December 20, 2011 Added by:Bill Gerneglia
The FedRAMP was established to provide a standard approach to Assessing and Authorizing cloud computing services. FedRAMP allows joint authorizations and continuous security monitoring services for Government and Commercial cloud computing systems intended for multi-agency use...
December 20, 2011 Added by:Rafal Los
While often missed, this component of security is one of the most critical when it comes to understanding, and fighting the loss of data in your organization in a very real, tangible way. There are three types of threats you want to be aware of from the physical perspective...
December 20, 2011 Added by:Headlines
"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware InBatch Runtime Client components," the ICS-CERT advisory warns...
December 19, 2011 Added by:Kanguru Solutions
Adding encryption is a relatively easy and cost effective way to secure your organizations data without adding significant cost or complexity. For organizations dealing with confidential information (healthcare, banking, government) it should be mandatory...
December 19, 2011 Added by:Danny Lieberman
An attack could be mounted on the STB/NPVR network to steal master keys and decrypt encrypted content. The cost of mounting the attack is far greater than the alternative of buying HD DVD media on the open market and producing pirated copies or ripping and putting it on a Torrent...
December 19, 2011 Added by:Electronic Frontier Foundation
There is an additional configuration file (called a "Profile") that determines what information is sent from the phone to a carrier. Profiles are programs in a domain-specific filtering language - they are normally written by Carrier IQ to the specifications of a telco or other client...
December 19, 2011
"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."
December 19, 2011 Added by:Rafal Los
I don't know of a bigger detractor to security than a broken enterprise change management process... whether you work for a million node global corporation, or a company with 100 laptops and an outsourced IT - poor change management will be the death of your security posture, period...
December 18, 2011 Added by:Josh Shaul
If you are a gamer and you use any online gaming network or service, please be vigilant and cautious. Don't click on any offer that comes in via email, and don't signing up for anything gaming related unless you are doing so direct from the software manufacturer or gaming network...
December 18, 2011 Added by:Robb Reck
Successful information security is about making progress. It’s not reasonable or sustainable to expect all risks to be remediated as soon as they are discovered. Instead, my goal for 2012 will be to establish a positive trend, working toward improving security consistently...
December 16, 2011 Added by:Ed Moyle
Credit unions, by virtue of their regulatory context, have more "interpretive latitude" in how technical security controls get implemented. Meaning they should try on PCI compliance before calling out merchants - especially the big ones - for having it soft...
December 16, 2011 Added by:Rafal Los
There is an operational perspective in terms of provider transparency. We are now starting to see cases where a SaaS service offering is built on top of a PaaS service, built using multiple IaaS services and that is enough to make anyone's head spin...
December 16, 2011 Added by:Jason Clark
Many CISOs are getting questions specifically about whether they are protected from targeted attacks, malware, and data breaches. And many of these questions are coming from people who don’t really know what terms like “targeted attack” or “malware” actually mean - the Board of Directors...
December 15, 2011 Added by:PCI Guru
You would think this question would be easy to answer when talking about the PCI standards because all that processes, stores or transmits cardholder data is in-scope. However, the nuances in the implementation of technological solutions do not always allow a black and white answer...
Security Risks of Telecommuting... Marek Hudczak on 08-18-2014
Don’t Let Your Guard Down: Tragedies Pave ... shahbaz ocpfsd1 on 08-16-2014