tagged w/ Sarbanes-Oxley
-
-
For the average information technology professional, the concept of marketing & selling is an alien skill set; like under-water bagpipe playing. In the eye of the IT pro, this skill is composed mostly of excessive hair-gel, pointless presentations and flim-flam.
However, several new research studies have identified a sea change, once again, heading for information technology professionals. Recently, eWeek released an article that gave a broad outline of a much more in-depth study by the Corporate Executive Board...
https://www.infosecisland.com/blogview/4347-IT-Marketing-There-is-No-App-for-That.htmlFor the average information technology professional, the concept of marketing &... more
-
-
Last month the German government decided that it needed to take a closer look into Google's data collection methods. Google's Street View cars are equipped with wireless antenna's and pick up any available wireless signal along the way. It was originally thought that the Street view cars were just c...
https://www.infosecisland.com/blogview/4057-Google-was-capturing-your-wireless-packets.htmlLast month the German government decided that it needed to take a closer look into... more
-
-
It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a condition where you can defeat CSRF tokens...
https://www.infosecisland.com/articleview/3256-Using-Parameter-Pollution-and-Clickjacking-to-Aid-Anti-CSRF-Bypass.htmlIt’s been a while since I’ve talked about Clickjacking, with only a few... more
-
-
-
Infosec Island, the new online community designed especially for IT and network professionals who manage information security, risk and compliance issues, today announced its new Q1 membership drive promotion. From now until March 31st, anyone who signs up for a free Infosec Island membership will be automatically entered in the Q1 Infosec Port of Call Drawing to win one of three great prizes.
There are lots of good infosec sources out there, but no other community offers infosec pros the unique combination that Infosec Island does:
• Managed services security platform,
• Premium security services,
• Free security tools,
• Direct communication with peers,
• Secure infosec portal, and
• Built-in social network.
Join today - It's Free!
https://www.infosecisland.com/register.html
http://information-security-resources.com/island-membership-drive-over-10k-in-prizes/Infosec Island, the new online community designed especially for IT and network... more
-
-
Recently we have witnessed the emergence of international hactivist and vigilante “The Jester” through his crusade against jihadi and militant Islamic networks, and some third party networks that contain evidence of having been infiltrated by rogue elements. Jester’s activities raise an important question: Where do cyber vigilantes fall on the infosec ethics spectrum?
http://information-security-resources.com/2010/01/27/q-a-with-anti-jihadi-hacker-the-jester/Recently we have witnessed the emergence of international hactivist and vigilante... more
-
-
The document’s executive summary rightly categorizes the decision to move to social media as a risk-based decision. The technology behind it all is really no where near as important. As was discussed in the previous post the why is far more important than the how. So, a real business case must be crafted as to why the move into social media is necessary…
http://information-security-resources.com/2010/01/12/federal-guidelines-for-social-media-security/The document’s executive summary rightly categorizes the decision to move to... more
-
-
An innovative new investor analytic tool made its public debut today, and it offers an exciting look at what may well be the future of online trading for both market experts and arm-chair analysts alike. Trefis, named for its focus on trends, forecasts, and insights, is revolutionary in its forward-looking approach to stock analysis which, incorporates a more intuitive look at the relationship between a company’s product divisions and its stock price.
http://information-security-resources.com/2009/11/17/innovative-analytic-tool-empowers-investors/An innovative new investor analytic tool made its public debut today, and it offers an... more
-
-
I’m not arguing for an eggshell model of security - crunchy on the outside, squishy on the inside - but it makes things much easier to be able to address an application server’s security requirements without the need to assume that whatever security you implement on an application level is all you will have.I’m not arguing for an eggshell model of security - crunchy on the outside,... more
-
-
In Estonia the State Department has arranged for a series of meetings/lectures and discussions for Mr. Clinton. In addition to visiting the NATO Center Mr. Clinton will meet with representatives of the Estonian government, private sector entities, law enforcement, university and primary education professionals.In Estonia the State Department has arranged for a series of meetings/lectures and... more
-
-
If you own the business, you own the strategy and execution and you can not outsource accountability. Be careful about falling for the siren song of technology – it is there to support your business, not define it.If you own the business, you own the strategy and execution and you can not outsource... more
-
-
ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at Heartland” by Bob Carr, CEO of Heartland Payment Systems; Carnegie Mellon University Software Engineering Institute Insider Threat Workshop; U.S. Department of Homeland Security Critical Infrastructure and Key Resources; ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project; IT Sector Coordinating Council Protective Programs and Research and Development (PPRD)…ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at... more
-
-
Nielsen Online reported that by the end of 2008 social networking had overtaken email in terms of worldwide reach. Sites such as Facebook, Twitter, Myspace and Linkedin provide users with a way to build and interact with a community in real time on a familiar platform at a very low cost.Nielsen Online reported that by the end of 2008 social networking had overtaken email... more
-
-
The RFI is classified, but in general terms, it seeks information on prospective technical, end-to-end solutions that will help to protect the federal (.gov) cyber domain, and to facilitate cybersecurity improvements affecting the private sector. Registration will remain open until July 22, 2009.The RFI is classified, but in general terms, it seeks information on prospective... more
-
-
RSA and IDG released two new research studies that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA and IDG released two new research studies that examine the far-reaching security... more
-
-
From The Internet Security Alliance: Virtual-machine exploit lets attackers take over host; T-Mobile confirms stolen data is genuine; Webhost hack wipes out data for 100,000 sites; Texas DPS trying to catch up after virus, new design.From The Internet Security Alliance: Virtual-machine exploit lets attackers take over... more
-
-
Trade secrets and confidential information truly are the crown jewels of many businesses. This is the information that allows businesses to compete effectively, and that provides a competitive edge. Despite the critical nature of this information, my experience is that many business people do not understand what they should be doing to protect the crown jewels. I repeatedly see posts on LinkedIn and elsewhere asking for a “form” or a link to a “free site” to get an NDA. Given the potential value of the information, this cavalier approach is surprising.Trade secrets and confidential information truly are the crown jewels of many... more
-
-
From The Internet Security Alliance: The ISAlliance is leading a project to develop an industry led, cost effective SCAP solution for VoIP and Unified Communications with the goal of providing a secure playing field for corporations as they deploy VoIP and related technologies.From The Internet Security Alliance: The ISAlliance is leading a project to develop an... more
-
-
T-mobile customers are awakening this morning to reports that hacker/extortionists have victimized the cellular carrier through a massive network breach resulting in the theft of untold amounts of corporate and customer data, which they’re threatening to sell to the highest bidder.T-Mobile says it is investigating.T-mobile customers are awakening this morning to reports that hacker/extortionists... more
-