Application Security Architecture Authentication
CertificationsCorporate ComplianceCryptology
Disaster RecoveryEnterprise SecurityExploits
FirewallsIncident HandlingIntrusion Detection
OS SecurityPolicies and ProceduresSecurity Basics
Security ManagementSecurity ToolsServers
StandardsVoIPVulnerability Management
Web SecurityWiFi SecurityWorms and Viruses

Response redefined – ICT and the future of public safety

by Ericsson

Mobile broadband and distributed computing, coupled with industry-wide standardization efforts, can transform emergency response. This paper explains how to use ICT architecture and consulting frameworks to create truly mission-critical, multiagency platforms that enable effective communications and information sharing. At the same time, factors such as affordability and ease of implementation should lead agencies to embrace solutions based on open standards.
» Read more

Cybersecurity Risk Reduction

by David Simpson, Rear Admiral (ret.) USN Bureau Chief

This whitepaper describes the risk reduction portfolio of the current Commission and suggests actions that would continue to affirmatively reduce cyber risk in a manner that incents competition, protects consumers, and reduces significant national security risks.
» Read more

IoT Security

by Ericsson

The IoT brings a new set of issues, such as the security, safety, and robustness of cyber-physical systems. Novel types of attack, as well as new privacy and cybersecurity regulations, may take many industries by surprise. Yet the economic benefits of the IoT as an enabler for analytics, automation, and process and resource optimization cannot be overstated. To succeed with the transformation that the IoT brings about, industries need to gather competence and understand new threats and how to mitigate them.
This white paper provides an insight into the major security and privacy challenges due to be met in the Networked Society. Specifically, it addresses security, safety, and privacy in the entire IoT value chain, which includes devices, networks, cloud, infrastructure, applications, and services. The paper also identifies the main security challenges and approaches that need to be taken in the IoT sphere to withstand attacks, and discusses how IoT security and privacy need to be addressed through technology, standardization, and regulation.
» Read more

Next-Gen Protection for the Endpoint: SANS Review of Carbon Black Cb Defense

by Jerry Shenk

In today’s threat landscape, organizations wanting to shore up their defenses need endpoint tools that not only detect, alert and prevent malware and malware-less attacks, but also provide defenders a road map of the systems and pathways attackers took advantage of. Our review shows that Carbon Black’s Cb Defense does all this and more with a high degree of intelligence and analytics. Utilizing a cloud-based delivery system, it makes informed decisions on subtle user and system behaviors that we wouldn’t otherwise see with traditional antivirus tools. Importantly, it saved us time: Manual correlation and false positives are among the top 10 time-consuming tasks IT professionals hate, according to a recent article in Dark Reading.2 Rather than toggling between separate security systems, tra c logs and so on, we used a single cloud interface (through drill-down and pivot) to determine whether a threat was a false positive or real.
» Read more

Managing Security Risks in Wireless Networks

WiFiNetwork

by Michelle Sellers

This is 2017 and wireless networks are an important part of the structure in nearly every business. Unfortunately they are also a large vector for attackers to compromise vulnerabilities in a system that hasn’t been secured properly. This whitepaper will discuss the inherent vulnerabilities of a wireless network and ways to manage and mitigate these risks properly.
» Read more

Mobile Device Management

by Michelle Sellers

Mobile device management is an important topic for companies considering the use of a mobile device policy.  There are several vulnerabilities that can be caused from outside sources, not to mention vulnerabilities that come from the inside. McAfee, a leader in antivirus is reporting that the top cyber threats for 2014 are attacks on mobile devices (Gormisky, n.d.). A mobile device that has been attacked can compromise corporate data. Companies need to do the research involved in securing mobile devices before accepting the possibility of “bring your own device” to the workplace.

» Read more

Active Defense Through Deceptive Configuration Techniques

by Nathaniel Quist

Honeypots are making a profound impact in the security world. Their ability to infer information about an attacker’s Tactics, Techniques, and Procedures (TTPs), allow defenders to configure their defenses to respond to emerging threats, capture 0-Day exploits, and identify malicious users within a network.
» Read more

Combatting Cyber Risks in the Supply Chain

The latest and greatest advances in technology have created greater efficiency and effectiveness for organizations and their supply chains. However, with the pace of data breaches and intrusions into computer systems accelerating at an alarming rate, this increased level of access and integration within host organization environments can present risks and potential new avenues of compromise. We are seeing unprecedented advancements in the sophistication of perpetrators, making supply chain vendors equally vulnerable to advanced attacks.
» Read more