Smart Devices are Listening More Than Ever

Bob Bybee

February 26, 2015 - Posted by Bob Bybee to Security Insight

Your TV is Watching You

“The telescreen received and transmitted simultaneously. Any sound… above the level of a very low whisper, would be picked up by it… There was of course no way of knowing whether you were being watched at any given moment.” – Nineteen Eighty-Four by George Orwell, published in 1949

“In Russia, TV watches you!” – comedian Yakov Smirnoff, circa 1984

Be very afraid. Again.

Siri, Apple’s digital assistant program for the iPhone, once had to be explicitly activated before it would listen and accept commands. But in iOS version 8, Siri can be set to an “always listen” mode.

iPhones, iPads, Android phones and Chromebooks can now be configured to listen for an “... read more >

Security Awareness and Training

Awareness is NOT Training

Branden Miller

February 24, 2015 - Posted by Branden Miller to Security Insight

Security Awareness Training

My father, a shade tree mechanic, used to say that parts left over after a rebuild just made the car more efficient. Unfortunately, many people in the business world approach their information security programs with a similar mantra. When it comes to security awareness and training, there is a gap in understanding the effectiveness of a robust program. This lack of understanding usually leads to a “let’s just be compliant” approach.

A simple understanding of terminology and some simple practices can make a compliance-driven program into a holistic and effective program.

Terminology

Awareness is NOT training. Simply put, the point of awareness is to focus attention on a particular issue in an effort to change behavior. In the real world, awareness is typically “one way.” Examples of awareness are posters that explain the importance of strong passwords, email blasts that draw the employee’s attention to a... read more >

Protecting Your Personal Information and Identity After a Breach

Be Your Own Personal Security Expert

Jacob Faires

February 19, 2015 - Posted by Jacob Faires to Security Insight

security breach

Security breaches seem to be all over the headlines these days. In the last year we've seen Anthem, JP Morgan Chase, E-bay, Target and many more have security breaches which have resulted in the disclosure of personal information to unknown groups and people.

What do you do in that situation? Call the breached company and complain? It's too late for that. You need to protect yourself and your information.

Step 1: Change your password(s)

I don't mean change your password from 'password' to 'Password1'. I don't mean take a random password and apply it to all of the websites you use. I mean, replace the password with a strong password on any site that used a password even remotely similar to the one you used with the breached entity. Hopefully you had a strong one in place to begin with. Entropy doesn't forgive you for not wanting to remember random strands of... read more >

Knowledge Is Power

What You Need to Know to Run a Successful Information Security Program

Jon-Louis Heimerl

February 17, 2015 - Posted by Jon-Louis Heimerl to Security Insight

Sun Tzu

What do you really NEED to know in order to run a successful information security program? As a professional security geek, I somehow end up in conversations like this a lot.

Throughout the ages, many smart people have uttered phrases to the effect of “knowledge is power.”

But knowledge about what?

The security of your organization is a complicated beast. And, as is true with any complicated beast, the more information you have, the better.

I think Sun Tzu stated it well in The Art of War when he said,

If you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.

If Sun Tzu is correct, while you may have the greatest advantage if you know your enemy well, you are in the greatest peril if you do not know... read more >

Don't Just Detect It...Block It

Setting Up Effective Intrusion Prevention Rules

Bryan Pluta

February 12, 2015 - Posted by Bryan Pluta to Security Insight

IPS

Martin Roesch needed something quick and easy to look at data packets as they were going across the wire. In 1998, he created Snort, a free and Open Source Network Intrusion Detection System (NIDS) and Network Intrusion Prevention System (NIPS). Snort changed information security and given us visibility of real-time traffic in, out and around the networks.

In addition to network intrusion detection and prevention systems, there are next-generation firewalls, runtime analysis platforms, and web and mail content filters. With all this technology and ability to see into a network why are we not stopping security events from happening versus just detecting them?

I understand that balancing the confidentiality, availability and integrity triad is a delicate act, but I think it's time to... read more >

The Incredibly Problematic Scourge: RANSOMWARE

Bryan Pasquale

February 10, 2015 - Posted by Bryan Pasquale to Security Insight

ransomware

By now, most everyone has heard of the malware boogeyman known as ransomware. This is a type of malware that an end-user finds on a system after clicking a link with a malicious program or Trojan horse. Ransomware makes no secret of its presence on your machine. Similar to keystroke loggers, the focus is on you and your data.

How does ransomware work?

Ransomware restricts access to an infected computer and, as the nomenclature suggests, demands a ransom payable to the program creator in order to release control of the computer back to the... read more >

Retail Needs to Take a Lesson From...Retail

Protecting Credit Card Data and Meeting PCI DSS Requirements

Brian Drexler

February 05, 2015 - Posted by Brian Drexler to Security Insight

POS

Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?

Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.

Does this look like segmentation?

Sure does.

Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?

Of course not.

This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.
Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

Tags

LATEST TWEETS