October 12th, 2009 | By Sara Peters | No Comments »
The October issue of the CSI Alert—this month, focusing on Windows 7--is now available to CSI members. (Not a member? Visit http://www.gocsi.com/membership/ to join.)
This issue is, in some ways, a follow-up to last year's issue, "The Fate of the Secure OS," in which I say some nice things about Windows Vista, and advise that it was imprudent to completely ignore Windows Vista, eyes-closed, fingers-in-ears, chanting I'm-not-listening-I'm-not-listening. For supporting Vista I received some abuse. Me ...
Read more..
October 1st, 2009 | By Robert Richardson | No Comments »
As you may well already know, October is cyber security awareness month. As the DHS says:
The theme for National Cybersecurity Awareness Month 2009 is “Our Shared Responsibility” to reinforce the message that all computer users, not just industry and government, have a responsibility to practice good “cyber hygiene” and to protect themselves and their families at home, at work and at school.
There is of course, absolutely nothing wrong with that. On the other hand, there ...
Read more..
September 14th, 2009 | By Sara Peters | No Comments »
CSI members can find the September 2009 issue of the Alert at http://www.gocsi.com/membersonly/showArticle.jhtml?articleID=220000264&catID=14120.
This month's issue, which I'm calling "Talk to Strangers," is all about claims-based identity management.
Want to reduce your data security efforts? Have less data. Want to maintain your privacy? Don’t give out so much personal information. Want to make sure a user is who they say they are? Then don’t just ask the user; ask someone you trust to vouch for them. Want ...
Read more..
August 17th, 2009 | By Sara Peters | No Comments »
Update on upd4t3, 3:35 ET: Social networks really do bring people together, don't they? Old friends. Long-lost relatives. Bots and bot-herders. Warms the heart.
Thursday, Jose Nazario, Arbor Networks's manager of security research, discovered a Twitter account--username "upd4t3--being used as a botnet command-and-control center. Bot-herders have been troubled to find a safe and reliable way to communicate new commands to their bots, often migrating from one technology to another, and this is the first known ...
Read more..
July 29th, 2009 | By Sara Peters | No Comments »
UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking.
BlackHat, Kinda: Yesterday a hacking group released details (http://sh0dan.org/zf05.txt)of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most well-known experts. The group claims that they collected about 75,000 passwords, including those of ...
Read more..
July 6th, 2009 | By Sara Peters | 1 Comment »
We've been saying for awhile now that better identity management--more so than secure Web app coding or even more secure browsers--could fuel a quantum leap in Web security. The "Identity 2.0" community can be credited with wonderful research and truly significant advancements in identity management technology. In many ways we're poised for an identity revolution. However, the efforts have been hampered by a lack of public awareness, a lack of interoperable standards, usability concerns and ...
Read more..
June 30th, 2009 | By Kristen Romonovich | No Comments »
The June 2009 Alert, Unified Compliance Framework, is now available: http://gocsi.com/membersonly/showArticle.jhtml?articleID=218102039&catID=14122. If you’re a CSI member, go read it! If you’re not, shoot an e-mail to me at kristen.romonovich@ubm.com or call 212-600-3026.
This issue of the Alert considers an area of considerable challenge to many security and compliance professionals—that of achieving, proving and maintaining compliance with many regulations at once. We discuss both how to leverage unified compliance projects and how to develop your own ...
Read more..
June 25th, 2009 | By Sara Peters | No Comments »
I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. (The Working Party is an independent European advisory board on data protection and privacy.)
The report "principally is intended to provide guidance to SNS [social network service] providers on the measures that need to be in place to ensure compliance with EU law". Social network providers, both inside and outside of the EU, ought to ...
Read more..
June 23rd, 2009 | By Kristen Romonovich | 2 Comments »
CSI Members can view our Guides to Securing Social Networks for LinkedIn, Facebook and MySpace through the members-only CSI Security Resource Center. Please visit http://gocsi.com/membersonly/showArticle.jhtml?articleID=218100937&catID=14130 to read the guides, and feel free to pass them along to your end-users.
Not a member, but interested in receiving our guides and Alerts for security professionals? E-mail me at Kristen.Romonovich@ubm.com to become a member and receive instant access.
Read more..
May 20th, 2009 | By Sara Peters | 3 Comments »
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets!
Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.
Yesterday we wrapped up CSI SX, and learned about many far more exciting topics like the security challenges of Web 2.0, virtualization, cloud computing and more. Yet, at the root of nearly all the solutions to these thrilling challenges was the humble act of data classification and inventory--knowing what ...
Read more..
The CSI View
Subscribe
