Latest Posts
Cyber Security Goes Ballistic
April 16, 2013 Added by:Jarno Limnéll
Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.
Comments (0)
Into the Breach
April 16, 2013 Added by:Allan Pratt, MBA
One day, you come into the office and discover that your network has been breached. To make matters worse, your customer data has been stolen. What do you do?
Comments (0)
DLP and Business Needs
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
Comments (0)
UC Davis Uncovers Security Holes in Mobile Apps
April 16, 2013 Added by:InfosecIsland News
Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers at the University of California, Davis.
Comments (0)
Don’t Let Your Guard Down: Tragedies Pave Way for Phishing Attacks
April 16, 2013 Added by:Jake Garlie
Tragic events such as what happened during the Boston Marathon creates an opportunity for attackers in the digital world as well. With everyone scrambling for more information, the success rate of a phishing attack at this time can skyrocket.
Comments (0)
New Approaches for Blocking Zero-Day Exploits to Prevent APTs
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
Comments (1)
Are We Ready to be Consumers of Security Intelligence?
April 15, 2013 Added by:Tripwire Inc
Security teams need the right skills in order to ‘ready’ themselves for action, and before we get to engage in some some really advanced security intelligence, big data analysis, haddop, threat intelligence and a myriad of other buzz words, we will need to be able to accomplish the basics first.
Comments (0)
VPNs and Common-Sense Policies Make BYOD Safer
April 15, 2013 Added by:Patrick Oliver Graf
One drawback of BYOD is that each mobile operating system comes with its own architecture and security concerns. Any company that embraces BYOD and mobile technologies must account for the different platforms its employees use to complete work-related functions.
Comments (1)
Thoughts On Being Asked "How Do I Get Into Infosec?"
April 13, 2013 Added by:Krypt3ia
I got a request through a friend for a friend of that friends kid to talk to him about how to get into INFOSEC the other day. Now usually I am a curmudgeon (as you all know and love) and am loathe to be some sort of big brother of INFOSEC to anyone but in this case I said ok cuz I am just that nice.
Comments (0)
Kaspersky Lab Analyzes Active Cyberespionage Campaign Targeting Online Gaming Companies Worldwide
April 12, 2013 Added by:InfosecIsland News
Kaspersky Lab’s team of experts published a detailed research report that analyzes a sustained cyberespionage campaign conducted by the cybercriminal organization known as “Winnti.”
Comments (0)
Your Weekend Security Challenge: Password-Style
April 12, 2013 Added by:Le Grecs
Password managers will automatically fill in usernames and passwords as your target surfs around the web doing their usual things. I’ve found they just love this convenience and it serves as a great motivator for them to continue using it.
Comments (0)
Securing SCADA Systems - Why Choose Compensating Controls?
April 12, 2013 Added by:Eric Byres
This week, Eric looks at the pros and cons of using compensating controls as an alternative to patching, and discuss the requirements for success.
Comments (0)
Attack Vector Undefined: Dismantling ‘Defense in Depth’ through Power Grid.
April 12, 2013 Added by:Mikko Jakonen
Well, before COTS (Commercial Off The Shelve) came popular in military and other organizations thinking their security, this could have been avoided. Nowadays, very difficult. Even in trailers. You still need only one computer making possible to interact with others – in many different NETs existing :)
Comments (0)
Digital Natives, Digital Savages, and Immigration
April 12, 2013 Added by:Jack Daniel
It has been a while since I’ve written about “Digital Natives”, but Krypt3ia’s recent post Digital Natives, Digital Immigrants, Exo-Nationals and The Digital Lord of The Flies has me thinking about it again.
Comments (0)
Momma Said “Risk is Like a Box of Chocolates…”
April 10, 2013 Added by:Tripwire Inc
In the movie Forrest Gump, the main character comments, “life is like a box of chocolates – you never know what you’re gonna get.” I think the same can be said for risk.
Comments (1)
2013 SXSWi Security Trends in Technology
April 10, 2013 Added by:Robert Siciliano
At the SXSWi conference this year, mobile was a big deal—which meant mobile applications and their security are high on developers’ radars.
Comments (0)
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure
April 09, 2013 Added by:Ben Rothke
In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.
Comments (1)
Security Awareness: To Train or Not to Train?
April 08, 2013 Added by:Le Grecs
It's up for each organization to monitor their threats and weaknesses and use the appropriate set of controls to minimize their risk to an acceptable level. Perhaps security awareness is part of that ... perhaps it is not.
Comments (0)
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
Making Patching Work for SCADA and Industrial Control System Security
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.