Context Aware Security: Is It Time for Your Organization to Implement this Approach in Protecting Its Assets?

Has your organization adopted a “context aware” IT security model?  Perhaps, it has adopted a single password model of IT security approach ---and, if it has done so, then as members of your organization’s information and network security team, it is your responsibility to at least consider the benefits of moving beyond an IT security equivalent of “putting all your eggs in one basket” to an IT security model smart enough to add context to a security event. As Leon Ward states in a recently posted article, “…..context aware security is the use of situational information (such as identity, … [Read more...]

Wireless Network Security Tested in a Unique Way

Wireless network security levels were tested recently in Edinburgh Scotland by a cyclist who “war-biked” around the capital trying to find unsecured wireless networks which could be exploited by hackers. Security expert James Lyne utilized a bike equipped with dynamos and solar panels to power a computer which scans for wireless networks which have no or poor security. As our readers well know, hackers can join wireless networks and then become totally capable of directly attacking those computers and other devices to steal money or information. They can also track which websites you … [Read more...]

NIST Offers Free Download of SP 800-53, Rev 4

The National Institute of Standards and Technology (NIST) has now made available the Final Release of SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations – representing the most comprehensive update to the security controls catalog since its inception in 2005. This update was motivated primarily by the expanding occurrences of cyber security threats – looking at the increased sophistication of those cyber-attacks; the growing frequency of such attacks; the professionalism of the attackers, and the persistence of targeting by … [Read more...]

Cyber Attacks and Critical Infrastructure Protection

If your company is classified as a critical infrastructure facility, and, your disaster preparedness team is looking for updates on the status of cyber attack threats against industrial control systems, our staff recommends adding a copy of a recent report entitled “Malware Infections in the Control Environment " (ICS-CERT, December 2012)  to your company’s cybersecurity threats related reading resource library. This Department of Homeland Security (DHS) report revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with … [Read more...]

Security Snafus — The Worst of 2012 So Far…

As portrayed at a recent protest in central Brussels via a photo credited to REUTERS / Yves Herman depicts a protester wearing a Guy Fawkes mask (symbolic of the hactivist group Anonymous), the first six (6) months of 2012 ranged from the embarrassing hack of a conversation between the FBI and Scotland Yard to an overabundance of data breaches. (Click here to view more details).  Click here to view those security snafus for the rest of the year. Ellen Messmer, a writer for Network World, has recently posted a gathering of the worst security snafus organized by month of 2012 inclusive … [Read more...]

BYOD – Attend Webinar to Build a Business Case of Support

The risks associated with employees now bringing their own smartphones, tablets and mobile storage devices to the job remain a topic on the minds of every information security professional in nearly all organizations. While much has been and will continue to be written on this topic, risk management strategies by many CISO’s are still too often trying to develop defenses that reject this trend rather than trying to find ways to embrace this trend as a means to cut costs and improve productivity. In an exclusive case study now being offered in a webinar format, Intel CISO Malcolm Harkins … [Read more...]

NIST Releases New Access-Control Systems Evaluation Guidance Document

The National Institute of Standards and Technology (NIST) has released an inter agency report (NISTIR 7874) entitled, “Guidelines for Access-Control Systems Evaluation Metrics”, and which report objective is to help access control experts improve their evaluation of the highest security access-control systems by discussing the administration, enforcement, performance and support properties of mechanisms that are embedded in each access-control system. This new report extends the information in NISTIR 7316, "Assessment of Access Control Systems", which demonstrates the fundamental concepts … [Read more...]

Free Webcast Offered on Strategic Directions for Network Security 2012

As part of the SC Magazine’s on going webcast series – SC Magazine 20/20 -- a free (registration required) webcast will be offered Tuesday, May 22nd at 2:00 PM EST / 11:00 am PST.  The title of this webinar is “Beyond the Next Generation Hype: Strategic Directions for Network Security”. As networks grow more complex, the process of securing and managing endpoints, applications and confidential information has become a stiffer challenge than ever before. The attackers know most organizations are like Swiss cheese when it comes to finding a way in and then exporting out sensitive data. The … [Read more...]

Security Central Exchange Launched to Bring Security Minded People Together to Improve Their Security Posture

The distinguishing lines and points of differences between physical and technical or network security are becoming harder to find – in fact, the convergence of these areas of security disciplines has been happening at an accelerated rate for nearly ten years. And, given the escalation of threats facing many companies today, there is a strong belief that this continued convergence of security disciplines may in fact be causing potentially new challenges for businesses, consumers and the “average person” having to respond to such security related  risks or threats in a timely manner. The … [Read more...]

ENISA “Procure Secure” Report Offers Guidance on Cloud Service Provider Decisions

The European Network and Information Security Agency (ENISA) has recently released a new guidance report entitled “Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts” which should be a valuable reading resource for all information and/or network security and risk management team members. Marnix Dekker, who co-authored the report states, "Organizations have started switching from running systems internally to outsourcing and using cloud services. So the skills and focus of IT staff have to change."  This guidance document is full of valuable information to … [Read more...]