Future Privacy and Security Controls

by Michelle Sellers

Technology is moving so quickly, it’s difficult to keep up with the security features that are needed to keep it secure. As a result; after a tool, device, or software are released, there is usually a security patch or several security patches that follow to secure it. Sometimes this security comes a little too late.

The future of technology is heading more towards mobility and ease of use. Employers want their employees to be able to work from anywhere and at any time. The problem with this is that with mobility and ease of use; also come security issues that need to be considered for better privacy and security controls.

» Read more

Active Defense Through Deceptive Configuration Techniques

by Nathaniel Quist

Honeypots are making a profound impact in the security world. Their ability to infer information about an attacker’s Tactics, Techniques, and Procedures (TTPs), allow defenders to configure their defenses to respond to emerging threats, capture 0-Day exploits, and identify malicious users within a network.
» Read more

Best Practices in Mobile Phone Investigations

The field of mobile phone investigation has grown exponentially in recent years. The number of cell phones investigated each year has increased nearly tenfold over the past decade. Courtrooms are relying more on the information inside a cell phone as vital evidence in cases of all types.

Despite that, the practice of mobile phone forensics is still in its relative infancy. Many digital investigators are new to the field and are in search of a simple book that could be titled Phone Forensics for Dummies.

Unfortunately, that book is not available yet—so investigators need to look elsewhere for information on how to best tackle cell phone analysis. This article can help—although by no means should it serve as an academic guide. It can, however, be used as a first step to help an investigator gain a basic understanding in the area.
» Read more

A Proactive Approach to Incident Response

Any incident response has two components that drive overall cost:
1. How long does it take to detect the intrusion after the attackers first gain access?
2. Once detected, how quickly can the incident be remediated?
Finding a solution that addresses both questions with satisfactory answers is the job of any organization that cares about saving costs and protecting data. In today’s security environment, though, separating the important signal from the noise is one of the bigger challenges incident responders face.
» Read more

Combatting Cyber Risks in the Supply Chain

The latest and greatest advances in technology have created greater efficiency and effectiveness for organizations and their supply chains. However, with the pace of data breaches and intrusions into computer systems accelerating at an alarming rate, this increased level of access and integration within host organization environments can present risks and potential new avenues of compromise. We are seeing unprecedented advancements in the sophistication of perpetrators, making supply chain vendors equally vulnerable to advanced attacks.
» Read more

Honeytokens and honeypots for web ID and IH

Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks. In this exercise, we respond using valid email addresses that actually received the phish, and wrong passwords. We demonstrate using custom single sign-on code to redirect logins with those fake passwords and any other logins from presumed attacker source IP addresses to a dedicated phishing-victim web honeypot. Although the proof-of-concept described did not become a production deployment, it provided insight into current attacks.
» Read more

Is The Security+ Still Worth It?

by Michelle Sellers

The Facts
The Security+ Certification was released in December 2002. The objectives were derived through input from industry, government and academia, a job task analysis, a survey of more than 1,100 subject matter experts and a beta exam with responses from subject matter experts around the world. The test questions were written by IT security professionals, so you can be assured of their relevance. It turns out to be a structured certification program that attempts to fill the gap for trained information security professionals. Since 2002 there have been approximately 10,000 CompTIA Security+ certified professionals in 112 Countries.
» Read more

Mitigating Web Threats with Comprehensive and Pervasive Security

From collaboration to communication to data access, the web is a mission-critical business tool. Enterprises rely heavily on the web, not only to innovate and compete, but also to conduct daily business. But the web also poses significant security risks to the enterprise that are easily encountered by users but not so easy to detect.

Some of the most sophisticated web-based threats are designed to hide in plain sight on legitimate and well-trafficked websites. For example, “malvertising” is the new industry term for disguising malware as online advertisements. Watering hole attacks conceal malware on member-based sites, phishing targets individuals with personal details and botnets take control of victim’s devices.
» Read more

1 26 27 28 29