tagged w/ Internet Security Alliance
-
It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a condition where you can defeat CSRF tokens...
https://www.infosecisland.com/articleview/3256-Using-Parameter-Pollution-and-Clickjacking-to-Aid-Anti-CSRF-Bypass.htmlIt’s been a while since I’ve talked about Clickjacking, with only a few... more
-
-
Once an agency crosses over into social media interactions with other agencies and non-governmental organizations, the guidance gets diluted. The guidelines point to five government agencies, none of which are the definitive resource for social media implementations. These guidelines are a must read for any organization that is considering a foray into the Web 2.0 sphere…
http://information-security-resources.com/2010/02/25/federal-guides-for-social-media-security-pii/Once an agency crosses over into social media interactions with other agencies and... more
-
-
Over a billion people visited social networking sites such as Facebook and Twitter last month so it’s not surprising that hackers have these sites in their cross-hairs. In fact, according to recent research from Breach Security Labs, social networks were the most targeted category in 2009, accounting for 19% of all malicious attacks last year. By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private…
http://information-security-resources.com/2010/02/14/how-to-protect-your-social-network-identity/Over a billion people visited social networking sites such as Facebook and Twitter... more
-
-
The Internet Security Alliance presented Melissa Hathaway with its annual award for vision in cyber security Tuesday during an event at the National Press Club. Hathaway, the Obama Administration’s former acting cyber security chief, received the McCurdy Award on the one-year anniversary of when she began her 60-day review of the government’s cyber security program. ISA believes that Hathaway’s work, if implemented, would result in the establishment of a modern partnership between the public and private sectors, which is necessary for an effective and sustainable system of cyber security.
http://information-security-resources.com/2010/02/09/isa-presents-melissa-hathaway-with-award/The Internet Security Alliance presented Melissa Hathaway with its annual award for... more
-
-
Infosec Island, the new online community designed especially for IT and network professionals who manage information security, risk and compliance issues, today announced its new Q1 membership drive promotion. From now until March 31st, anyone who signs up for a free Infosec Island membership will be automatically entered in the Q1 Infosec Port of Call Drawing to win one of three great prizes.
There are lots of good infosec sources out there, but no other community offers infosec pros the unique combination that Infosec Island does:
• Managed services security platform,
• Premium security services,
• Free security tools,
• Direct communication with peers,
• Secure infosec portal, and
• Built-in social network.
Join today - It's Free!
https://www.infosecisland.com/register.html
http://information-security-resources.com/island-membership-drive-over-10k-in-prizes/Infosec Island, the new online community designed especially for IT and network... more
-
-
Recently we have witnessed the emergence of international hactivist and vigilante “The Jester” through his crusade against jihadi and militant Islamic networks, and some third party networks that contain evidence of having been infiltrated by rogue elements. Jester’s activities raise an important question: Where do cyber vigilantes fall on the infosec ethics spectrum?
http://information-security-resources.com/2010/01/27/q-a-with-anti-jihadi-hacker-the-jester/Recently we have witnessed the emergence of international hactivist and vigilante... more
-
-
As the Haitian people fight for subsistence, the world is responding with food and medical assistance. This tragedy wreaked havoc on a victim unsung by the news media – the telecommunications infrastructure. However, there is a ground-swell in the technical community targeting this need. George Moraetes is among those that have used their skills to help.
http://information-security-resources.com/2010/01/21/it-expertise-helping-in-haitian-recovery/As the Haitian people fight for subsistence, the world is responding with food and... more
-
-
A value statement connects a project or investment to the mission and values of the organization and there are cases were value overrides financial ROI. A cogent value statement combined with a best-effort ROI can enhance both the bottom line and the security posture of the company by identifying the operational conditions for success.
http://information-security-resources.com/2009/12/20/roi-and-the-infosec-value-statement/A value statement connects a project or investment to the mission and values of the... more
-
-
If a company wants to have a social media presence, then the people involved in the usage will need to have the training to understand what to and not to post and what is acceptable use (no Facebook apps). The Internet is full of regrettable stories of CEOs and other high-ranking employees discussing inappropriate topics that immediately plunge themselves and their firm into hot water.
http://information-security-resources.com/2009/12/13/exploring-the-social-media-security-quandary/If a company wants to have a social media presence, then the people involved in the... more
-
-
Typically, the economics of cyber security are not readily transparent and they are poorly appreciated. When defensive investment is compromised by factors beyond an organization’s control, the motivation for continued investment is reduced substantially. Effective and sustainable improvements in our collective cyber security posture will stem from a comprehensive understanding of how to effectively motivate all players across our economic landscape to actively engage in proven best-practices in both their business and individual cyber activities.
http://information-security-resources.com/2009/12/03/isalliance-delivers-cyber-security-report/Typically, the economics of cyber security are not readily transparent and they are... more
-
-
During a recent interview Navy CIO Robert Carey stated that cloud computing offered real value to the Navy, iting that both the Navy Next Generation Enterprise Network and Consolidated Afloat Networks and Enterprise Service programs will leverage cloud computing. He envisions a future day when “Grey clouds” within a ship’s hull will transition to clouds within the battle group.
http://information-security-resources.com/2009/11/24/us-navy-successfully-tests-cloud-based-iaas/During a recent interview Navy CIO Robert Carey stated that cloud computing offered... more
-
-
“First, the President is correct in his appreciation of the need to view cyber security as not just a technical and security issue, but as an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other.” ~ Congressional Testimony
http://information-security-resources.com/2009/11/18/isalliance-cyber-security-is-economic-issue/“First, the President is correct in his appreciation of the need to view cyber... more
-
-
-
The ISA will release a new cybersecurity report, which proposes frameworks for taking key issues in the Obama Administration’s “Cyberspace Policy Review” document to the next level, in an effort to achieve tangible progress. The report will include frameworks for creating a new, practical model for information sharing; addressing the international nature of cybersecurity issues; developing a market for adopting good security standards and practices; building a highly educated digital workforce; and managing the global IT supply chain.
http://information-security-resources.com/2009/11/11/isalliance-to-release-cyber-security-report/The ISA will release a new cybersecurity report, which proposes frameworks for taking... more
-
-
-
-
-
-
According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued, and management must be able to accurately assess the program in the context of the company’s cultural and political reality. Failure to do this will inevitably create a clash between strategic security plans and the operational activities that enable that vision.According to Sun Tzu, the Tao is the Way – the context that defines how actions... more
-
-
(Video) During this week’s Federal Executive Forum, key decision makers from DoD, DHS and FBI highlighted identity management interoperability as their key priority for 2010. Panelists included: Robert Mocny, Acting Director, US-VISIT Program Department of Homeland Security; Stephen Morris, Criminal Justice Information Services Division, FBI; and Thomas Dee, Director, Defense Biometrics, Office of the Secretary of Defense…(Video) During this week’s Federal Executive Forum, key decision makers from... more
-