http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly further and think that a key part of a security practitioners professional knowledge should be about human psychology and sociology, how behaviour is influenced. I believe we need to know this …
Fellow CISSP Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning how to lie (con, `social engineer,’ etc.) by practising lying (conning, `social engineering’, etc.) is logically identical to innumerable arguments about whether “good guys” (e.g. cops …
http://www.zdnet.com/tight-budgets-no-excuse-for-smbs-poor-security-readiness-2062305005/ From the left hand doesn’t know what the right hands is doing department: Ngair Teow Hin, CEO of SecureAge, noted that smaller companies tend to be “hard-pressed” to invest or focus on IT-related resources such as security tools due to the lack of capital. This financial situation is further …
Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are made by the social engineers and to glean information from your employees. Yes but as RSA demonstrated, it is a moving target. You need to have …
http://compliancesearch.com/compliancex/insider-trading/senate-votes-to-ban-insider-trading-by-its-members/ And this doesn’t actually stop them form making use of ‘insider information’ they just have to declare it within 30 days. No, wait, sorry … you mean that the legislators are saying that legislators shouldn’t do something that is illegal anyway? Or that, if they do something that is …
http://www.linuxfordevices.com/c/a/News/Kootol-joins-Lodsys-as-a-patent-troll/?kc=LNXDEVNL072111 The Debt ceiling crisis will pass; even if there is a crash, the USA can recover from it … IF its core economic worth, that is its industrial productivity, is unharmed. There are a number of ways this can be harmed, poor credit rating among them, lack of availability …
I was at a presentation yesterday. One of the vendor’s speakers, I’m sorry to say, was a CISSP. OK, he wasn’t Ian Paisley or any other radical religious zealot. BUT his was hectoring us and telling us that the Devil is out there gathering sinners (aka botnets) and tempting us …
You gotta love the low-tech solution. It’s really never NOT about people, is it? Darn tooting right! Its always people. Any way you look at it. Which is why I go on about The 11th Domain. Why the CBK places so much emphasis on technology when the (ISC)2′s motto is …
Apparently (ISC)2 did this survey … which means they asked the likes of us …. http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html Faced with an attack surface that seems to be growing at an overwhelming rate, many security professionals are beginning to wonder whether their jobs are too much for them, according to a study published …
http://news.discovery.com/earth/megastorm-californias-other-big-one.html Just in the last 15 years, since microwave technology aboard satellites produced images of water vapor in the atmosphere, scientists have come to realize that most major winter rainstorms over California, and virtually all flooding episodes, are the result of the unloading of airborne streams of tropical moisture that …
http://www.bankinfosecurity.com/articles.php?art_id=2914 Fascinating. I get a lot of enquiries from wannabes who, as they put it, want to “break into security“. I presume they see it as more interesting than the work they are doing. They come in all varieties, from high-school kids asking about what degree they should take to …
http://blogs.csoonline.com/problem_3_for_security_professionals_not_enough_humble_pie?source=CSONLE_nlt_update_2010-01-12 Talk about difficult to read! I hate sites like this, only slightly more than ones that use a completely black background. Image via Wikipedia A large part of my “11th Domain” bleating is about communication – thinking in terms of the other person, their needs and views and …
Some references for “The 11th Domain” I’m going to respond to this as broadly as possible. This is not a subject like “access control” that is hard and bound. First, there’s Human Communication. Probably the best source for this is to take the Dale Carnegie course on Public Speaking. No, …
I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense, I was forced to resign within two months of discovering a serious security issue which possibly jeopardized overseas operations. I have since found out that they …
http://www.itworldcanada.com/a/Daily-News/03b813a2-f13b-4c3e-9494-ae9064f25da3.html “When they outlaw X only criminals will have X” … for many values of the members of the set of Y. There’s the old saw: People who won’t quit making the same mistake over and over are what we call conservatives. No, they are politicians. He added that making …
© 2013 The InfoSec Blog
Powered by Esplanade Theme by One Designs and WordPress