Vulnerability Assessment, Penetration Testing and Red Teams Explained

Posted by:

Confused about vulnerability testing and penetration tests and Red teams? I’m not surprised one bit.

These days, a growing number of information security experts use these terms interchangeably, as though they refer to the same thing. Whether it is due to apathy or a clear lack of understanding of the differences between these activities, security service providers are only confusing the matter by not informing their customers of what they get with each of these services. ...

Read More →
0

Meet CIS RAM: the new balanced infosecurity framework

Posted by:

Applications, devices, technology and service provisioning are the bread and butter of IT, but any information security professional knows that risk management is equally important.

There is no point in an IT advisor implementing a service if it poses too much risk to the organization. This is why, for example, many companies prevent  access to social media sites – the benefits of access does not outweigh the risk.

Information Security professionals  have a duty ...

Read More →
0

What is an information security framework and why do I need one?

Posted by:

An information security framework, when done properly, will allow any security leader to more intelligently manage their organizations cyber risk.

The framework consists of a number of documents that clearly define the adopted policies, procedures, and processes by which your organisation abides.  It effectively explains to all parties (internal, tangential and external) how information, systems and services are managed within your organisation.

The main point of having an information security framework in place is ...

Read More →
0

Blockchain: Can it secure the Internet?

Posted by:

The recent Bitcoin bubble thrust the concept of cryptocurrencies firmly into the public consciousness. But attention quickly shifted away from Bitcoin itself – just one of a huge range of crypto-powered digital currencies, after all – and onto the technology that underpins it: the blockchain.

Blockchain has been the focus of huge amounts of research and development for at least a few years now, but it’s only really in the last six months or so that ...

Read More →
0

Convincing executive stakeholders that even the tiniest cyber-incident can lead to big disasters.

Posted by:

We published an article recently about how many senior information security professionals, be they CISOs or CIOs, are worried about their systems being vulnerable to breach. One of the main problems is getting senior stakeholders, like the Board or the executive management team, to buy into your information security strategy. We shared a few approaches on how to address this ubiquitous problem.

Achieving executive buy-in on information security policies is much more difficult than ...

Read More →
0

Cybersecurity budget: CISO advice for getting your Board of Directors to take notice

Posted by:

There are many CISOs and CSOs out there hiding their proverbial sweaty palms.

They’re stressed out, worried that it is just a matter of time before their network gets caught up in some embarrassing data debacle – perhaps it will be ransomware, or a targeted attack or an insider leak.

And they know they will then truly be in the hot seat.

Thing is, for many, it is a fingers-crossed game, because ...

Read More →
1

What to do with the last of your 2017 cyber security budget?

Posted by:

Late in the financial year, it can difficult to figure out the best way to spend what’s left over in the information security budget.

No one wants to leave money on the table, especially when it could significantly reduce your exposure to cyber risk. The problem is that for any experienced IT security lead, you know there are thousands of ways that money could be spent: training, new security software, hardware upgrades, policy or system reviews, etc

Any of ...

Read More →
0

Getting ahead of a new breed of Ransomware

Posted by:

We typically understand a ransomware attack to be a demand for payment in return for decrypting files. But evolution, even in malware, is inevitable. A fairly new disruptive cyber cell known as The Dark Overlord is relying on the threat of reputation damage to “encourage” its victims to pay up.

You might be thinking that reputation damage wouldn’t be enough to make your firm shake in its boots, but you’d be wrong. These Dark Overlord cyberbullies use nasty tactics ...

Read More →
0

Lessons learned from the Equifax Breach – Part 2

Posted by:

Here is Part 2 of Lessons learned from the Equifax Breach. See Part 1.

Own up, make changes and say sorry:

According to Whois, Equifax registered their Equifax Security 2017 site (would Equifax insecurity have been a better name I wonder?) in late August. Incidentally, this is a month *after* they claim to have witnessed suspicious network traffic associated with their US online dispute portal.  

Yet they only informed the world via ...

Read More →
1

Lessons learned from the Equifax Breach – Part 1

Posted by:

First, Props to @briankrebs for the evil Equifax logo. 

While those unaffected by the Equifax breach have been stuffing their faces with proverbial popcorn as they watch the latest unveilings and press announcements, those worried that their most sensitive and identifying details have been leaked simply look on in horror, unknowing how to proceed.

The exact details of how the hackers made off with so much data remain fairly obscure. Equifax has

Read More →
1
Page 1 of 4 1234
})
SEC Cybersecurity Exams