User Blogs

User Blogs

Discussions and Blogs
Tags >> IT Security
May 24
2012

IT Security: Preventing Insider Threat

Posted by Robert Siciliano in IT Security , Insider Threat

Robert Siciliano

A “Logic Bomb” isn’t really logical, it’s a virus, designed to take down your corporate network and disable existing systems that may monitor data, protect it, back it up or access it. A logic bomb is designed to multiply like any virus and spread throughout a network multiplying its effects.

Mar 23
2012

Don’t Let Location-Based Services Put You in Danger

Posted by Robert Siciliano in IT Security

Robert Siciliano

Location-based services utilize geo-location information to publish your whereabouts. In some cases, these services can also provide discounts or freebies as a reward for “checking in” at participating businesses and gathering “points.” These services can also be used to share photos and other media in real-time with your friends and followers.

Jan 18
2012

Security Beyond the Desktop

Posted by Robert Siciliano in IT Security

Robert Siciliano

A defensive posture no longer suffices for the protection of the devices and data that have become ubiquitous in today’s digital world. Rather than simply rushing to install defenses on computers, in networks, and in the cloud, we urgently need to step back and take a broader view of the security landscape, in order to take more calculated preemptive measures.

Oct 18
2011

Consumers Need to Rethink IT Security and Safety

Posted by Robert Siciliano in Mobile Devices , IT Security

Robert Siciliano

Hackers and crackers and data breaches! Oh my! Confused? Overwhelmed? Don’t care? You should, and there’s help.

Aug 10
2011

Improving the IT & Security Industry - A Top-Down Effort

Posted by Don Eijndhoven in IT Security

Don Eijndhoven

The ever ongoing debate about quality IT staff once again received a nudge, this time by an article of J.Oquendo. In his article he takes another brutally honest stab at the Industry by pointing out that the new Shady RAT attacks aren't that new and would have been easily caught by capable personnel. I agree with that view very strongly and would also like to point out that Shady RAT is really no different than Night Dragon in that both attack waves used techniques that have been known for a decade or more. Oviously someone is asleep at the wheel, but who?

Aug 03
2011

FFIEC Mandates “System Of Layered Security” to Combat Fraud

Posted by Robert Siciliano in IT Security , Fraud , FFIEC , Federal Government

Robert Siciliano

For any cave-dwelling, living-under-a-rock, head-in-the-sand, naïve, under-informed members of society who aren’t paying attention, we have serious cyber-security issues on our hands.

Black hat hackers, who break into networks to steal for financial gain, are wreaking havoc on banks, retailers, online gaming websites, and social media. Black hats cost these companies and their clients billions of dollars every year. They are using stolen usernames and passwords to transfer money through wire transfers, Automated Clearing House (ACH) and through billing fraud.

Jul 19
2011

Social Networking Security Awareness

Posted by Robert Siciliano in Social Media , IT Security

Robert Siciliano

One in five online consumers has been a victim of cybercrime in the past two years. Social networking is a direct link to the problem. While social networks allow you to keep in touch with family and friends, there are issues to be concerned about.

Jun 03
2011

Security Awareness and Why Things Aren't Improving

Posted by Don Eijndhoven in IT Security

Don Eijndhoven

Earlier this week news broke of Google's interruption of a large-scale phishing expedition, which alluded to some state involvement of China. This inspired a host of experts to write about it and J Oquendo's article on InfoSecIsland inspired me to write mine. In his article mr. Oquendo asserts that its remarkable (read: stupid) that US officials still seem to be using commercial email services such as GMail for exchange of security sensitive and sometimes mission-critical information, instead of using the available high-security services offered by the US Government that they should be using. In this day and age, with a nearly constant barrage of security breaches in the news, people don't seem to be getting any more aware of security issues.

May 11
2011

Top 5 Business Security Risks

Posted by Robert Siciliano in Risk Management , IT Security , Data Backup

Robert Siciliano

1. Data Breaches: Businesses suffer most often from data breaches, making up 35% of total breaches. Medical and healthcare services are also frequent targets, accounting for 29.1% of breaches. Government and military make up 16.2%, banking, credit, and financial services account for 10.5%, and 9.2% of breaches occur in educational institutes.

Apr 15
2011

Study Shows Single Software Security Incidents Costs Average $300,000

Posted by Robert Siciliano in IT Security , HP , Aberdeen Group

Robert Siciliano

A recent study of more than 150 organizations conducted by Aberdeen Group(1) found that the average total cost to remediate a single application security incident is approximately $300,000. As security incidents can happen at any point in the application life cycle, modernization initiatives can prove especially costly if they are not proactively secured from development to operations.

Apr 14
2011

Epsilon Breach Will Impact Consumers for Years

Posted by Robert Siciliano in IT Security , Epsilon

Robert Siciliano

This week consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton HHonors and others, letting them know that their e-mail addresses have been exposed due to the recent Epsilon data breach.  This provides a perfect opportunity for cybercriminals, who may try to take advantage of the breach to send out phishing e-mails designed to steal user names and passwords.  Since consumers are receiving legitimate e-mails, they may be less suspicious of the phishing  or spear phishing ones.

Mar 27
2011

Cyber Deterrence - Methods & Effectiveness

Posted by Don Eijndhoven in IT Security

Don Eijndhoven

The term "Cyber Deterrence" is gaining traction lately, with regard to the act of deterring cyber attacks. I've seen at least one author (Richard Clarke) use it in his book about Cyber Warfare. In many cases the proponents of this term invoke existing Deterrence Strategies such as the MAD doctrine that was used to prevent Nuclear weapons during the Cold War, and use it as a model on Cyber Warfare.

  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  Next 
  •  End 
  • »

Subscribe via Email

 Your Email:
Banner

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps ATM Skimming Audit Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches BS 25999 burglar burglary Business Continuity BYOD change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer IT Tips contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud Cross-Device Security Cyber gangs cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersecurity cyberwise data Data Backup Data Breaches data security Data Storage DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport EMV Endpoint Security entity theft Epsilon ERM ESI Ethics Events Facebook FCC FCPA FDIC Federal Government FFIEC Financial Crisis firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs Hackers Hackproof Hacktivism holidays home invasion home security Hotspot HP IAM iCloud id ID Theft Identity theft Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety iOS app iovation IP address iphone iPhone security ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger laptop security Litigation Malware marathon mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog Network Security New Years NFC NFC app Online Backup Online Banking online dating online gaming online identity online privacy online safety Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport passwords PCI Performance Management personal data personal device Personal Security pheasting phishing Policy predator Privacy Prize Draw QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media social network Social Security SOX spammers spokesman Spyware SSDs Standards strangers Strategy tablets tax scams Tech tech support technology Threat Management Tokenization TQM Twitter typosquatting Virus VPN wallet web Webcast Q&A Wi-Fi WIFI WiFi password wireless