Some time ago I was assigned for a project in a Telecom in South America to design, build and deploy a SOC Infrastructure. The customer objective was to monitor the network against attacks (vulnerable devices, brute force attacks, etc) and correlate events in order to identify hidden treats (DDOS, scanning, worms) and to identify business and operational frauds. I meet the audit team and then I got able to understand where their main frauds happen, some examples were: ADSL and Dial users sharing username/password; ADSL Subscribers connecting with higher speeds than they had hired; Operators accessing the system outside of... Read more →
56 posts categorized "Insider Risk"
21 January 2009
Using SIEM tools for Fraud Detection
Posted by Alexandre Cezar on 21 January 2009 at 10:38 AM in Insider Risk, IT Security | Permalink
|
Comments (1)
|
TrackBack (0)
20 January 2009
Where is the Security in Depth?
A recent article from Linux Journal is rather disconcerting. The article discusses the fact that the United Kingdom's Royal Submarine Fleet and overall Navy is 75% compromised by computer viruses. The systems associated with the submarines should be relatively secure, regardless of the fact that they are running Windows XP. The real question is how they were infected? Could this incident be a result of unauthorized USB devices? Or a phishing incident that infected a system through an email? The fact remains that this incident re-iterates the potential issues faced by the United States Military at the end of 2008... Read more →
Posted by Lester Nichols on 20 January 2009 at 02:11 PM in Insider Risk, IT Security, Malware, Operations Security, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
16 January 2009
Interview with an adware author
I'm usually not too impressed with interviews with the blackhat side: they tend to be long on self-justification and short on actual information or thought. However, this one is fairly decent, with some interesting perspectives on "the road to hell" as well as some insights on spam and adware protection. Read more →
Posted by Rob Slade on 16 January 2009 at 05:20 PM in Cybersecurity Training, Ethics, Insider Risk, IT Security, Legal, Malware, Operations Security, Privacy | Permalink
|
Comments (0)
|
TrackBack (0)
14 January 2009
Keeping Up-to-Date on a Daily Basis
When I started in information security we nearly danced with joy when an article in one of the trade journals focused upon infosec or contingency planning. Today there are so many, as well as blogs, that it is virtually impossible to identify all of the sources, never mind read them all. Add to that, so many are not appropriate to your specific perspective, configuration or enterprise. However, there is one source that may help and perhaps help a great deal. You see, the Department of Homeland Security (DHS) publishes a daily report of relevant articles which DHS views as threats... Read more →
Posted by Bob Johnston on 14 January 2009 at 08:34 AM in Insider Risk, IT Security, Malware, Privacy, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
08 January 2009
Shouting at hard disks
Shhh, be wewwy, wewwy, quiet! We'we hunting disk latency. Who knew that yelling at your hard disks, far from getting them to work faster, would only make things worse? Well, when you think about it in terms of vibration, it makes a lot of sense. Read more →
Posted by Rob Slade on 08 January 2009 at 05:36 PM in Cybersecurity Training, Insider Risk, Operations Security | Permalink
|
Comments (0)
|
TrackBack (0)
05 January 2009
The Top Ten Cybersecurity Threats for 2009 - Draft for Comments
Following up on my 2008 list of top cybersecurity threats, I have just published The Top Ten Cybersecurity Threats for 2009 for public comments. If you are interested in cybersecurity threats, kindly email your suggestions or comments directly to me (tim dot silkroad at gmail dot com). I will review all comments, consolidate in a Google Docs spreadsheet, and publish the final version later this month (including acknowledgments). There are a number of interesting changes and additions to the top cybersecurity threat list this year, including exploitation of social networks and the criminal use of cloud computing and software-as-a-service infrastructures... Read more →
Posted by Tim Bass on 05 January 2009 at 04:28 PM in Insider Risk, IT Security, Malware | Permalink
|
Comments (0)
|
TrackBack (0)
19 December 2008
I'm no self-proclaimed expert on cyberterrorism but it could be argued - OK I would argue - that we are now in a "pre-911" situation, in other words there are signs that the threats are increasing more quickly than our ability to find let alone fix our weakspots, leaving us more open day-by-day to serious cyber attacks and potentially cybergeddon. Although we haven't yet experienced the full horror of all out cyberwarfare, one-by-one the pieces are quietly falling into place: Acknowledged cyberattacks at the national level against Estonia and Georgia, plus hacktivism and similar politically motivated attacks in connection with... Read more →
Posted by Gary Hinson on 19 December 2008 at 11:23 PM in Insider Risk, Malware, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
15 December 2008
On the Internet, nobody can tell you are an Absolute fraud and cheat
A 60 Minutes story about a particular case of online poker cheating, a joint investigation with the Washington Post. Would you trust large sums of money, or the drugs upon which your life and health depend, or private and intimate details of your life to total strangers, about whom you know nothing? The answer, in case after case, appears to be "yes." Read more →
Posted by Rob Slade on 15 December 2008 at 01:00 PM in Insider Risk, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
30 September 2008
The most vulnerable device in the network
During a conversation with some folks last week we wondered about what is the most vulnerable device in a network today. The answer of almost everyone in the table was: Routers... So we start talking about risks, how to protect a border router, which hardening actions can be taken in order to improve security, etc. A important point that I noticed is that event nowadays many companies does not implement controls to improve routers security. Based on it I decided to write a few notes mentioning risks and hardening actions that can prevent a attacker to be successful. Main Risks... Read more →
Posted by Alexandre Cezar on 30 September 2008 at 06:54 PM in Insider Risk, IT Security | Permalink
|
Comments (3)
|
TrackBack (0)
18 September 2008
Funding security awareness programs
"Obtaining support and funding from senior management - while planning an awareness initiative" is a new free document from ENISA (the European Network and Information Security Agency - an official European Union body that describes itself as a centre of network and information security expertise for the EU Member States and Institutions) that extends the coverage of a previous product, "The new users’ guide: How to raise information security awareness". The new guide is aimed at helping readers scope, plan and justify their security awareness programs to management. Starting with an explanation of the need for, and value of, information... Read more →
Posted by Gary Hinson on 18 September 2008 at 06:26 PM in Cybersecurity Training, Insider Risk | Permalink
|
Comments (0)
|
TrackBack (0)
06 August 2008
Primary Lessons Learned from the TSA Laptop Mess
Last Christmastime, I was walking around Reagan National Washington Airport. I walked by a booth for the Clear program. I asked about the program which promises to help you clear security at the airport in much less time if you provide your personal information so the TSA contractors can conduct a background check. Since I already had a Top Secret security clearance, I thought it would be no problem. However, I had some nagging doubts and decided that I should wait and see how the program works out. Fortunately for me, I trusted my instincts. Yesterday, I read the e-mail... Read more →
Posted by John Dittmer on 06 August 2008 at 04:54 PM in Insider Risk | Permalink
|
Comments (3)
|
TrackBack (0)
25 July 2008
The Cautionary Tale of the San Francisco Network Lockout
I'm sure most of you have seen the news of the San Francisco IT administrator who allegedly locked top administrators out of the city's network. While the mayor was able to obtain the codes from the city employee, the story has obviously been a PR nightmare for the city and a difficult challenge for the city's network administrators. It brings to mind basic questions for all information security professionals to consider, so a similar situation doesn't occur at your organization. This is a classic example of what a disgruntled person with elevated privileges can do in any enterprise, either encrypting... Read more →
Posted by (ISC)² on 25 July 2008 at 08:55 AM in Insider Risk | Permalink
|
Comments (2)
|
TrackBack (0)
24 June 2008
Are we crying wolf?
A short article by David Hobson on the Catalogue eBusiness site caught my imagination this morning. David deconstructs the costs that an organization incurs when it suffers a major information security breach. Summarizing and paraphrasing the article, the identified costs break down as follows: Obvious, direct or tangible costs such as: Replacing stolen equipment; Improving security controls to stop the losses and prevent recurrence; Notifying affected parties; Defense against litigation such as customer lawsuits, plus fines and damages; Further costs such as credit monitoring for affected customers and fraud settlements with banks/credit card companies; Concealed, Indirect or intangible costs such... Read more →
Posted by Gary Hinson on 24 June 2008 at 08:15 PM in Insider Risk, IT Security, Privacy, Risk | Permalink
|
Comments (1)
|
TrackBack (0)
21 June 2008
Education, Education, and Education
I've just been catching up with Gary Hinson's excellent piece on security awareness. We've been having a somewhat related debate in the anti-malware industry on the usefulness of user education and training for many years, on and off. In fact, I was engaged in a lively resurgence of the topic on a specialist mailing list just a few weeks ago. In general, the community tends to polarize into the "If education was ever going to work, it would have done so by now" faction and the "Education is the most important weapon in the security professional's armoury" faction. In fact,... Read more →
Posted by David Harley on 21 June 2008 at 10:23 AM in Cybersecurity Training, Insider Risk, IT Security, Malware | Permalink
|
Comments (0)
|
TrackBack (0)
17 June 2008
Incompetence or a deliferate mistale?
Hot on the heels of news in the British press last week about secret intelligence papers relating to Al Quaeda being found on a train comes news of a second incident, this time concerning Iran. Being a slightly paranoid CISSP, of course, my thoughts turned immediately to 'leaks' deliberately sanctioned by Whitehall or the government - misinformation, propaganda and counterintelligence, designed to throw Britain's enemies, Johnny Foreigner, off the scent. But then I started to wonder about the possibility that Al Quaeda themsleves might be implicated in the 'accidents', perhaps some sort of dispute with one of their agents/moles? Why... Read more →
Posted by Gary Hinson on 17 June 2008 at 03:02 AM in Insider Risk, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
04 June 2008
Data Leakage Protection in Europe?
Greetings, dear colleagues. It is my first blog in this forum, so I thought why not start with a question: do you think that DLP solutions will catch on in Europe, with its more stringent employee and data protection laws than N.America? In the interest of "full disclosure", I do not own equity in any firm producing any such software and this is not a product push. I was thinking that, surely, companies in Europe must face similar dangers (IPR loss, malicious employee behaviour, competitive pressures, etc), so will similar solutions be applied in Europe / the EU? It is... Read more →
Posted by Ionut Ionescu on 04 June 2008 at 04:33 PM in Insider Risk | Permalink
|
Comments (1)
|
TrackBack (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (158)
- Center for Cyber Safety and Education (52)
- Cloud Security (132)
- Cybersecurity Certifications (375)
- Cybersecurity Training (309)
- Cybersecurity Workforce (242)
- Digital Forensics (29)
- Ethics (52)
- Government (123)
- Insider Risk (56)
- IT Security (371)
- Legal (45)
- Malware (112)
- Network Security (175)
- Operations Security (140)
- Privacy (114)
- Ransomware (82)
- Risk (194)
- Software Development (44)
- Spotlight (71)