Technology
These Cloud and Big Data Things are REALLY Cool
January 29, 2013 Added by:Fergal Glynn
Technology, if used correctly and done in a collaborative manner can be incredibly powerful. It can help answer questions that otherwise would go unanswered. It has helped solve medical issues, predict an election with a high degree of accuracy, and enabled developers worldwide to identify software flaws...
Comments (0)
UPnP Security Flaws Expose 40-50 Million Networked Devices
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
Comments (0)
Data Privacy, Information Security and Cyber Insurance Trends Report 2013
January 29, 2013
This exclusive report has many well known top industry experts that have offered their their thoughts on what they think, feel and should happen in 2013 as it pertains to Data Privacy, Information Security and Cyber Insurance and what steps can be taken to mitigate risk...
Comments (0)
Trojans for the Bundestag – German PD acquired Finfisher
January 29, 2013 Added by:Don Eijndhoven
German political platform NetzPolitik.org has now uncovered secret documents belonging to the Ministry of Finance, that the Ministry of the Interior sent to the Bundestag (the political seat of Germany) that reveals the German Federal Police’s intention to use Gamma Group’s Finfisher spyware...
Comments (0)
Surface Mapping Pays Off
January 29, 2013 Added by:Brent Huston
You have heard us talk about surface mapping applications during an assessment before. You have likely even seen some of our talks about surface mapping networks as a part of the 80/20 Rule of InfoSec. But, we wanted to discuss how that same technique extends into the physical world as well....
Comments (0)
Mobile Device Security in a BYOD World
January 29, 2013 Added by:Robert Siciliano
If you choose to use your personal device for employment purposes then your employer may take control over that device to protect themselves. In a company mobile liability policy, the employer often has remote capabilities to monitor activity and in the event of loss or employee termination wipe the data...
Comments (0)
Information Security Management Handbook
January 28, 2013 Added by:Ben Rothke
While the book is organized under the CISSP CBK domains, it should not readily be used as a primary reference for those studying for the CISSP exam, given its unmanageable length as a primary reference...
Comments (0)
Pre-Authorization Data – The Card Brands Weigh In
January 28, 2013 Added by:PCI Guru
Acquiring banks, for the most part, cannot answer basic questions about the PCI DSS, so we are supposed to believe that they are experts on retention of pre-authorization data based on a company’s vertical market and region? Talk about passing the buck...
Comments (0)
The Rise of Exploit Kits According to Solutionary SERT
January 28, 2013 Added by:Pierluigi Paganini
The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...
Comments (0)
Information Sharing and Asymmetric Advantage
January 27, 2013 Added by:Tripwire Inc
One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...
Comments (0)
Ensuring Continuity of Services During Change Incidents
January 25, 2013 Added by:Bozidar Spirovski
Services are most vulnerable during change. Continuity of service needs to be ensured during change, and large portions of several ISO and BSI standards are focused on proper management of change. However well controlled, an incident can occur during the change, thus causing failure of service...
Comments (2)
Get Your Security BSides On In San Francisco
January 24, 2013 Added by:Security BSides
The goal of Security BSides is to expand the spectrum of conversation beyond the traditional confines of space and time. The conferences create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration...
Comments (1)
Power to the People and the Coming AppSec Revolution
January 24, 2013 Added by:Fergal Glynn
It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...
Comments (0)
CISO Challenges: The Build vs. Buy Problem (2:2)
January 24, 2013 Added by:Rafal Los
In order to not incur additional risk to the business, the organization being outsourced to must be heavily vetted and contractually obligated to maintain secrecy and integrity. It can be done, but it's tricky, and requires work in due-diligence to ensure the result isn't a train wreck during a worst-case scenario...
Comments (0)
Three Tips for Effective Vulnerability Assessments
January 23, 2013 Added by:Dan Dieterle
Regular vulnerability assessments are essential because threats to your network security continually change and evolve, and your security should be able to match this. A user’s PC or network access point might be secure today, but it could become completely vulnerable tomorrow...
Comments (0)
Five Ways to Recognize Data Privacy Day
January 23, 2013 Added by:Allan Pratt, MBA
It is our responsibility, each and every one of us, to protect our data and our digital footprints, so here are five easy ways to recognize this annual event. But in order to be safe online on a regular basis, practice these activities on a monthly as opposed to annual basis...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)