http://www.kb.cert.org/vuls/id/625617 Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable …
In many of the InfoSec forums I subscribe to people regularly as the “How long is a piece of string” question: How extensive a risk assessment is required? It’s a perfectly valid question we all have faced, along with the “where do I begin” class of questions. The ISO-27001 standard …
http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly further and think that a key part of a security practitioners professional knowledge should be about human psychology and sociology, how behaviour is influenced. I believe we need to know this …
Fellow CISSP Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning how to lie (con, `social engineer,’ etc.) by practising lying (conning, `social engineering’, etc.) is logically identical to innumerable arguments about whether “good guys” (e.g. cops …
http://blogs.hbr.org/cs/2012/08/marketing_is_dead.html Of course you have to have a catchy title, but what this really says is … in today’s increasingly social media-infused environment, traditional marketing and sales not only doesn’t work so well, it doesn’t make sense. Think about it: an organization hires people — employees, agencies, consultants, partners — …
How do you know WHAT assets are to be included in the ISO-27K Asset Inventory? This question and variants of the “What …
http://www.brisbanetimes.com.au/digital-life/consumer-security/apple-cloud-burst-how-hacker-wiped-mats-life-20120806-23orv.html “Once the hacker gained access to Honan’s iCloud account, he or she was able to reset his password, before sending the …
http://www.abcactionnews.com/dpp/news/region_pasco/fantasy-or-criminal-mind-police-find-stash-of-fake-ids-and-uniforms Investigators say Antigua tried to pass himself off as an Air Force veteran, a member of NASA’s Space Shuttle crew, even …
http://www.businessinsider.com/steve-wozniak-cloud-computing-will-cause-horrible-problems-in-the-next-five-years-2012-8 Perhaps The Woz isn’t the influence he once was, and certainly not on Wall Street and the consumer market place. The …
http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that …
http://blog.iso27001standard.com/2012/04/10/iso-27001-control-objectives-why-are-they-important/ Let us leave aside the poor blog layout, Dejan’s picture ‘above the fold’ taking up to much screen real estate. In …
http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ At one level there’s the old argument about disclosure of security holes, but this is also an example of ‘driving’ security …
http://www.infosecleaders.com/2012/05/career-advice-tuesday-why-info-sec-position-go-unfilled/ There are many holes in this, but I think they miss some important points. First is setting IT HR to look …
http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/ I often get hit on by wannabes who want to – as they put it – “break into security” and get …
http://blogs.hbr.org/cs/2012/05/customers_arent_as_savvy_as_yo.html Perhaps the reason that Apple is ahead with the iPod, iPhone and iPad is that the competitors are offering too much …
http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html This is better written than most ‘chicken little’ pieces, but please can we have ‘history’ of how most nations, including the …
Last month, this question came up in a discussion forum I’m involved with: Another challenge to which i want to get an …
This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The SoA should outline …
Call me a dinosaur (that’s OK, since its the weekend and dressed down to work in the garden) but … Surely COMPLIANCE …
Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of …
© 2013 The InfoSec Blog
Powered by Esplanade Theme by One Designs and WordPress