Cyber-Security Incident Reporting and Escalation

Security incidents are inevitable. The challenge organizations and IT admins need to address is how to effectively and efficiently respond to them when they occur. Incident reporting, and the process for escalating issues to make sure they get the appropriate attention, is crucial for minimizing the fallout from a security event. An interesting presentation this…

Browser Security: Make Sure Your Browser Doesn’t Betray Your Privacy

The Web browser is one of the most commonly used applications no matter what operating system or device you choose. It is a means to access services, applications, and information. However, it may also be secretly spying on you and helping companies to monitor and track your online behavior. Browser security and browser privacy are…

Trust Is the Root Cause of Many Security Breaches

Recent security breaches have been attributed to a compromise at a third-party contractor. Attackers were able to exploit the trust between the two organizations to attack the larger company. You have to be cautious about whom you trust, and whom they trust. It’s actually a sort of variation on the age-old bank robber strategy. In…

Understanding the Positive Outcomes of Red Teaming

“Red teaming” sounds ominous, kind of like a “black list” or something you might see in a Tom Clancy novel. But a red team is really not all that ominous. The term comes from the military concept of using opposing forces at different levels as adversaries to train the main force and shift perspectives. For…

Targeted Forensics: Mapping a Process to a Malicious Command and Control

Introduction To The Targeted Forensic Series Host and network forensics are very important parts of incident response and can provide a security operations team with additional insight and indicators into cyber attacks. However, forensics can be daunting at times, and the amount of time it takes to perform full analysis of a hard drive does…

What Do the New Federal Cyber Security Standards Mean?

The cyber threat continues to grow both in intensity and in scale, including breaches at government agencies, financial institutions, and core retailers. To combat this, the U.S. government recently released the nation’s first set of cyber security standards. These voluntary standards for private industry are an attempt to address known and suspected vulnerabilities around critical…

Context-Based Authentication Mechanisms

The proliferation of the use of web-based, SaaS, and mobile apps provides users with access to best-of-breed applications and services, but they also take control away from the IT department. This places extra burdens on organizations looking to ensure that users can access resources as and when they need to, but also in a manner…

The Pen as a Security Control

EMC World was 2 weeks ago in Vegas, and every year the level of interest in Trust in general and security in particular seems to increase dramatically. I found myself in dozens of conversations with various customer IT personnel asking about IT’s role in securing their environment and what steps they could take. Being in…

How to Embrace Your Organization’s “Identity Crisis”

“Can I use my own tablet?” “Is there an app for that?” “Do I really have to create another user name and password?” “Can I access my company’s network when I work from home?” How often do these questions come up at your organization?  I would bet quite often.  As we all know, the world…

How to Embrace Your Organization’s “Identity Crisis”

“Can I use my own tablet?” “Is there an app for that?” “Do I really have to create another user name and password?” “Can I access my company’s network when I work from home?” How often do these questions come up at your organization?  I would bet quite often.  As we all know, the world…