The InfoSec Blog

System Integrity: Context Is Everything

Navigation
  • About The Author
  • Presentations
  • System Integrity

Another Java bug: Disable the java setting in your browser

11 January, 2013 | Filed under: Cloud, Failures, Human Factors, Rants and Raves, Risk

http://www.kb.cert.org/vuls/id/625617 Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable …

How much Risk Assessment is needed?

2 October, 2012 | Filed under: FAQ, ISO27K, Risk

In many of the InfoSec forums I subscribe to people regularly as  the “How long is a piece of string” question: How extensive a risk assessment is required? It’s a perfectly valid question we all have faced, along with the “where do I begin” class of questions. The ISO-27001 standard …

An “11th Domain” book.

2 October, 2012 | Filed under: 11th Domain, Human Factors

http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere:   Awareness training is important. I go slightly further and think that a key part of a security practitioners professional knowledge should be about human psychology and sociology, how behaviour is influenced. I believe we need to know this …

Learning to Counter Threats – Skills or Ethics?

14 September, 2012 | Filed under: 11th Domain, Crime, Human Factors, Social

Fellow CISSP  Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning how to lie (con, `social engineer,’ etc.) by practising lying (conning, `social engineering’, etc.) is logically identical to innumerable arguments about whether “good guys” (e.g. cops …

Marketing Is Dead – Harvard Business Review

30 August, 2012 | Filed under: How-to, Human Factors, Politics & Economics, Social

http://blogs.hbr.org/cs/2012/08/marketing_is_dead.html Of course you have to have a catchy title, but what this really says is … in today’s increasingly social media-infused environment, traditional marketing and sales not only doesn’t work so well, it doesn’t make sense. Think about it: an organization hires people — employees, agencies, consultants, partners — …

How to build an asset inventory for 27001

How do you know WHAT assets are  to be included in the ISO-27K Asset Inventory? This question and variants of the “What …

A cautionary tale about the dangers of keeping everything in the

http://www.brisbanetimes.com.au/digital-life/consumer-security/apple-cloud-burst-how-hacker-wiped-mats-life-20120806-23orv.html “Once the hacker gained access to Honan’s iCloud account, he or she was able to reset his password, before sending the …

Identity Management in the extreme!

http://www.abcactionnews.com/dpp/news/region_pasco/fantasy-or-criminal-mind-police-find-stash-of-fake-ids-and-uniforms Investigators say Antigua tried to pass himself off as an Air Force veteran, a member of NASA’s Space Shuttle crew, even …

Steve Wozniak: Cloud Computing Will Cause ‘Horrible Problems In The

http://www.businessinsider.com/steve-wozniak-cloud-computing-will-cause-horrible-problems-in-the-next-five-years-2012-8 Perhaps The Woz isn’t the influence he once was, and certainly not on Wall Street and the consumer market place. The …

Tight budgets no excuse for SMBs’ poor security readiness

http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that …

Control objectives – Why they are important

http://blog.iso27001standard.com/2012/04/10/iso-27001-control-objectives-why-are-they-important/ Let us leave aside the poor blog layout, Dejan’s picture ‘above the fold’ taking up to much screen real estate. In …

Escalation

http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ At one level there’s the old argument about disclosure of security holes, but this is also an example of ‘driving’ security …

Why Info Sec Positions Go Unfilled

http://www.infosecleaders.com/2012/05/career-advice-tuesday-why-info-sec-position-go-unfilled/ There are many holes in this, but I think they miss some important points. First is setting IT HR to look …

How to get a job in security

http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/ I often get hit on by wannabes who want to – as they put it – “break into security” and get …

If Customers Ask for More Choice, Don’t Listen

http://blogs.hbr.org/cs/2012/05/customers_arent_as_savvy_as_yo.html Perhaps the reason that Apple is ahead with the iPod, iPhone and iPad is that the competitors are offering too much …

An OP-ED by Richard Clarke on China

http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html This is better written than most ‘chicken little’ pieces, but please can we have ‘history’ of how most nations, including the …

Managing Software

Last month, this question came up in a discussion forum I’m involved with: Another challenge to which i want to get an …

Help on ISO-27000 SoA

This kind of question keeps coming up, many people are unclear about the Statement of Applicability on ISO-27000. The  SoA should outline …

Surely compliance is binary?

Call me a dinosaur (that’s OK, since its the weekend and dressed down to work in the garden) but … Surely COMPLIANCE …

Social Engineering and sufficency of awareness training

Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of …

Read all Articles →

Calendar

May 2013
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
2728293031  

Search

Archives

Tag Cloud

Access control Apple Botnet Business Business Continuity Planning Certified Information Systems Security Professional CISSP Computer security Confidence trick Consultants controls Donn Parker Editing English language FMEA fraud HP Individual Standards Information security infosec International Organization for Standardization IPad IPhone ISO/IEC 27001 Laptop laptops Law Linux Malware Management Microsoft Open source owasp Policy Risk Risk analysis Risk assessment Risk Management Security Site Management Standards statistics Technology United States Vulnerability

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Popular Pages

  • The Classical Risk Equation
  • Separation of Duties: Infosec, IT and Audit
  • “Cybercrime” is still Crime and “Cyberfraud” is still Fraud
  • Risk Analysis makes no sense … Does it?
  • Are *you* ready to give up yet?
  • Why InfoSec Positions go unfilled
  • Security
  • Risk

Categories

Advisories & Vulnerbilities

  • bugtraq @ insecure.org
  • SANS Security Alerts
  • SANS Storm Center
  • Secunia Advisories
  • Symantec Security Response – Advisories
  • Symantec Security Response – Resent Viruses

Blogroll

  • Augusto Paes de Barros
  • Bob Johnston
  • Daniel Accioly Rosa
  • Deep Litter
  • DHS Daily Report
  • Eduardo Neves
  • Emergent Properties
  • Gary Hinson
  • Hayden’s Harangues
  • Martin McKeay
  • Schneier on Security
  • The Quiet Earth
  • The Security Team
  • Watchguard Wire

Security Links

  • CERT-CC
  • E2K Security
  • focus-ids @ insecure.org
  • fulldisclosure @ insecure.org
  • Identity mangement news
  • Incidents
  • InfoWorld- Security
  • isn @ insecure.org
  • joatBlog
  • Kill-HUP.com
  • Mark O’Neill’s Radio Weblog
  • microsoft @ insecure.org
  • Microsoft TechNet – Security
  • MSDN- Security
  • Network World Fusion NetFlash
  • Network World on Privacy
  • Network World on Security
  • Network World on Wireless Security
  • nmap-hackers @ insecure.org
  • Scott Granneman- Intellectual Property
  • Scott Granneman- Privacy
  • Scott Granneman- Security
  • Scott Loftesness- Digital Identity
  • Security Blog
  • Stupid Security
  • THE Network Security Blog – Geek Troy Jessup
  • Wi-Fi Networking News
  • Wifi Security Project

© 2013 The InfoSec Blog

Powered by Esplanade Theme by One Designs and WordPress