Most of you have heard about the breach at RSA, in which SecurID token authentication implementation data was stolen. In case you did not heard about it, click in the following link, prior to continue reading. http://news.cnet.com/8301-27080_3-20044775-245.html As we, as Security Professionals must design and implement identity management and authentication policies as part of our job, I believe that now, many of us need to rethink our proposed solutions. Our main objective should be: How to create a more resilient authentication framework? First of all... We need to realize and accept three facts 1) Any authentication system that is 100%... Read more →
« February 2011 | Main | April 2011 »
Posts from March 2011
30 March 2011
RSA Breach - Is authentication at risk?
Posted by Alexandre Cezar on 30 March 2011 at 06:12 AM in IT Security, Privacy, Risk | Permalink
|
Comments (2)
14 March 2011
Japan: Commentary and Resources
It probably hasn’t escaped your notice that there’s a lot of malware/SEO/scamming whenever a major disaster occurs. A few days ago I started to put together a list of commentary (some of it my own) and resources relating to the Japanese earthquake and tsunami, in anticipation of that sort of activity. Originally, I was using several of my usual blog venues, but decided eventually to focus on one site. As ESET has no monopoly on useful information, I wanted to use a vendor-agnostic site. Actually, I could have used this one, but for better or worse, I decided to use... Read more →
Posted by David Harley on 14 March 2011 at 02:59 PM in Malware | Permalink
|
Comments (0)
12 March 2011
Improving on an excellent security awareness text
Author Rebecca Herold introduces her book very eloquently: “I wrote this book to provide a starting point and an all-in-one resource for information security and privacy education practitioners. I incorporated much of the information and knowledge I obtained while working on my MA in computer science and education as applicable to providing education to adult learners. Additionally, I included the same type of information that I have used and found helpful over the years when creating awareness and training programs ... My goal was to provide a more comprehensive resource of everything involved with managing an information security and privacy... Read more →
Posted by Gary Hinson on 12 March 2011 at 02:16 AM in Cybersecurity Training, Privacy | Permalink
|
Comments (2)
09 March 2011
Maintaining the ‘Gold Standard’ -- CPEs and the Job Task Analysis Surveys
As many of our members now know from recent notifications, (ISC)² is conducting Job Task Analysis (JTA) surveys for the CISSP and SSCP certifications during the month of March. Recently, some members have questioned the need to reward members with five CPE credits for completing the survey. Let me explain. The (ISC)² Job Task Analysis surveys provide the essential foundation for all of our certifications. They are the single most important activity that shapes our certifications. They map the actual current job tasks performed by our certified members to the content of our credentialing exams. This ensures that the content... Read more →
Posted by Vehbi Tasar on 09 March 2011 at 08:51 AM in Cybersecurity Certifications | Permalink
|
Comments (0)
Job Analysis Survey Privacy Statement
One more clarification on the survey… Any information will be handled pursuant to our privacy policy, unless stated otherwise in the survey. We don’t share private information with any unaffiliated third party. The third parties we do share with are subject to our NDA and are providing services as necessary. If anything is to be disclosed (and is stated in the survey), it will be in aggregate, no personally identifiable information will be disclosed. Thank You, Vehbi Dr. Vehbi Tasar, CISSP, CSSLP Director of Professional Programs Development (ISC)2® Security Transcends Technology® (P) 1.727.785.0189 ext.238 [email protected] Read more →
Posted by Vehbi Tasar on 09 March 2011 at 08:00 AM in Privacy | Permalink
|
Comments (0)
08 March 2011
Milking the value from security incidents close to home
"[T]he survey showed ... a surprising lack of awareness of security issues among the respondents. For instance, just 4% admitted to being fully informed about security breaches within their organizations. About 80% of those who said their organizations had suffered a data breach in the past year were unable to tell which IT components might have been impacted by the breach. There appeared to be even less knowledge or acknowledgement of the costs associated with a data breach. Nine out of 10 of those who said their organizations had been breached said they had no idea of the resulting costs... Read more →
Posted by Gary Hinson on 08 March 2011 at 02:29 AM in Cybersecurity Training | Permalink
|
Comments (0)
01 March 2011
Recovering a dead hard drive in the freezer
I've heard about this technique a few times and, having never tried it myself, I've always been cynical ... but by all accounts it looks like I'm wrong. The basic idea is to put a failed hard drive in the freezer for at least an hour, preferably overnight, before trying to read the drive. Responses to another blog piece on this include plenty of success stories, and a few clues about why it might work. The reason seems to be not the cooling per se but avoiding the heat generated in the drive when it is working normally. Presumably those... Read more →
Posted by Gary Hinson on 01 March 2011 at 11:36 PM in IT Security, Operations Security, Risk | Permalink
|
Comments (2)
|
TrackBack (0)
Search
Categories
- Center for Cyber Safety and Education (52)
- Cloud Security (137)
- Cybersecurity Certifications (387)
- Cybersecurity Training (315)
- Cybersecurity Workforce (254)
- Digital Forensics (30)
- Ethics (53)
- Government (127)
- Insider Risk (57)
- ISC2 Chapters (22)
- ISC2 Events (166)
- IT Security (389)
- Legal (46)
- Malware (116)
- Network Security (178)
- Operations Security (144)
- Privacy (117)
- Ransomware (90)
- Risk (204)
- Software Development (46)
- Spotlight (71)