I know it was you, Fredo…Intelligence is a Gangsta.
If you haven’t seen The Godfather: Part II, and you know who you are (I’m silently shakin’ my head at you), stop now – rent the movie, sit down, sit back, watch and learn something.
For the rest of you (spoiler alert!), how did Michael Corleone know that his brother, Fredo, betrayed him to Johnny Ola and Hyman Roth and was responsible for the attempted hit on his compound?
Intelligence, my friends.
Now, I’m a true intel girl, right? That’s my background. So, a few months back I’m talkin’ to some IT manager types. One guy says to me, “I don’t want to hear anything about intelligence, I already know all about it. Look, I don’t see how Targeted Threat Intelligence is going to help me. I just want you to tell me who they are (the baddies) and why they are targeting me.” Yeah, you read that right - non... read more >
Implementing a Security Desk
Last week’s post, Lobby Security and Beyond – Week 1 of 7: Getting Started and Assessing Risk, provided an overview on how to approach lobby security using a risk-based methodology (determining likelihood and impact of various threats). This week’s post covers implementation of a Security desk at your facility.
A functional security desk can be a difficult endeavor for any business and not be appropriate or required for all organizations. It can be especially difficult in multi-tenant facilities where the property owner or other tenants may already operate a security desk. We will focus strictly on the single-tenant business scenario throughout this article.
The security desk should be in an enclosed area to give the appearance of a physical barrier not just between guests and those working behind the desk, but also between the lobby and the rest of the facility.... read more >
Here's the Cliff's Notes version of this week's announcement from the OpenSSL Project:
- Information that OpenSSL is releasing patches for high severity vulnerability
- The Internet "OH NO THE INTERNET IS COMING TO AN END!"
- Patches released
- It wasn't a big deal
Here's the extended version:
Early this week, information came out that the OpenSSL Project was going to release patches for a "high severity" vulnerability, along with multiple others. Of course, at the time, there were no additional details. Cue the Internet, in usual form, expounding how this was going to be the next Heartbleed.
"Well, I've been to one world fair, a picnic, and a rodeo, and that's the stupidest thing I ever heard come over a set of earphones. You sure you got today's codes?" Major T.J. "King" Kong
The logical side, on the other hand, figured out that there isn't much we could do until there was actual information available.... read more >
Getting Started and Assessing Risk
In the past, I’ve had a tendency to write very verbose posts that end up tediously long. I can’t change that. I’m detail-oriented, and admit I’m a bit (a lot) anal retentive. For this blog, I’m going to try something new. Rather than release a 4,800-word blog, I’m going to break it out into a series of weekly posts for seven consecutive weeks. This is week one.
In an effort to expand on my previous physical security-related blogs (e.g., A Quick Physical Security Checklist, Physical Security – Is enough really too much?, and Why Not Improve Physical Security Controls at Schools?), this one will address lobby security and a few other related items.
I will not be addressing retail businesses, as each... read more >
Short URLs, like this one to our blog http://mcaf.ee/h2srz, are everywhere and seemingly unavoidable. You have likely crossed paths with a short URL and had the same feeling everyone should have: “I sure hope this isn’t malicious!” Many sites like LinkedIn and Twitter will automatically shorten URLs using their own service. You may already be aware of many of the sites that provide shortened URLs such as: bit.ly, tiny.cc, ow.ly, lnkd.in, goo.gl, t.co, y.ahoo.it, and fb.me. These vanity URLs are causing some very real problems in the security industry.
For years, we have been teaching employees [and our families] to check the URL before clicking a link. Generally we have achieved this by hovering over the URL, looking at mouseover details, viewing the source of the page, and copying/pasting the link location into a text file.
But what are we to do in this... read more >
March is finally here. It’s time to (hopefully) say “goodbye” to all the snow and “hello” to all the birds and pretty flowers, along with all the allergies they bring.
March is also a good time to do some spring cleaning. Open up your windows and air out your house. Shake out your rugs. Sweep up all that sand and other crud that the snowplow crews throw down when clearing your streets.
While you’re cleaning up and getting rid of stuff, you can also do the same thing with your information security, both at home and work. Here are a few tips on how to do it:
- When clearing out unnecessary papers from your file cabinets or wallets/purses, make sure you don’t just throw them out. Shred any documents that have your Personally Identifiable Information (PII), like your bank and credit card statements, insurance mailings and old tax returns. You can purchase a personal shredder at any Target, Wal-Mart or office supply...
Know Your Network Footprint
One of a company’s most important responsibilities is to know its network footprint. Many large corporations are compartmentalized, and different groups have different responsibilities that rarely overlap. It’s not uncommon for a company to have multiple class-C IP address ranges, along with third-party hosted websites, and not really realize they exist within the organization’s assets. Each business unit manages their part of the site or brand, and there is often very little collaboration across business units. And don't even mention uniform security standards.
When the bad guys target a company, they do so from a holistic point of view. They enumerate company subsidiaries, find all the network ranges owned and hosted by the company and tailor attacks against the weakest links.