Uncategorized

How to Best Equip Your Security Program

We have seen action movies where the protagonist, stripped of his weapon, manages to find some everyday item like a stick or pen and disarm several baddies, rescue the hostages, and disable the imminent threat to mankind. We accept this premise because it happens every day; ingenuity, experience, and persistence often overcome the lack of a specific tool. We, as 21st century professionals, leverage these skills and the resources at hand to overcome the daily crises and defeat evil (or save a file that has accidentally been deleted). Cue the heroic background music…

Herding Cats: Hunt (March 2012)

Have you checked out ISSA Connect yet? The next issue is up there with my column, Hunt. Continuing on our thoughts from last month, security professionals must hunt for intrusions in their environment, not just wait for the phone call from someone telling them they have been breached. Gatherers have a role in information security, but so do hunters.

EU Data Directive Privacy by Design and PETs

We are a funny lot in Europe, guarding our privacy and more importantly the privacy of our data is of paramount importance.   The protection and privacy of personal data is a fundamental right within the EU. According to the Digital Agenda for Europe, concerns about privacy are among the most frequent reasons for people not [...]

Movie Reviews For Security Geeks: Live Free Or Die Hard

This year RSA Conference has added a new event, “Security Cinema”.  They asked fans to vote for the movie they want to be shown on Wednesday, February 29th in the Crypto Commons.  Here are the movies that voters had to choose from: Antitrust (2001) Die Hard 4: Live Free or Die Hard (2007) Hackers (1995) [...]

Security Personae, the Rockstar

Information security is full of personality. The people that make it up group themselves into a few personae. Let’s start with the front men in information security? Chances are, you probably have a few folks that you idolize or look up to in the industry. Rockstars took risks back in the day to get their ideas published, and their perseverance has paid off in the form of stardom.

Bits & Bytes: Mischel Kwon

Note: Bits & Bytes is a new reoccurring column featuring interesting figures in the security industry.  The intent is to provide a quick interview that allows readers to learn more about the interview subject and their views of our industry.  This edition features Mischel Kwon. About Mischel:  Mischel Kwon is an IT executive with more [...]

Blackhat Tool Shop is Open for Business

In one of its recent findings, RSA FraudAction Research Labs has uncovered yet another new underground shop which was opened a few weeks ago, selling fraud commodities e-commerce style. The new shop offers access to compromised resources, compromised webmaster credentials, and custom PHP coding for their cybercrime clientele.

Are we ready for the new EU Data Protection Directive? Part 1

On the 25th of January the EU Justice Commissioner Viviane Reading proposed some changes to the 17 year old EU Data Protection Directive claiming that the new rules will both cost less for organizations and governments to administer and also improve the privacy rights of EU citizens. She also emphasized overall savings in the cost of Compliance of up the 2.3 million Euros.

Enabling a New World of Insight through Big Data: the FuturICT Project

One of the best things about moving to Europe has been learning about and getting engaged with European-based research initiatives. One of these initiatives is the FuturICT project. I was introduced to FuturICT by Donagh Buckley, EMC Director of Research for EMEA, and through him met the Chair of the FuturICT Steering Committee, Dr. Dirk Helbing, who works at the ETH here in ZÜrich. Dirk, Anna Carbone (also of the FuturICT project) and I got together for dinner last week to discuss the project and its points of intersection with EMC technologies and programs.

Vishing: To Have Your Identity Stolen, Press One

Of all the terms describing identity theft methods, “Vishing” (which stands for “Voice Phishing”) is perhaps the most ambiguous one. A simple Google query for the definition of the term shows just some of its multiple interpretations. But why are fraudsters using this type of attack?