Latest Blog Posts
'Mafia Wars' CEO Brags About Scamming Users from Day One
November 29, 2009 Added by:Infosec Island Admin
I've never played Mafia Wars myself, but it's a very popular Facebook game that many of my friends play and annoy me with the constant broadcast news feed messages. It's one of the more popular Facebook applications and -like most of them- pose a real risk to the players and players friends within the Facebook community.
Comments (3)
Internet Security Alliance: Cyber Security is Economic Issue
November 18, 2009 Added by:Anthony M. Freed
"The President is correct in his appreciation of the need to view cyber security as... an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other..."
Comments (0)
Emerging Technologies that can Reduce PCI Scope
November 17, 2009 Added by:Sean Inman
In recent months, the PCI Security Standards Council has continued to weigh the merits of what they have deemed as “emerging technologies”. The first is end to end encryption and the other is tokenization. These two solutions have quickly become the favorites among all other emerging technologies.
Comments (0)
Road Map for an Application/Software Security Architect (Part 3)
November 11, 2009 Added by:Stephen Primost
Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...
Comments (0)
More COFEE Please, on Second Thought…
November 09, 2009 Added by:Daniel Kennedy
The forensics tool provided to law enforcement officials created by Microsoft called COFEE (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement. Let’s see if the big deal is warranted.
Comments (0)
Road Map for an Application/Software Security Architect (Part 2)
November 02, 2009 Added by:Stephen Primost
Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...
Comments (0)
Searching for Return on Security Investments
November 02, 2009 Added by:Andrew Baker
There are several major challenges to the successful implementation of good information security in many organizations today. It is not because business owners do not think that security is important. No, the issues exist because they do not grasp the complexities that embody the Information Security profession, and thus make decisions that fail to account for the many nuances of a pro...
Comments (5)
A Loss of One of Our Own
October 29, 2009 Added by:Sandra Avery
I am still shocked and saddened by the very sudden loss of David Taylor, founder of PCI knowledgebase. David passed away on Tuesday after suffering a sudden heart attack. Those of us who have anything to do with PCI compliance either know or know of David Taylor.
Comments (1)
Good enough security?
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
Comments (2)
IT Security - Defense in Depth Protection using a Data-centric Model
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
Comments (5)
Why Infosec Languishes, Part II
October 28, 2009 Added by:Jim Anderson
Although external forces including economic downturn and market specific slowdowns do have their impact, these external forces alone often cannot explain why information security makes so little progress. This phenomenon is often true even in situations where senior infosec leadership is experienced, holds multiple certifications, and otherwise commands an excellent grasp of the multip...
Comments (0)
Sun Tzu quotes from The Art of War compared to Information Security
October 26, 2009 Added by:Sean Inman
I just finished up this great book The Art of War, by Sun Tzu. There are many different versions the one I read was “The Art of War for Managers; 50 Strategic Rules”. I wanted to share some quotes from Sun Tzu and how I think they tie to Information Security.
Comments (0)
Road Map for an Application/Software Security Architect (Part 1)
October 26, 2009 Added by:Stephen Primost
With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as to what constitutes an “application problem”. One j...
Comments (2)
Lies, Damn Lies, Statistics & Risk Management
October 24, 2009 Added by:Todd Zebert
Past willful risky behavior, and then outright foolishness, we have Risk Mismanagement. We’ve all head the quote “Lies, damned lies, and statistics” (author unknown) with its intention that statistics can be used to lie persuasively or lend credence to otherwise suspect arguments. With Risk Management we’ve layered Management on top of statistics - this is where things can ...
Comments (0)
Useless Account Control
October 22, 2009 Added by:Sudha Nagaraj
In these days of heightened security awareness, I would think any and every operating system should boast of a robust anti-virus software suite. The fact that Microsoft released its much-awaited and highly proclaimed Windows 7 OS today without built-in anti-virus software continues to puzzle me.
Comments (0)
A Host of Insecurities about Security
October 21, 2009 Added by:Sudha Nagaraj
Security concerns will continue to dominate the IT sphere for a while. Governments are crying hoarse to put in preventive measures, the security industry is struggling to make up for losses suffered in a recessionary environment, enterprises are growing paranoid about the ‘insider threat’ and the small and medium enterprises are waking up to the need for security management.