April 16, 2013 Added by:Jarno Limnéll
Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
April 16, 2013 Added by:InfosecIsland News
Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers at the University of California, Davis.
April 16, 2013 Added by:Jake Garlie
Tragic events such as what happened during the Boston Marathon creates an opportunity for attackers in the digital world as well. With everyone scrambling for more information, the success rate of a phishing attack at this time can skyrocket.
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
April 15, 2013 Added by:Tripwire Inc
Security teams need the right skills in order to ‘ready’ themselves for action, and before we get to engage in some some really advanced security intelligence, big data analysis, haddop, threat intelligence and a myriad of other buzz words, we will need to be able to accomplish the basics first.
April 15, 2013 Added by:Patrick Oliver Graf
One drawback of BYOD is that each mobile operating system comes with its own architecture and security concerns. Any company that embraces BYOD and mobile technologies must account for the different platforms its employees use to complete work-related functions.
April 13, 2013 Added by:Krypt3ia
I got a request through a friend for a friend of that friends kid to talk to him about how to get into INFOSEC the other day. Now usually I am a curmudgeon (as you all know and love) and am loathe to be some sort of big brother of INFOSEC to anyone but in this case I said ok cuz I am just that nice.
April 12, 2013 Added by:InfosecIsland News
Kaspersky Lab’s team of experts published a detailed research report that analyzes a sustained cyberespionage campaign conducted by the cybercriminal organization known as “Winnti.”
April 12, 2013 Added by:Le Grecs
Password managers will automatically fill in usernames and passwords as your target surfs around the web doing their usual things. I’ve found they just love this convenience and it serves as a great motivator for them to continue using it.
April 12, 2013 Added by:Eric Byres
This week, Eric looks at the pros and cons of using compensating controls as an alternative to patching, and discuss the requirements for success.
April 12, 2013 Added by:Mikko Jakonen
Well, before COTS (Commercial Off The Shelve) came popular in military and other organizations thinking their security, this could have been avoided. Nowadays, very difficult. Even in trailers. You still need only one computer making possible to interact with others – in many different NETs existing :)
April 12, 2013 Added by:Jack Daniel
It has been a while since I’ve written about “Digital Natives”, but Krypt3ia’s recent post Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies has me thinking about it again.
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure
April 09, 2013 Added by:Ben Rothke
In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.
April 08, 2013 Added by:Le Grecs
It's up for each organization to monitor their threats and weaknesses and use the appropriate set of controls to minimize their risk to an acceptable level. Perhaps security awareness is part of that ... perhaps it is not.
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.