|
Building a bridge from the CISO to the CEO
05/13/08
Chief information security officers (CISO), security consultants and other security personnel constantly face the difficulty
of reaching across a cultural divide to communicate our concerns to business leaders such as CEOs and their C-level and board
colleagues. Here are some resources that can help us do that.
Identity Finder helps prevent identity theft
05/08/08
I recently received a well-crafted press release from Identity Finder. CEO Todd Feinman prepared these tips, which you may
find useful for your own internal security newsletters.
Central Ohio InfoSec Summit coming up soon
05/06/08
The Central Ohio ISSA, the Central Ohio ISACA, and the Central Ohio InfraGard chapters have joined together to promote the
first annual Central Ohio InfoSec Summit in Columbus on May 13.
Zapping 'zappers'
05/01/08
In cases of suspected embezzlement via software, I think we have to seize the working system, not only make bitwise copies
of the data but also create a clone of the entire system using hardware that's as close to the original as possible, and then
exercise the clone under tight observation using known inputs as if we were conducting a thoroughgoing software quality assurance
inspection.
Zap! You're under arrest
04/29/08
Richard T. Ainsworth, a lecturer at the Boston University School of Law, has written a fascinating report on the use of 'zappers'
- programs which divert funds for systematic embezzlement of tax obligations. The paper is 'Zappers: Tax Fraud, Technology
and Terrorist Funding.'
Scan ScanSafe's annual report for heuristic experience
04/24/08
Recently, ScanSafe released its 25-page 'Annual Global Threat Report: Trends for January 2007-December 2007.' The report was
written by Senior Security Researcher Mary Landesman. Here are some of the highlights of the report.
Comprehensive security needed to prevent printer hacking
04/22/08
Inadequate authentication and insufficient print activity records can compromise security. In general, there is little or
no control over the IT infrastructure responsible for printing.
Your printer: An open door for hackers?
04/17/08
It turns out that the old problem of misdirected faxes has a new twist: networked printers are posing the potential for misdirected
printouts - including printer hacking.
Managing CSIRT burnout and turnover: a case study, Part 3
04/15/08
We finish MSIA graduate Timothy Dzierzek's case study analysis of burnout and turnover in help desk and computer security
incident response teams (CSIRT). This last part of three discusses how his case-study organization ("Smith & Smith" is a pseudonym)
addressed the problems of turnover and finishes with recommendations for readers.
Managing CSIRT burnout and turnover: a case study, Part 2
04/10/08
We continue with MSIA graduate Timothy Dzierzek's case study analysis of burnout and turnover in help-desk and incident-response
teams. This second part of three discusses the problems of turnover at "Smith & Smith" (a pseudonym).
Managing CSIRT burnout and turnover: a case study, Part 1
04/08/08
Once we've hired a good employee and invested in training and integrating that person into our operations, it's a terrible
waste to lose their enthusiasm and even their services through burnout and turnover.
April Fool's lessons
04/03/08
The day before April Fool's Day (AFD) this year, one of my colleagues and I conspired to play a trick on our friend and colleague
Peter Stephenson, associate program director of the MSIA program at Norwich University - and I have his kind permission to
tell you about it.
MessageLabs Intelligence Reports make good reading
04/01/08
Recently I explored a useful resource in the Intelligence Reports from MessageLabs. The Intelligence Reports are brief analyses
of spam and virus prevalence with news articles summarizing significant new developments in the periods they cover.
The state of spam: An interview with Jamie de Guerre, Part 2
03/27/08
What does the future hold for fighting spam? My two-part interview with Jamie de Guerre, CTO of Cloudmark, concludes today.
The state of spam: An interview with Jamie de Guerre, Part 1
03/25/08
Spam is a major operational problem for all professionals because of its waste of bandwidth; it is a significant nuisance
even for non-professionals, contributing to computer-based crime and increasing doubts about e-commerce. I recently interviewed
Cloudmark CTO Jamie de Guerre via e-mail and am pleased to convey our discussion in a two-part report.
Security roles made brilliantly clear
03/20/08
Today I'm pleased to report on yet another fine contribution from Charles Cresson Wood: his
'Information Security Roles & Responsibilities Made Easy'. Now in its second edition, this compendium provides a complement
to his earlier work by providing what it claims - an extensive compilation of well-defined roles and responsibilities.
Process over presumption: The Vermont encryption key decision
03/18/08
On Dec. 17, 2006, Canadian citizen and legal U.S. resident Sebastian Boucher crossed the U.S. border into Vermont at Derby
Line. A U.S. Immigration and Customs Enforcement agent inspected the 30-year-old man's computer and reportedly found pornography
and - significantly for this case - child pornography on the Z: drive. The laptop was seized as evidence and Sebastian Boucher
was charged with transporting child pornography across interstate borders. Two days later, when agents tried to access the
Z: drive, they found that it was encrypted using PGP.
Chapters in 'Information Roles & Responsibilities Made Easy'
03/17/08
Charles Cresson Wood's list of common mistakes you should avoid
03/17/08
Protecting your SSN and your reading habits
03/13/08
It strikes me that any government-held central database of identifying information and other data about citizens always raises
the risk of abuse as political winds change. The issue is not whether someone has something to hide; the issue is whether
officials in different political circumstances will be able to abuse their access to information to persecute those with whose
political views they disagree.
Why identity-theft rates are so high
03/11/08
An issue that lies at the root of the rise in identity theft involving credit-card fraud is the system of fraud-recovery in
the U.S. banking system. If banks bore a greater percentage of the costs of fraud, they would invest in better security.
Defending against identity theft: Identity Guard
03/06/08
Reader Michael Ste. Marie writes: Identity Guard has four levels of protection available through monthly or yearly installments.
Each level offers increased services.
Defending against identity theft: LifeLock
03/04/08
A reader writes: After reading Dr. Kabay's recent articles on identity theft I was inspired to do a little research about
anti-identity theft companies. I am happy to report there are affordable options to ensure your personal information is safe
and to reduce the financial consequences even if someone does steal your information and your identity.
Windows Server 2008: The shape of the world to come
02/28/08
Microsoft launches Windows Server 2008 (formerly known as Longhorn) this week. Unlike many previous versions of its predecessors,
the move to this new Microsoft server is likely to trigger a radical shift in the business and social spheres far beyond the
usual set of mundane issues related to IT system administration. Windows Server 2008 will likely exterminate 32-bit computing
as we currently know it.
Service management metrics significant for CSIRTs
02/26/08
Why do some organizations manage to run their IT services efficiently and effectively? Today I want to discuss some recent
research into that question that bears on computer security incident response team (CSIRT) management.
More articles
»
|
[1,407]
