(ISC)² Links

CATEGORIES

Archives

More...

(ISC)² Twitter Updates

  • (ISC)² Twitter Updates

    About the
    (ISC)² Blog

    • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

      (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

      The postings on this site are the author's own and don't necessarily represent
      (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

      Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

      Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

      Please click here for FAQs.

      Please click here for the Blog guidelines.

    Enter your email address:

    Delivered by FeedBurner

    39 posts categorized "Confidentiality"

    11 March 2010

    Keeping net safe

    This module from the UK's OpenLearning/LearningSpace centre is a fairly basic online safety piece.  It concentrates on malware, and has numerous minor errors in terminology and definitions, but is reasonable for the general public.

    Posted by Rob Slade on 11 March 2010 in Confidentiality, Current Affairs, Events, ID theft, Malware, Network Security, Online safety, Operations Security, Privacy, Slade, Telecom, Training, Web/Tech | | Comments (0)

    09 March 2010

    Hitler cloud sec

    You may or may not be aware of the mass of "Hitler rant" videos on YouTube.  These take a clip (from the movie "Downfall") and subtitle it with a rant from Hitler about everything from college football to the iPhone to Facebook accounts to ... well, anything at all.

    This one is about cloud computing and security, and makes a few cute points about security in general.

    Posted by Rob Slade on 09 March 2010 in Confidentiality, Events, IT Security, Network Security, Operations Security, Risk, Slade, Telecom, Training, Web/Tech | | Comments (0)

    08 February 2010

    Cyber Security Central

    This blog entry focuses on introducing a new community focused resource designed to provide an avenue for the collaboration and sharing of information relating to Cyber Security.  The Cyber Security Central website (www.cybersecuritycentral.com) seeks to extend the knowledge and best practices within the cyber security community. The overall goal of the site is to provide a platform to support the implementation of the National Cyber Security Strategy.

    Since the inception of the project a few months ago, I have tried to establish a site that seeks to demonstrate a broad view of the cyber security community from both the national and international perspectives.  As I look for new opportunities to represent content, I spend a great deal of time identifying mechanisms that best facilitate the information in an easy-to-navigate manner.

    Major features include:
    - Shared Document Repository
    - Top Sites Related to Cyber Security
    - Security Content Automation Protocol (SCAP)
    - Security Checklist Repository
    - Security Tools
    - Cyber Security Projects
    - Cyber Security Videos
    - Cyber Security News
    - Cyber Security Related Tweets
    - Cyber Security Jobs Posting
    - Cyber Security Discussion Boards
    - Cyber Security Directory Listings
    - Cyber Security Articles

    Additionally, within the Cyber Security Central Documentation Center, you will find valuable information relating to the cybersecuritycentral.com and other associated domains (fismacentral.com, diacapcentral.com, and cnsscentral.com), including policies, procedures, and other helpful information to better navigate and interact with the Cyber Security Central website.

    If you have suggestion or recommendations for improving the site, please use the "General Comments" section of the Discussion Boards or contact me directly through the Contact Us form.

    Finally, please visit the Cyber Security Central Documentation Center - New Features section for any major site update.

    Posted by Matthew Metheny on 08 February 2010 in Authentication, Availability, Careers, Certifications, Conferences, Confidentiality, cryptography, Current Affairs, Digital Forensics, Disaster Recovery, encryption, Hacking, Integrity, IT Security, Malware, Metheny, Metrics, Network Security, Operations Security, Privacy, Risk, Secure Software, Training | | Comments (0) | TrackBack (0)

    02 February 2010

    SSN algorithm

    Given the importance and wide use of US Social Security Numbers (even though the use is legally restricted), this article on how to determine SSNs is fairly important.

    Posted by Rob Slade on 02 February 2010 in Authentication, Confidentiality, Fraud, ID theft, Legal, Privacy, Slade, Training | | Comments (0)

    31 December 2009

    Image forensics

    An interesting analysis of a graphic recently used by Victoria's Secret in their advertising.  This gives chapter and verse of the techniques used, and results obtained, demonstrating the ability to determine if an image has been altered, and even which parts of an image have been modified, and how.

    I find this particularly interesting because of the apparently widely held belief that steganography is "undetectable" without comparision to the original image.  Most of the "Photoshop disasters" are glaringly obvious to the naked eye.  As this demonstrates, analysis and detection of modification is easily accomplished, even when the differences are not apparent to the human eye.  (Well, except for the straps.  That was pretty stupid ...)

    Posted by Rob Slade on 31 December 2009 in Confidentiality, cryptography, Digital Forensics, Slade, Training | | Comments (0)

    10 December 2009

    WPACracker

    Polly wanna crack a WPA network?  A cloud based cluster is offering to help out, for a small fee.  You send them a data capture, and they run a 130 million word dictionary against it, in as little as 20 minutes.

    Do you trust them?  Are they going to be used to crack WPA networks?  Is this sufficient impetus to move to WPA2?  Are you going to create a longer passphrase?

    Posted by Rob Slade on 10 December 2009 in Confidentiality, cryptology, IT Security, Network Security, Telecom, Training | | Comments (0) | TrackBack (0)

    17 November 2009

    DataLossDB

    The Open Security Foundation's (OSF) DataLossDB project is an interesting resource for information about data and confidentiality breaches.  At a glance, it gives you news, latest breaches, a timeline of breach numbers, a "top ten" list, and other references you can use in security awareness materials, or for risk analysis.

    Posted by Rob Slade on 17 November 2009 in Confidentiality, Current Affairs, Disaster Recovery, Events, Fraud, ID theft, IT Security, Legal, Network Security, Operations Security, Risk, Slade, Training | | Comments (0) | TrackBack (0)

    Data sanitization

    This article is originally from the IEEE Security and Privacy magazine, circa 2003.  As such, some of the programs noted are out of date or obsolete.  However, a number are still available and in use, and the basic concepts outlined are still valuable.

    Posted by Rob Slade on 17 November 2009 in Confidentiality, Digital Forensics, Disaster Recovery, Events, IT Security, Legal, Operations Security, Risk, Slade, Training | | Comments (0) | TrackBack (0)

    15 November 2009

    Social armour

    A blog posting from Eset outlining some basic tips for reducing the risks associated with social networking/social media/Web 2.0 activities.

    Posted by Rob Slade on 15 November 2009 in Authentication, Confidentiality, Current Affairs, Fraud, ID theft, Network Security, Online safety, Risk, Slade, Training, Web/Tech, Weblogs | | Comments (0) | TrackBack (0)

    05 November 2009

    DHS cybertips

    The US DHS cyber awareness, tips, and events page.  Also note Obama's 2009 pep talk at http://www.whitehouse.gov/blog/Protecting-yourself-online/

    Posted by Rob Slade on 05 November 2009 in Confidentiality, Current Affairs, Events, Fraud, ID theft, IT Security, Malware, Online safety, Risk, Slade, Training, Web/Tech | | Comments (1) | TrackBack (0)

    Next »

    The (ISC)² bloggers

    • Tipton W. Hord Tipton, CISSP-ISSEP, CAP, (ISC)² Executive Director
      Schmidt Prof. Howard A. Schmidt, CISSP, CISM (Hon.)
      Sarah E. Bohne, Director of Communications & Member Services

    Recent Contributors

    Past Contributors