Echo Mirage: Walkthrough

By Chiragh Dewan

In this article, we will learn about Echo Mirage, a freeware tool that hooks into an application’s process and enables us to monitor the network interactions being done. This process can be done with a running process, or it can run the application on the user’s behalf. This type of security testing falls under Thick Client Application Security Testing. Thick Clients Applications can be further divided into two parts: Proxy-aware Thick Clients Proxy-Unaware Thick Clients Proxy-aware Thick Clients If a Thick Client can set up a proxy server, then it is known as a Proxy-aware Thick Client. Examples of Proxy-aware Thick Clients are Microsoft Outlook, Google Talk, Yahoo Messenger, etc.
» Read more

Using Influence Strategies to Improve Security Awareness Programs

By Alyssa Robinson

Even companies with extensive, well-funded security awareness programs fall victim to attacks involving phishing, weak passwords and SQL injection, presumably the primary targets of user education. Either their users don’t have the skills to avoid these pitfalls, or they lack the motivation to apply those skills. Psychologists and other social scientists have studied the roots of effective behavioral change and have solutions to offer. By exploring personal, social and environmental sources of motivation and ability, security awareness professionals can attack the problem from multiple sides and give users both the ability and the will to make necessary changes.
» Read more

IT Security Awareness Programs

By Peter Lindley

It’s an accepted fundamental of IT Security: the weakest point is almost always the user. Most surveys and annual security reports will show that incidents caused by the user will represent the highest percentage by far of those reported or detected. And by the same token, the best “bang for your buck” for security incident prevention is invariably the security awareness program. But what exactly is a security awareness program? What should it include? I was once appointed to a recently-formed organization as its IT Security Manager. I was tasked with implementing and managing an Information Security Management System (ISMS) for the new body. A team of consultants had developed a number of IT security policies and security operating procedures (SyOps) as part of the ISMS prior to my appointment. These included a main overarching System Security Policy with various detailed policies specific to particular areas (for example, an incident reporting policy) supported by a number of S…

» Read more

Top 20 Security Awareness Tips & Tricks

Keeping your data safe and far away from the clutches of the hacking community is a need of the hour in today’s world. We have compiled 20 of the most beneficial security awareness tips and tricks that should be common knowledge. Don’t sell yourself short Many forensic experts claim that the majority of their victims …

» Read more

Awareness, A Never Ending Struggle

By Douglas Alred

The setting is a large federal government owned facility operated by a major contractor with quite a number of sub contractor personnel also on site. All contractors and sub contractors are required to attend computer security awareness training by their federal customer. Training rosters are signed and entered into tracking to document that yes, all personnel have received the required training. This may satisfy any government and company requirements but the real test occurs every day. Will employees follow the guidance they have been given in awareness training? Below are some example scenarios that could take place.

» Read more

Who Should Be Able to Opt Out of Security Awareness training – and How

By Ian Palmer

Brad Johnson is adamant that no one in an organization should be exempt from security awareness training. Not the CEO. Not the chief security officer. Nobody. Johnson, the vice president of SystemExperts, says that making exceptions on the security awareness training front would only open companies up to a host of problems that otherwise might have been avoided. “Who should be able to opt out of security awareness training? The simple answer is nobody,” says Johnson. “Yes, I said nobody. What about the chief security officer? Nope. What about the director of IT management? Nope. And so on, and so on. Let’s ask this same kind of question in a different context. What NFL player should be able to opt out of practice? Should an NBA player be able to opt out of warm-ups?”

» Read more

Security Awareness Training as a Revenue Generator

By Miller Henley

One of the roadblocks that IT managers often encounter when trying to implement IT security awareness training initiatives is justifying expenses associated with the program. Businesses live and die by return on investment (ROI) and rightfully so. Executives insist upon proof that any outlay of resources will have a positive impact on the bottom line. Unlike a product that is purchased and resold, an online advertising campaign where clicks may be tracked, or the addition of a new sales rep with a corresponding increase in sales, it is a little more difficult to pinpoint the exact economic benefit of IT security awareness training, but certainly doable.
» Read more

The Components of Top Security Awareness Programs

By Daniel Brecht

A good security awareness program is a great way to inform personnel on any kind of malicious activity targeting an enterprise’s use of cyberspace. It is crucial that organizations’ staff be wary of common fraud schemes, especially those targeting them rather than technical components of the infrastructure. Preparing staff to discover phishing or other types of cyber scams means providing a comprehensive system of training, policies and procedural instructions that could help recognize signs of malfeasance and report suspicious activity and not fall prey of scam artists. End-user training is one of the keys to the successful implementation of any security awareness program.

» Read more

Mobile Security Awareness Can Help Prevent ID Theft

By Ian Palmer

ID theft is definitely big business these days as cyber criminals enjoy ill-gotten gains at the expense of unsuspecting people who all too often do too little to protect themselves. But perhaps even more disconcerting than the ID theft problem is the fact that one solution – mobile security awareness – is all too often overlooked. And, to be sure, mobile security awareness can help to prevent ID theft, which occurs when someone accesses another’s personal data and then pretends to be that person to potentially apply for credit cards or loans.

» Read more

Keeping your Security Awareness Training up to Date

By InfoSec Resources

The more you perform phishing simulation training your users become more and more security-conscious and thereby more aware of the basic phishing symptoms such as spoofed domains, requests for passwords, and unsolicited requests for financial information. This is without doubt a positive byproduct of active training, but keep mind, the real-world attackers are aware that users are becoming better informed as well. A training routine is definitely a must-have, but a stale training plan is only slightly better than no plan at all.

» Read more

1 2 3 4 6