Security Management
Ethics of Big Data: Balancing Risk and Innovation
December 18, 2012 Added by:Ben Rothke
While few organizations have specific policies around big data, even less how though about the ways in which people in their organization use that data and the ethical issues involved. The benefits of big data analytics are significant, but the potential for abuse is also considerable...
Comments (0)
All Aboard
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
Comments (0)
Security is Inconvenient, Deal With It!
December 17, 2012 Added by:Keith Mendoza
ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...
Comments (2)
The "January Effect" - An Annual Phenomenon Since 2009
December 16, 2012 Added by:Jeffrey Carr
A phenomenon that I've noticed each year since 2009 - a major breach or act of cyber warfare that kicks off the New Year. It may start in December and then get publicized in January, or happen in January and get publicized a bit later but it has happened four years in a row now so I fully expect it to occur once again...
Comments (1)
Do Better Technical Controls Increase People Focused Attacks?
December 16, 2012 Added by:Simon Moffatt
Social engineering can be seen as a more direct approach to exposing real security assets such as passwords, processes, keys and so on. Via subtle manipulation, carefully planned framing and scenario attacks, through to friending and spear phishing, people are increasingly becoming the main target...
Comments (0)
Mobile Devices get means for Tamper-Evident Forensic Auditing
December 13, 2012 Added by:Michelle Drolet
In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...
Comments (0)
Calling on Congress: Time to Fix Copyright
December 13, 2012 Added by:Electronic Frontier Foundation
It shouldn't be controversial to demand evidence-based policies in the copyright space. But Congress has failed to engage in an informed discussion over which copyright policies advance the public interest, and which ones cause harm. That's why we're supporting our friends at Fight for the Future...
Comments (0)
The INFOSEC Naughty List 2012: “The Twelve Charlatans of Christmas” Edition
December 12, 2012 Added by:Scot Terban
But seriously folks, this post may be cathartic for me and a chuckle for you, but in reality it will change nothing. The douches will be douchey and the charlatans will sell their cyber snake oils. Enjoy the charlatanism and douchery...
Comments (0)
The 3-C Model
December 12, 2012 Added by:Joel Harding
Information Operations is changing from a focus on the former five components to ‘how’ IO works. What is lacking is a model. Without a model we can talk about IO in a general sense but there are no ways to divvy up what we do into logical divisions, dissuading useful discussions within our field...
Comments (0)
Managing the Social Impact of Least Privilege
December 10, 2012 Added by:Paul Kenyon
In organizations where IT policy hasn’t been enforced or where users expect to have full autonomy over PCs, the transition to least privilege desktops must be carefully planned, so the IT department doesn’t face a user revolt. Make sure to set users’ expectations accordingly...
Comments (0)
Compliance Combines with Vulnerability Scanning to Create Aegify
December 10, 2012 Added by:Michelle Drolet
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...
Comments (1)
If you are not serious enough about your security don’t expect your IT service provider to care
December 10, 2012 Added by:Hani Banayoti
Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...
Comments (0)
Organizational Influence via Security Team Branding
December 09, 2012 Added by:Steven Fox, CISSP, QSA
Hacker Halted 2012 was full of personalities; executives, technologists, students and security enthusiasts – each one with stories that fueled conversations and debate. Technical and business erudition dominated the speaker sessions and the hacking competitions...
Comments (0)
Information Security: Why Bother?
December 09, 2012 Added by:Simon Moffatt
The question, often raised as a bargaining tool, is often focused on the, ‘well I understand what you propose and I know it will increase the security of scenario X, but why should I do it?’. In honesty, it is a good question...
Comments (3)
How I Learned to Love Incident Management
December 08, 2012 Added by:Tripwire Inc
Incident Management is particularly interesting in the light of the recent attacks on Vmware, Symantec and a host of other companies and internet properties. It all boils down to a fairly straight forward question…when an incident occurs, how does your security team respond?
Comments (0)
Focus on the Host
December 06, 2012 Added by:Matthew McWhirt
The traditional concept of enterprise security monitoring typically encompasses observing and mitigating threats at the perimeter of the organization. While there is still a necessity for this model of security monitoring, the true notion of enterprise continuous monitoring practices must include a focus on the host...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)