June 20, 2013 Added by:Rafal Los
Private industry and corporations alike are talking about “hack-back.” It’s no secret I believe that “hack-back” is a bad idea, for many reasons.
June 20, 2013 Added by:Eric Chiu
In a competitive business environment, reputation is a critical differentiator. Any company that suffers from a major data breach, instigated by an employee with a small grudge and big access, could face devastating consequences to the corporate brand, and to the bottom line.
June 18, 2013 Added by:Tripwire Inc
This post is all about Control 13 of the CSIS 20 Critical Security Controls – Boundary Defense. Here we explore the (29) requirements I’ve parsed out of the control.
June 14, 2013 Added by:Vinod Mohan
Given the expanding threat landscape for the SMB and the increased demand for affordable IT security tools, here are five valuable tips for IT pros that help shed light on managing enterprise security on a budget.
June 12, 2013 Added by:Ian Tibble
The notion that VA tools really can be used to give a decent picture of vulnerability is still heavily embedded, and that notion in itself presents a serious vulnerability for businesses.
June 07, 2013 Added by:Michael Fornal
Identity Management applications are slowly gaining speed in the security realm as an important tool in managing provisions of an applications or to aid in gaining a handle on compliance and identity governance.
May 17, 2013 Added by:Luis Corrons
IT Departments are very often one step behind users, and unfortunately in most cases there is no real control over all devices on the corporate network. Despite perimeter solutions still being a necessity, the corporate perimeter must now expand to include new devices (mainly smartphones and tablets) that also handle confidential corporate information.
May 16, 2013 Added by:Anthony M. Freed
The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, recently issued an advisory warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.
May 13, 2013 Added by:InfosecIsland News
As an Infosec Island reader, we are pleased to offer you the following complimentary IT security resources for the week of May 13, 2013.
May 10, 2013 Added by:Steve Ragan
Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
May 07, 2013 Added by:Jarno Limnéll
In reality, a well-prepared cyber attack does not need to last for 15 minutes to succeed. After preparations it takes only seconds to conduct the attack which may hit targets next door as well as those on the other side of the world.
May 07, 2013 Added by:InfosecIsland News
A new report from the Pentagon marked the most explicit statement yet from the United States that it believes China's cyber spying is focused on the US government, as well as American corporations.
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
April 16, 2013 Added by:Jarno Limnéll
Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
Israeli Military and Hamas trade Hacking Att... lara croft on 07-31-2014
Cyphort Detects Surge in Ad Network Infectio... smith alexander on 07-30-2014
"Fake ID" Android Vulnerability in Lets Mali... smith alexander on 07-30-2014