Consulting
The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal
March 19, 2013 Added by:Rafal Los
It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'
Comments (0)
New York Times Attacks Show Need For New Security Defenses
February 01, 2013 Added by:Infosec Island
The recent attacks against the New York Times allegedly carried out by the Chinese military highlight the importance of layered security to protect sensitive systems and data.
Comments (0)
UP and to the RIGHT: Strategy and Tactics of Analyst Influence
July 23, 2012 Added by:Ben Rothke
If up and to the right is the desired Magic Quadrant location, how does one get there? For many tech firms, they often are clueless. In this book, Stiennon provides clear direction. For those looking to make the expedition to the land of Gartner, this book is a veritable Berlitz Guide on how to make the journey...
Comments (0)
Definition of a Real Security Consultant
November 11, 2011
No longer are arms or industrial might the measure of a country’s superiority, it resides within the information it holds. So if you have information that needs protecting and nobody else can help, you know what to do... just use a suitable encryption algorithm to render it unreadable...
Comments (1)
Business Continuity for SMB's – A Necessity or Not?
April 13, 2011 Added by:Dejan Kosutic
There is no difference between large organizations and small with regard to business continuity framework - they both have to think in detail what preparations they need to perform in order to survive a disaster. The difference is SMB's can do it with very little investment...
Comments (0)
She Blinded Me With Infosec...
April 11, 2011 Added by:Scot Terban
One must admit that no matter how many times an assessment is carried out and things are found/exploited there are ALWAYS more vulnerabilities being introduced. You will never get them all and the client, if they understand this, will become inured to it...
Comments (0)
OSSTMM 2.2 to 3 - a long trail!
December 13, 2010 Added by:Joerg Simon
Nearly every Standard who implements Security Management into Business Processes, require, that the results from security tests, as base for risk assessment, ensures to have comparable and reproducible results. How to ensure that? The OSSTMM is the perfect Guide. And the auditing department will love the results out of the OSSTMM Metric - the Risk Assessment Values (rav).
Comments (0)
Most annoying consultants
June 13, 2010 Added by:Javvad Malik
Infosec would have a better reputation if all consultants were perfect like me. When speaking to a project manager, we should have completed our research. Scoured the internet, finding out what a particular application does and how many security vulnerabilities are out there. The list goes on, but suffice to say a good consultant always does their homework before they actually start talking t...
Comments (3)
In Rebuke of China
February 02, 2010 Added by:Tom Schram
In the current issue of Foreign Affairs, former NATO Commander General Wesley K. Clark and current Department of Veteran Affairs CTO Peter Levin write: “There is no form of military combat more irregular than an electronic attack: It is extremely cheap, is very fast, can be carrier out anonymously, and can disrupt or deny critical servi...
Comments (3)
More COFEE Please, on Second Thought…
November 09, 2009 Added by:Daniel Kennedy
The forensics tool provided to law enforcement officials created by Microsoft called COFEE (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement. Let’s see if the big deal is warranted.
Comments (0)
From the Web
Government accused of ‘cover up’ over lost farmer tapes
November 06, 2009 from: Office of Inadequate Security
The Department of Environment Food and Rural Affairs (Defra) has been accused of a “cover up” after two back-up tapes went missing containing the banking details of around 100,000 farmers.
Comments (0)
From the Web
Senate Panel Clears Data Breach Bills
November 05, 2009 from: Office of Inadequate Security
The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.
Comments (0)
From the Web
Man charged with developing and distributing cable network hacking tools
November 02, 2009 from: Office of Inadequate Security
Charges were unsealed in federal court in Massachusetts against an Oregon man and the company he founded, TCNISO, alleging that they developed and distributed products that allowed users to modify their cable modems and obtain internet access without paying for it.
Comments (0)
Good enough security?
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
Comments (2)
IT Security - Defense in Depth Protection using a Data-centric Model
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
Comments (5)
From the Web
Black Box vs White Box. You are doing it wrong.
October 28, 2009 from: Jeremiah Grossman's Blog
A longstanding debate in Web application security, heck all of application security, is which software testing methodology is the best -- that is -- the best at finding the most vulnerabilities. Is it black box (aka: vulnerability assessment, dynamic testing, run-time analysis) or white box (aka: source code review, static analysis)? Some advocate that a combination of the two will yield the most ...
Comments (1)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!