- Data Privacy Day: Playing It Safe Online
Remember social media is a wondrous means to communicate, and as my good friend professor Rebecca Herold notes, "Your updates are streaming out into the Internet and are like a soft drink spilt into the ocean; you can never completely recover the soft drink, nor can you stop it from spreading and becoming a part of the digital ocean."
- Hacker tools-o-trade
Computer hacking, as well as other IT jobs, can be a structured, documented and repetable proccess to find security holes in company infraestruture.
- As easy as 1, 2, exploit.
Protecting and securing our systems can be an exhaustive and long term duty when we are dealing with the complexity of network infraestructure today.
- The importance of using the correct platform for your applications
Trojan infected ATMs were discovered on Eastern Europe this year, first in Russia and later this month same problems were spotted in other cities.
- BlackHat Without The Drama
Well another BlackHat is in the books and another round of vulnerabilities have been disclosed and bantered about.
- Crowdsourcing Payment Security
In my inaugural post to this blog, I wrote about many of the religious wars that break out today regarding payment security and specifically PCI.
- OpenID Publishes Security Best Practices
A set of security best practices were recently published via wiki for users, providers, and relying parties of OpenID.
- Trends In Mobile Payments Are Frightening
By John Kindervag
- The Changing Nature Of Governance, RIsk And Compliance
By Chris McClean
- Is 3D Secure Insecure?
By John Kindervag
- Cybergeddon: Game of Bullets or Game of Dollars?
Over the past years and specially over the past months I’ve seen an increase in the media coverage of stories and reports about apocalyptic scenarios in which cyber-incidents could be orchestrated to affect a nation’s critical infrastructure as a direct or auxiliary means of imposing policies or tilting the international balance of power among nation-states or to unleash and amplify terror by non-state actors. Simply put: scenarios where Global Cyber War becomes a tangible reality to an entire country’s population. Where do these ideas come from? What do they mean to the information security and risk management professionals?
- Talk The Walk
Language is arguably the most powerful creation of the human species, the most successful mechanism to encode and transmit information across geographical, cultural and temporal boundaries. The humankind’s ability to create and use a system of symbols has been subject of the study, commentary and vivid debate for centuries. This blog post is about language. What is the language of information security and how do we use it? How do infosec professionals talk their walk?
- The Future of Risk
What may 2030 look like to a CISO/CSO or the regular information security practitioner? What will be the prevalent form of Information Security Risk Management? Although I can’t provide definitive answers I feel confident enough to share some thoughts and predictions knowing that it is unlikely that I’ll be made accountable for them in 20 years. Nonetheless, this may be a useful exercise to foster longer term strategic thinking about the infosecurity community, the market and the evolution of threats and risk.
- Last Minute Gift Ideas for the Security Professional in Your Life
During this joyous holiday season and impending new year, it is once again time to contemplate where we would be without our beloved security professionals.
- Building A Culture of Preparedness
How much is your organization doing to prepare personnel for emergencies?
- Why Don't You Take Care of That?
I’ll begin my blog here on CSO with this quick introduction and then I’ll dive in. My background has encompassed more than 25 years in information systems and security. Wait, are you reading the right blog, here?
- Risk Mitigation through Collaborative Innovation
Collaborative innovation can leverage the knowledge and experience of company stakeholders and their vendor relationships for competitive advantage and information assurance. Creation spaces can be used to stimulate this kind of collaboration.
- IT Talent Helping Haiti
As the Haitian people fight for subsistence, the world is responding with food and medical assistance. This tragedy wreaked havoc on a victim unsung by the news media – the telecommunications infrastructure. However, there is a ground-swell in the technical community targeting this need.
- Leveraging Compliance for Business Value
Regulatory Compliance – some see it as a necessary evil; a periodic checklist to be completed so business can continue. Others embrace it as a security panacea that mitigates risks with minimal impact on business processes and priorities. This series will examine continuous compliance and its value proposition.
- Stop Repeating the Same Mistakes
Even if a solution seemed like a good idea a few years ago, that is no reason to perpetuate something which is now known to be a security vulnerability.
- Playing Catch-up, Again
Controlling endpoint applications (installation, patching, hardening, etc.) is a difficult but necessary component of safeguarding your data and your network.
- Learning from the Attack on the Apache Software Foundation
Even if we don't use Linux, there are lessons to learn from what happened to Apache.
- Iranian Cyber Army un-hacks Hezbollah Web site
The Iranian Cyber Army -- you remember them, credited with hacking Twitter and Baidu.com -- has returned. This time to un-hack the Web site of Hezbollah in Iran.
- Adobe warns of Reader, Acrobat attack in the wild
Adobe is investigating new reports that hackers are attacking a previously unknown bug in the latest version of the company's Reader and Acrobat software.
The attack is apparently limited, but it has been in the wild since at least Dec. 11. - Judge throws out Heartland shareholder class action
A federal judge ruled Monday that Heartland Payment Systems did nothing wrong by failing to disclose a 2007 SQL injection compromise in SEC fillings for more than a year.
