Latest Posts


Sony Data Breach – Lessons for the End-Users

May 12, 2011 Added by:Nabeel Shamsi

One level of protection: Use virtual credit cards. Both Citi and Discover offer virtual credit cards, which can only be used at a single merchant. If someone gets your virtual card number, it is of no use to them...

Comments  (0)


FBI Surveillance: If We Told You, You Might Sue

May 12, 2011 Added by:Headlines

"These businesses would be substantially harmed if their customers knew that they were furnishing information to the FBI. The stigma of working with the FBI would cause customers to cancel the companies' services and file civil actions to prevent further disclosure of subscriber information..."

Comments  (0)


Obama Delivers Cybersecurity Strategy to Congress

May 12, 2011 Added by:Headlines

“We are now in a world in which cyber warfare is very real. It could threaten our grid system. It could threaten our financial system. It could paralyze this country, and I think that's an area we have to pay a lot more attention to..."

Comments  (0)


Just How Overrated is Cyberspace Doomsday?

May 12, 2011 Added by:J. Oquendo

These environments are very complex. There would need to be years of reconnaissance with heavy financial investments to pull off a successful attack. Any attacker would have to cross their fingers and hope that their target did not upgrade, migrate, or change software...

Comments  (5)


Auditing Security, Measuring Risk, and Promoting Compliance

May 11, 2011 Added by:Ben Rothke

In most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network...

Comments  (0)


NPV and ROSI Part II: Accounting for Uncertainty in the ARO

May 11, 2011 Added by:Kurt Aubuchon

Running the simulation for multiple ARO (Annualized Rate of Occurrence), you find the ARO at which the model begins to produce a positive ROSI in a majority of the simulations. You can determine how frequently a breach has to happen before a security investment makes sense...

Comments  (0)


FTC Privacy Enforcement Update

May 11, 2011 Added by:David Navetta

With the Ceridian and Lookout settlements, the FTC wants to dispel the notion that it is focused solely on large scale, high profile privacy and information security violations affecting consumers. This is another reason to take a hard look at your company's compliance...

Comments  (0)


Source Code for Zeus Crimeware Toolkit Disclosed

May 11, 2011 Added by:Headlines

"With the source code in the wild it's likely we'll see an increase in attacks since lots of potential criminals might have been lacking both financials and trustworthiness to obtain their own license of this kit. Now being available as source code we'll likely see rebranding and modifications..."

Comments  (0)


Just How Important is Cyberspace Defense?

May 11, 2011 Added by:Robert Siciliano

Critical infrastructures all depend on the electric grid. After a major attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied...

Comments  (0)


Securing Applications at High Velocity

May 11, 2011 Added by:Rafal Los

While the blistering speed of application development and deployment may enable the business to be more agile and responsive to the changing business climate than ever, it creates unparalleled challenges for anyone with security as part of their job description...

Comments  (0)


Android Malware Increased 400% Over Six Months

May 11, 2011 Added by:Headlines

"App store processes of reactively removing applications identified as malicious after they have been installed by thousands of users is insufficient as a means to control malware proliferation. There are specifics steps users must take to mitigate mobile attacks..."

Comments  (0)


Which Version of the Security+ Exam Will You Try?

May 11, 2011 Added by:Global Knowledge

Attempting the new exam offers the opportunity to become certified on the latest and greatest version of the test and, after all, almost everyone likes something new. So here’s my question to each of you: When such situations arise which exam would you plan to attempt?

Comments  (0)


Does ISO 27001 Mean That Information is 100% Secure?

May 10, 2011 Added by:Dejan Kosutic

ISO 27001 certification guarantees that the company complies with the standard and with its own security rules; it guarantees that the company has taken all the relevant security risks into account and that it has undertaken a comprehensive approach to resolve major risks...

Comments  (1)


U.S. Redefines Cyberspace in an Effort to Deny Cyberwar?

May 10, 2011 Added by:Don Eijndhoven

The attacks on the Pentagon networks, the plundering of its email servers, the 2007 attacks on Estonia, the 2008 attacks on Georgia and the 2009 attacks on both the US as well as South Korea should sway any sane person from the notion that cyberwar denial will solve the problem...

Comments  (5)


Proposal for an All-or-Nothing Secure Software Standard

May 10, 2011 Added by:Keith Mendoza

Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...

Comments  (4)


Anonymous: Not So Headless or Immune to Insider Threats

May 10, 2011 Added by:Infosec Island Admin

This is a grand social experiment that is being played out on the Internet for all to see. No matter how many times the groups may claim that they are leaderless and merely a collective, Anonymous will by their very human and social natures gravitate toward a leadership modality...

Comments  (0)


Security Experts Launch Cybersecurity Index Resource

May 10, 2011 Added by:Headlines

The Index of Cyber Security is a measure of the risk to the corporate, industrial, and governmental information infrastructure. It is sentiment-based in recognition of the rapid change in cybersecurity threats and the state of cybersecurity metrics as a practical art...

Comments  (0)


PCI QSA Re-Certification – 2011 Edition

May 10, 2011 Added by:PCI Guru

Regardless of whether or not software is PA-DSS certified, the bottom line is that a QSA is going to be required to assess the application for compliance with the PCI DSS and will have more work effort if the software is not PA-DSS certified...

Comments  (0)


Top Ten Cyber Crime Skills in High Demand

May 10, 2011 Added by:Headlines

"The cyber underground now consist of subject matter experts that can focus all their time and energy on improving their techniques, their goods and services," said Steven Chabinsky, deputy assistant director in the FBI's cyber division...

Comments  (0)


On the Sony PSN Breach and Commenting

May 10, 2011 Added by:Anton Chuvakin

Most likely, Sony was validated as PCI DSS compliant at some point. Was there a QSA involved? I don’t know, but I’d guess they are comprised of multiple Level 2 (and below) merchants, not one Sony-wide Level 1. Thus they self-assessed via SAQ...

Comments  (0)