Technology
Managing My Company’s Security is a Nightmare
May 17, 2013 Added by:Luis Corrons
IT Departments are very often one step behind users, and unfortunately in most cases there is no real control over all devices on the corporate network. Despite perimeter solutions still being a necessity, the corporate perimeter must now expand to include new devices (mainly smartphones and tablets) that also handle confidential corporate information.
Comments (0)
The Evolution of Industrial Control System Information Sharing
May 16, 2013 Added by:Anthony M. Freed
The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, recently issued an advisory warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.
Comments (0)
Complimentary IT Security Resources [May 13, 2013]
May 13, 2013 Added by:InfosecIsland News
As an Infosec Island reader, we are pleased to offer you the following complimentary IT security resources for the week of May 13, 2013.
Comments (0)
Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
May 10, 2013 Added by:Steve Ragan
Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.
Comments (1)
Do You Have a Vendor Security Check List? You Should!
May 09, 2013 Added by:Michael Fornal
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
Comments (0)
Resilience ‒ The way to Survive a Cyber Attack
May 07, 2013 Added by:Jarno Limnéll
In reality, a well-prepared cyber attack does not need to last for 15 minutes to succeed. After preparations it takes only seconds to conduct the attack which may hit targets next door as well as those on the other side of the world.
Comments (0)
Pentagon Ups Cyber Espionage Accusations Against China
May 07, 2013 Added by:InfosecIsland News
A new report from the Pentagon marked the most explicit statement yet from the United States that it believes China's cyber spying is focused on the US government, as well as American corporations.
Comments (0)
Deconstructing 'Defensible' - Too Many Assets, not Enough Resources
April 19, 2013 Added by:Rafal Los
In just about every organization (with little exception) there are more things to defend than there are resources to defend with. Remember playing the game of Risk, when you were a kid? Maybe you still have the game now... amazing how close to that board game your life in InfoSec is now, isn't it?
Comments (0)
Cyber Security Goes Ballistic
April 16, 2013 Added by:Jarno Limnéll
Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.
Comments (0)
DLP and Business Needs
April 16, 2013 Added by:Scott Thomas
Most non-IT people know about DLP only when the IT organization contacts them to let them know they did something they shouldn't have. For those of us that have to deal with the policies, the alerts, and sending those notices, it can be more complicated.
Comments (0)
New Approaches for Blocking Zero-Day Exploits to Prevent APTs
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
Comments (1)
Are We Ready to be Consumers of Security Intelligence?
April 15, 2013 Added by:Tripwire Inc
Security teams need the right skills in order to ‘ready’ themselves for action, and before we get to engage in some some really advanced security intelligence, big data analysis, haddop, threat intelligence and a myriad of other buzz words, we will need to be able to accomplish the basics first.
Comments (0)
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure
April 09, 2013 Added by:Ben Rothke
In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.
Comments (1)
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
Making Patching Work for SCADA and Industrial Control System Security
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
Comments (0)
The Threat to Industrial Control Systems from Physical Persistent Design Features (PPDF)
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox