If your company is like most, you consider a cyber security incident to be such only if ‘you get hacked’ – whatever this magic term means, or if a major mass infection occurs in your network. But if you really look into what is going on in your IT environment you might find one or … Read more Cyber Incident Response
Or the art of active defense and enemy disorientation “You can ensure the safety of your defense if you only hold positions that cannot be attacked. Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.” … Read more Smoke and Mirrors
Malware such as Neverquest, Zeus or GameOver Zeus is getting more aggressive every day and the stealth way it steals money makes it even more dangerous. The methods used by Neverquest and similar MITB (man-in-the-browser) attacks are described in the following video: and at the following Wikipedia page: http://en.wikipedia.org/wiki/Man-in-the-browser In short: by obtaining full control … Read more Man in the browser attack mitigation
Business operations may and usually do depend on maintaining control over critical information. You may, however, lose control over this information (whether it would be lost, deleted, stolen, published, etc) – in this case you may need to respond to a security incident. Even though you should be concerned about potentially malicious hackers breaking through … Read more Data Loss Incidents: preparation and response
APT is the new INFOSEC marketing term – every other company / service / product is offering ‘protection from Advanced Persistent Threats” – without even explaining what the term means. Probably because if they do explain, you will lose any interest in their products? APT is not about what – code, viruses, malware, spyware or … Read more Explaining APT in a simple language
With any business involving serious research & development, where a new and disruptive technology is at stake or where information could build or destroy a business or a product there is a risk of cyber / conventional economic espionage. Essentially, that is preventing APT (Advanced Persistent Threat) from being a risk for you – or … Read more Preventing Cyber Espionage
Signs of a Denial of Service Attack The network appears to be running slower than usual or there is no connection at all. (opening files or visiting websites) Unable to reach a University website,resource, or any public website or resource available through the internet. Mailbox is inundated with spam to the point that no legitimate … Read more Possible Signs of a Security Incident
It took us several months of hard work to complete our own information security policy template – and this post will guide you through the process if you are after building your own, rather than getting ours. The first step in the way is identifying what standards and guidelines should such a policy follow – … Read more How to create a sample information security policy template
How secure is your password? Do you think someone might already know it? Do you know how much time it would take to guess / bruteforce your password? Most password complexity rules and tools tell you that if your password is complex, it is secure. WRONG! If it exists anywhere online, you can consider it … Read more Most commonly used passwords and their implications
A – Assets – Something of value requiring protection (hardware, software, data, reputation) B – Backup – The three most important safeguards – backup, backup, backup C – Countermeasures and Controls – Prevent, detect, and recover from security incidents D – DAA and Other Officials – Manage and accept risk and authorize the system to … Read more ABC’s of Information Security