Latest Posts

B857c2d01b284ca0422ae1830275de40

Sony Data Breach – Lessons for the End-Users

May 12, 2011 Added by:Nabeel Shamsi

One level of protection: Use virtual credit cards. Both Citi and Discover offer virtual credit cards, which can only be used at a single merchant. If someone gets your virtual card number, it is of no use to them...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

FBI Surveillance: If We Told You, You Might Sue

May 12, 2011 Added by:Headlines

"These businesses would be substantially harmed if their customers knew that they were furnishing information to the FBI. The stigma of working with the FBI would cause customers to cancel the companies' services and file civil actions to prevent further disclosure of subscriber information..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Obama Delivers Cybersecurity Strategy to Congress

May 12, 2011 Added by:Headlines

“We are now in a world in which cyber warfare is very real. It could threaten our grid system. It could threaten our financial system. It could paralyze this country, and I think that's an area we have to pay a lot more attention to..."

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Just How Overrated is Cyberspace Doomsday?

May 12, 2011 Added by:J. Oquendo

These environments are very complex. There would need to be years of reconnaissance with heavy financial investments to pull off a successful attack. Any attacker would have to cross their fingers and hope that their target did not upgrade, migrate, or change software...

Comments  (5)

3e35900ae6facc6c146a85c435c71d82

Auditing Security, Measuring Risk, and Promoting Compliance

May 11, 2011 Added by:Ben Rothke

In most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network...

Comments  (0)

972cda1e62b72640cb7ac702714a115f

NPV and ROSI Part II: Accounting for Uncertainty in the ARO

May 11, 2011 Added by:Kurt Aubuchon

Running the simulation for multiple ARO (Annualized Rate of Occurrence), you find the ARO at which the model begins to produce a positive ROSI in a majority of the simulations. You can determine how frequently a breach has to happen before a security investment makes sense...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

FTC Privacy Enforcement Update

May 11, 2011 Added by:David Navetta

With the Ceridian and Lookout settlements, the FTC wants to dispel the notion that it is focused solely on large scale, high profile privacy and information security violations affecting consumers. This is another reason to take a hard look at your company's compliance...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Source Code for Zeus Crimeware Toolkit Disclosed

May 11, 2011 Added by:Headlines

"With the source code in the wild it's likely we'll see an increase in attacks since lots of potential criminals might have been lacking both financials and trustworthiness to obtain their own license of this kit. Now being available as source code we'll likely see rebranding and modifications..."

Comments  (0)

37d5f81e2277051bc17116221040d51c

Just How Important is Cyberspace Defense?

May 11, 2011 Added by:Robert Siciliano

Critical infrastructures all depend on the electric grid. After a major attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Securing Applications at High Velocity

May 11, 2011 Added by:Rafal Los

While the blistering speed of application development and deployment may enable the business to be more agile and responsive to the changing business climate than ever, it creates unparalleled challenges for anyone with security as part of their job description...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Android Malware Increased 400% Over Six Months

May 11, 2011 Added by:Headlines

"App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks..."

Comments  (0)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Which Version of the Security+ Exam Will You Try?

May 11, 2011 Added by:Global Knowledge

Attempting the new exam offers the opportunity to become certified on the latest and greatest version of the test and, after all, almost everyone likes something new. So here’s my question to each of you: When such situations arise which exam would you plan to attempt?

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Does ISO 27001 Mean That Information is 100% Secure?

May 10, 2011 Added by:Dejan Kosutic

ISO 27001 certification guarantees that the company complies with the standard and with its own security rules; it guarantees that the company has taken all the relevant security risks into account and that it has undertaken a comprehensive approach to resolve major risks...

Comments  (1)

44a2e0804995faf8d2e3b084a1e2db1d

U.S. Redefines Cyberspace in an Effort to Deny Cyberwar?

May 10, 2011 Added by:Don Eijndhoven

The attacks on the Pentagon networks, the plundering of its email servers, the 2007 attacks on Estonia, the 2008 attacks on Georgia and the 2009 attacks on both the US as well as South Korea should sway any sane person from the notion that cyberwar denial will solve the problem...

Comments  (5)

Af9c34417f8e5e0d240850bb353b5d40

Proposal for an All-or-Nothing Secure Software Standard

May 10, 2011 Added by:Keith Mendoza

Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

Anonymous: Not So Headless or Immune to Insider Threats

May 10, 2011 Added by:Infosec Island Admin

This is a grand social experiment that is being played out on the Internet for all to see. No matter how many times the groups may claim that they are leaderless and merely a collective, Anonymous will by their very human and social natures gravitate toward a leadership modality...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Security Experts Launch Cybersecurity Index Resource

May 10, 2011 Added by:Headlines

The Index of Cyber Security is a measure of the risk to the corporate, industrial, and governmental information infrastructure. It is sentiment-based in recognition of the rapid change in cybersecurity threats and the state of cybersecurity metrics as a practical art...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI QSA Re-Certification – 2011 Edition

May 10, 2011 Added by:PCI Guru

Regardless of whether or not software is PA-DSS certified, the bottom line is that a QSA is going to be required to assess the application for compliance with the PCI DSS and will have more work effort if the software is not PA-DSS certified...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten Cyber Crime Skills in High Demand

May 10, 2011 Added by:Headlines

"The cyber underground now consist of subject matter experts that can focus all their time and energy on improving their techniques, their goods and services," said Steven Chabinsky, deputy assistant director in the FBI's cyber division...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On the Sony PSN Breach and Commenting

May 10, 2011 Added by:Anton Chuvakin

Most likely, Sony was validated as PCI DSS compliant at some point. Was there a QSA involved? I don’t know, but I’d guess they are comprised of multiple Level 2 (and below) merchants, not one Sony-wide Level 1. Thus they self-assessed via SAQ...

Comments  (0)