Gathering, Preserving, Tracking and Storing Forensic Data

Top Ten Recommended Steps for an Incident Response

Susan Carter

September 18, 2014 - Posted by Susan Carter to Security Insight

Forensic Data

There may be an occasion when a governmental authority, or your own ISP, will contact your organization and state that one of your organization owned IPs is talking to known bad IPs.

Your first instinct is probably to stop the communication. Your second instinct may be to poke around the system(s) to figure out why there was communication to the bad IPs.

Although these are understandable steps, the poking actions could be altering artifacts that are critical to finding which and why these programs, services and processes are doing the communicating.

If your company does not have an incident response plan with a team or expertise to execute a plan, I highly recommend having at least one manager and one technical employee trained to properly gather, preserve, track and store forensic evidence.

These employees should be the very first contacted in the case of a possible ... read more >

Firewall Security

Five Recommended Steps for Protecting your Data

Bernie Lambrecht

September 16, 2014 - Posted by Bernie Lambrecht to Security Insight

Firewall Security

When you are at home, how do you protect yourself from intruders?

You likely lock your doors. You probably arm your home alarm system. You may exercise your Second Amendment right and have a firearm handy.

How do you protect the sensitive information within your company from intruders?

You probably use anti-virus and anti-malware solutions. You may have a spam filter in place to block unwanted emails. And, more than likely, you have an Intrusion Prevention System (IPS) or Intrusion Detection System (IDS).

But how secure is your firewall?

In effect, your firewall is the gateway to your environment. Having poor firewall practices can be like leaving your front door open, or locking a screen door.

To minimize the threat from intruders, here are five recommendations to improve your... read more >

Five Million Gmail Passwords Leak

Stronger Passwords Are Less Vulnerable

Bernie Lambrecht

September 11, 2014 - Posted by Bernie Lambrecht to Security Insight

password security

Another day ending in “y”; another data breach.

It almost seems like this is becoming old news. Nearly every day, we are hearing about a new data breach, whether it's credit cards or passwords.

Early reports have stated that nearly five million Gmail passwords were leaked on a Russian Bitcoin site. It's reported that some were older passwords, and as few as 100,000 may still be valid, though that is little comfort if you are one of those 100,000. 

According to the check on HaveIBeenPwned, mine was one of them. Although I have changed my password, it's still flagging it from the Adobe breach in October 2013 and ... read more >

Fear and Loathing in Information Security

The Challenges for Developing a Holistic Infosec Program

James Lopez

September 09, 2014 - Posted by James Lopez to Security Insight

Infosec

Over the years I have worked in various organizations and industries. The one thing that has stayed consistent is how employees and executives view information security (infosec).
 
Infosec is either feared or loathed.
 
Organizations where it is feared may include government or heavily regulated industries. While in others, infosec is loathed and viewed as a necessary evil, as well as a drain on resources. Unfortunately, this fear and loathing has caused organizations to overlook security for too long.

Security professionals voice concerns about business operations and stand on soap boxes preaching for the need to protect information. They conduct risk assessments and propose new security controls, but in response are told things like "we are not a bank," "no one wants our data," "security controls are too expensive," "security controls stand in the way of the business" or "encryption... read more >

Intelligence - The Godfather of All Security

And You Better Not Forget It

Cherine Abdalla

September 04, 2014 - Posted by Cherine Abdalla to Security Insight

Tell me you’ve watched “The Godfather".

If you have not watched it by now, quite frankly, I do not know what to say, other than keep that little gem to yourself. I have watched "The Godfather” and have spent many rainy and snowy Detroit weekends watching the entire saga back-to-back. There is a great deal of wisdom in this iconic piece of Americana, if you have an ear and a mind for it. A lot of it discreetly revolves around intelligence.

When you think about it, you can see there is a distinct security posture in each of the five families and intelligence collection is critical in order to make strategic, operational and tactical decisions. Above all, you never let people know what you are thinking outside of the family.

So, I’m gonna make you an offer you can’t refuse, because you need to understand this.

The words “intelligence”,... read more >

Web Searches Provide Nude Celebrity Photos AND Malware Too

Leaked Celebrity Photos are an Invasion of Privacy, Making the Internet Less Safe

Jon-Louis Heimerl

September 02, 2014 - Posted by Jon-Louis Heimerl to Security Insight

Malware

So, most people do not want to get malware on their computers, right?

Most users do not want to visit hostile sites and get compromised, get their information stolen and act as a leak into their organization’s infrastructure.

You would think so.

But since last Sunday, August 31, consider the impact that just a couple little searches are going to have on the security of the Internet.

Go Google “Jennifer Lawrence nude” and “Kate Upton nude."

Well, actually, DON'T DO THAT!

No, just don’t. Here are three good reasons those searches are not a good idea:

  1. The nude pictures were stolen. As far as we know, they...
read more >

Preparing for a PCI Assessment

The Five Biggest Documentation Pitfalls to Avoid

Olivia Rose Jenkins

August 28, 2014 - Posted by Olivia Rose Jenkins to Security Insight

Payment Card Security

Do you worry about the process of going through a PCI assessment?

If you have gone through a PCI assessment, you know that “fun” is not an adjective that adequately describes it. There are several components of a PCI assessment. One of those components is a review of the security program documentation. The success of this part of the assessment is depends on the quality of the documentation, almost as much as it does the quality of the Qualified Security Assessor (QSA).

Documentation requirements in the PCI DSS are plentiful, and you may think you have everything settled in your existing documentation. Are you surprised each assessment cycle when your QSA comes back with a lengthy list of not in place items? The documentation requirements have not changed in the PCI DSS since version 2.0 was... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

 

LATEST TWEETS