The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal

March 19, 2013 Added by:Rafal Los

It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'

Comments  (1)


New York Times Attacks Show Need For New Security Defenses

February 01, 2013 Added by:Infosec Island

The recent attacks against the New York Times allegedly carried out by the Chinese military highlight the importance of layered security to protect sensitive systems and data.

Comments  (0)


UP and to the RIGHT: Strategy and Tactics of Analyst Influence

July 23, 2012 Added by:Ben Rothke

If up and to the right is the desired Magic Quadrant location, how does one get there? For many tech firms, they often are clueless. In this book, Stiennon provides clear direction. For those looking to make the expedition to the land of Gartner, this book is a veritable Berlitz Guide on how to make the journey...

Comments  (0)


Business Continuity for SMB's – A Necessity or Not?

April 13, 2011 Added by:Dejan Kosutic

There is no difference between large organizations and small with regard to business continuity framework - they both have to think in detail what preparations they need to perform in order to survive a disaster. The difference is SMB's can do it with very little investment...

Comments  (0)


She Blinded Me With Infosec...

April 11, 2011 Added by:Infosec Island Admin

One must admit that no matter how many times an assessment is carried out and things are found/exploited there are ALWAYS more vulnerabilities being introduced. You will never get them all and the client, if they understand this, will become inured to it...

Comments  (0)


OSSTMM 2.2 to 3 - a long trail!

December 13, 2010 Added by:Joerg Simon

Nearly every Standard who implements Security Management into Business Processes, require, that the results from security tests, as base for risk assessment, ensures to have comparable and reproducible results. How to ensure that? The OSSTMM is the perfect Guide. And the auditing department will love the results out of the OSSTMM Metric - the Risk Assessment Values (rav).

Comments  (0)


Most annoying consultants

June 13, 2010 Added by:Javvad Malik

Infosec would have a better reputation if all consultants were perfect like me. When speaking to a project manager, we should have completed our research. Scoured the internet, finding out what a particular application does and how many security vulnerabilities are out there. The list goes on, but suffice to say a good consultant always does their homework before they actually start talking t...

Comments  (3)


In Rebuke of China

February 02, 2010 Added by:Tom Schram

In the current issue of Foreign Affairs, former NATO Commander General Wesley K. Clark and current Department of Veteran Affairs CTO Peter Levin write:  “There is no form of military combat more irregular than an electronic attack: It is extremely cheap, is very fast, can be carrier out anonymously, and can disrupt or deny critical servi...

Comments  (3)


More COFEE Please, on Second Thought…

November 09, 2009 Added by:Daniel Kennedy

The forensics tool provided to law enforcement officials created by Microsoft called COFEE  (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement.  Let’s see if the big deal is warranted.

Comments  (0)


Good enough security?

October 29, 2009 Added by:Christopher Hudel

We have had 802.1x -- CISCO + Active Directory Integration --  in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers)  that are currently incapable of 802.1x are split off in a tightl...

Comments  (2)


IT Security - Defense in Depth Protection using a Data-centric Model

October 29, 2009 Added by:Mike Cuppett

Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost.  The outside-in strategy starts at a macro level and ov...

Comments  (5)


Where are the DBAs?

October 07, 2009 Added by:Infosec Island Admin

What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.

Comments  (3)