My son is learning programming using the MIT App Inventor to build apps for Android devices. One of his first projects was to make a Magic 8 Ball. Well, being in the Information Security industry I just couldn’t help myself. …..
This presentation will introduce a framework to build a comprehensive incident management program. The program is comprised of four foundational components; planning, preparing, practicing, and measuring. The framework has been designed to be compliant with multiple standards, which include PCI, …..
The information security community has for a long time been using the medieval strategy of building castles to secure territory; better known as defense in depth. The strategy of defense in depth, while still very effective, does have its weaknesses. …..
Today Computerworld published an article about an office complex that is implanting RFID chips in employees’ hands to facilitate access. While this was done on a voluntary basis, I find the idea troublesome on several levels. The two biggest problems …..
An interesting interview with Howard A. Schmidt, former Cybersecurity Advisor for President Obama, from the CIO Network was just posted by the Wall St. Journal. He discusses the steps an organization should take once they realize they have been breached. …..
I have always been a great fan of Splunk for analyzing log data when investigating incidents. One of the downfalls is that while Splunk does a wonderful job searching logs, the timeline it creates is missing critical time information about …..
I’ve watched our industry slowly mature itself over the last fifteen years, and I am still somewhat bemused regarding penetration testing. It seems like every standard now requires a penetration test to be done, why? I struggle to see the …..
In my previous post “The Root of All Compromise” input validation was touched on briefly, with links to further information on the subject. In this post I will provide further examples of why using input validation with white-listing is so …..
In warfare, as you modify your defenses, your enemy modifies their tactics. This same process of threat evolution is occurring at a rapid pace in the online world. Warfare is not a new endeavor and old tactics are reused in …..
As the resident, when things go wrong expert, I am constantly asked some of the same basic questions. One of the most common questions is in regards to exactly how a system can be compromised. This is a simplified explanation, …..