Blog Post

September 14, 2011 Added by:John Linkous

It is with sadness that today we announce the death of SIEM. Born to a fanfare of promises at the dawn of the information economy as we know it, SIEM was lauded as a tool that would protect an increasing volume of data from prying eyes and ne'er-do-wells - on the inside and the outside...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

SOX Compliance and Evolution to GRC Conference

September 14, 2011 Added by:Infosec Island Admin

While maintaining the focus on the continual optimization of the SOX program, 22nd edition conference will draw on the more recent challenges being faced by SOX professionals in light of the recent economic climate and new Dodd-Frank requirements...

Comments  (0)

0c9a263a54d950c6c0a7a0791e598a54

SharePoint DLP: Don't Bring a Gun to a Knife Fight

September 13, 2011 Added by:Thomas Logan

SharePoint's collaborative capabilities mean sensitive information can easily be put at risk. CIOs need to come up with a solution to this content security challenge, while still allowing the positive business benefits of SharePoint's collaboration capabilities in your organization...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

NLRB Report Reviews Social Media Enforcement Actions

September 13, 2011 Added by:David Navetta

The Associate General Counsel of the NLRB issued a report analyzing the Board’s recent social media enforcement actions. The report seeks to provide guidance to employers that want to ensure that their social media policies appropriately balance employee rights and company interests...

Comments  (0)

37d5f81e2277051bc17116221040d51c

How is All This Hacking Affecting My Identity?

September 13, 2011 Added by:Robert Siciliano

With so many different breeds of hackers, each with their own agenda, the media has certainly been more than willing to give them all the attention they could possibly want. Much of it has been sensationalist, but the reality is that we are indeed hemorrhaging information all over the place...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

INSA Releases Cyber Intelligence Report

September 13, 2011 Added by:Headlines

"We are not quite ready to propose a definitive definition... At this point, we are talking about threats that can originate anonymously within this cyber domain with potentially enormous consequences: physical destruction to economic chaos..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Why Visa Is Upset

September 13, 2011 Added by:PCI Guru

Visa’s beef with my post is the implied connotation by using the term ‘Chip and PIN’ that a PIN would be required. All I was trying to do was to provide an easily Google-able term for people interested in EMV. Such a complaint from Visa is laughable if it were not so sad...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Comodohacker Claims Windows Update Compromise

September 13, 2011 Added by:Headlines

“I’m able to issue Windows updates... I already reversed ENTIRE Windows update protocol, how it reads XMLs via SSL, which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API..."

Comments  (0)