Latest Blog Posts
IT Security - Defense in Depth Protection using a Data-centric Model
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
Comments (5)
Why Infosec Languishes, Part II
October 28, 2009 Added by:Jim Anderson
Although external forces including economic downturn and market specific slowdowns do have their impact, these external forces alone often cannot explain why information security makes so little progress. This phenomenon is often true even in situations where senior infosec leadership is experienced, holds multiple certifications, and otherwise commands an excellent grasp of the multip...
Comments (0)
Sun Tzu quotes from The Art of War compared to Information Security
October 26, 2009 Added by:Sean Inman
I just finished up this great book The Art of War, by Sun Tzu. There are many different versions the one I read was “The Art of War for Managers; 50 Strategic Rules”. I wanted to share some quotes from Sun Tzu and how I think they tie to Information Security.
Comments (0)
Road Map for an Application/Software Security Architect (Part 1)
October 26, 2009 Added by:Stephen Primost
With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as to what constitutes an “application problem”. One j...
Comments (2)
Lies, Damn Lies, Statistics & Risk Management
October 24, 2009 Added by:Todd Zebert
Past willful risky behavior, and then outright foolishness, we have Risk Mismanagement. We’ve all head the quote “Lies, damned lies, and statistics” (author unknown) with its intention that statistics can be used to lie persuasively or lend credence to otherwise suspect arguments. With Risk Management we’ve layered Management on top of statistics - this is where things can ...
Comments (0)
Useless Account Control
October 22, 2009 Added by:Sudha Nagaraj
In these days of heightened security awareness, I would think any and every operating system should boast of a robust anti-virus software suite. The fact that Microsoft released its much-awaited and highly proclaimed Windows 7 OS today without built-in anti-virus software continues to puzzle me.
Comments (0)
A Host of Insecurities about Security
October 21, 2009 Added by:Sudha Nagaraj
Security concerns will continue to dominate the IT sphere for a while. Governments are crying hoarse to put in preventive measures, the security industry is struggling to make up for losses suffered in a recessionary environment, enterprises are growing paranoid about the ‘insider threat’ and the small and medium enterprises are waking up to the need for security management.
Comments (0)
Mitigating Risks by Leveraging a Core Business Process
October 20, 2009 Added by:Mike Cuppett
When it comes to audits and other compliance requirements - think Sarbanes-Oxley, PCI-DSS, internal and external audits, etc. - people tend to get a bit uptight and flustered. Fortunately, by keeping a calm head and a rational perspective, your reaction to these challenges can be cool and calm, allowing you to leverage a methodology you already know - risk mitigation.
Comments (0)
Should SSL be enabled on every website?
October 14, 2009 Added by:Christopher Hudel
Using SSL to secure all websites may seem like an odd choice; most websites contain no "nuggets" worth taking, SSL apparently slows the page load time (especially on over provisioned hosting platforms), and it's not clear if doing so will kibosh any search engine optimizations.
Comments (10)
My Mind is Wave-ering on the Utility, Security and Privacy Aspects
October 14, 2009 Added by:Sudha Nagaraj
Like many other Wave-wannabes, I am also awaiting an invite from Google to try out their all-in-one communication solution Google Wave. But I have my trepidations: over making my private work public, over opening up for comment work that is still being worked out, over messing up “my thoughts” with a thousand other theories, over starting something with the full knowledge that it could...
Comments (0)
The parallels between Information Security & Sun Tzu’s-The Art of War
October 13, 2009 Added by:Sean Inman
Correlations between Sun Tzu's Art of War and Information Security from Steve Pinman. "I think most organizations can demonstrate a well thought out plan(s) for dealing with “predictable” security attacks such as viruses and DDoS attacks, but how many organizations are actively engaged in planning for new threats and new attack vectors?"
Comments (1)
Spammers Feasting on the East
October 13, 2009 Added by:Sudha Nagaraj
In India, Diwali or the ‘Festival of Lights’ is round the corner. As the D-day draws closer, Indians are flocking to malls and travel operators to shop and make reservations for the up-coming holidays. At this juncture, Symantec has released an advisory warning users against emails that offer discounts, holiday deals and other enticing subject lines which feature the word Diwali.
Comments (0)
Preventative Measures for Drive-by Malware
October 12, 2009 Added by:Ron Lepofsky
This article identifies preventative measures that both end users and web site managers can implement to protect all concerned from the dangers of drive-by malware.
Comments (0)
Squinting at Cloud Formations
October 12, 2009 Added by:Sudha Nagaraj
The problem with the cloud is that it can evaporate leaving no trace behind! The weekend thunderbolt that hit over a million subscribers of T-Mobile Sidekick, operated by the Microsoft subsidiary, Danger Inc in the US, is standing testimony to the whimsical nature of cloud computing.
Comments (0)
The Fully Auditable Cloud - Fact or Fiction
October 12, 2009 Added by:Bob Broda
Cloud computing is a rapidly growing phenomena that is being evaluated by companies of all sizes. Though it has many positives, much of corporate America is not yet ready to accept migrating major applications to the cloud until concerns about security, privacy, and reliability are addressed.
Comments (0)
Vishing scams are making a return
October 11, 2009 Added by:Sean Inman
On Friday 10/09/2009 it was reported in a ISC Diary update a new Vishing scheme is making its way across AT&T, Sprint and T-Mobiles networks. Vishing is the cousin of Phishing, but this latest attempt indicates that its still a practical method of attack. The recent attack starts with a text message that reports a problem with the victims account. They’re instructed to dial a...