Problem Management

Why problem management is important to security

Matt Ireland

October 06, 2016 - Posted by Matt Ireland to Security Insight

Cyber Attacks

Well, it is now official; I am writing my first blog post. As the Regional Chief Information Security Officer for the Americas here at NTT Security, I felt it important to share with you a perspective that I have gained from my extensive experience with information and physical security, combined with my recent experience with the Information Technology Infrastructure Library (ITIL), and more specifically problem management. ITIL defines problem management as “The process responsible for managing the lifecycle of all problems. Problem management proactively prevents incidents from happening and minimizes the impact of incidents that cannot be prevented” (Steinberg, Rudd, Lacy, and Hanna, 2011). Well, then, what is a problem defined as? ITIL would tell us that a problem is “a cause of one or more incidents. The cause is not usually known at the time a problem record is created, and the problem management process is responsible for further investigation”... read more >

STOP. THINK. FACT CHECK.

#WarStoryWednesday

Brent White

October 05, 2016 - Posted by Brent White to Security Insight

Another Wednesday, another war story. As a Senior Security Consultant here at NTT Security, I am constantly performing assessments on-site for our clients. At a recent on-site social engineering and physical security assessment, we exploited some vulnerabilities that could easily have been avoided with the right security measures in place.

Also, as many of you are aware, October is National Cyber Security Awareness Month (NCSAM). The theme for this week is STOP. THINK. CONNECT, however, I’d like to change it to fit the theme of my blog: STOP. THINK. FACT CHECK. As I’ve said in previous war stories, always ask questions and check that the person is who they say they are. And no matter how nice someone may look or act, always fact check. Use your instincts and don’t let someone with seemingly legitimate credentials fool you.

Assessment Background

The... read more >

Happy National Cyber Security Awareness Month (NCSAM) 2016

Melinda Reinicker

October 03, 2016 - Posted by Melinda Reinicker to Security Insight

NCSAM 2016

Happy National Cyber Security Awareness Month (NCSAM) 2016! NTT Security is very excited to celebrate this year as an official NCSAM Champion. NCSAM is celebrated every October by raising awareness and ensuring safe practices online. The month is dedicated to continuing cyber education and keeping the digital world secure, which NTT Security takes very seriously with our employees and clients. NTT Security has very educational blogs discussing every day security such as social media, travel, IoT, smartphones and more. These blogs can help protect and keep your family, friends and co-workers, yourself and your devices safe online.

NCSAM is not only for personal education and... read more >

Developing a Strong Application Security Program: Part 2

The Agile Movement

Michael Born

September 29, 2016 - Posted by Michael Born to Security Insight

In my previous blog, Developing a Strong Application Security Program: Part 1, I looked at aspects of a successful application security program as it pertains to a more traditional waterfall Software Development Life Cycle (SDLC). In part two of this series, I’ll focus more on an agile-based SDLC and options for implementing a successful application security program.

Let’s briefly describe some of the differences between a traditional waterfall SDLC and agile SDLC. In a waterfall SDLC, there are clear project objectives through each phase of development. Typically, each project consists of several phases: planning, design, coding, and finally testing. Security teams are injected into the phases and should have sign-off authority on each phase before the project continues to the next. I detailed security’s role in this... read more >

Information Security Game Plan

Is your information security program ready to go pro?

Jeremy Nichols

September 22, 2016 - Posted by Jeremy Nichols to Security Insight

Football

It is officially the start of my favorite time of the year: football season. College and NFL seasons are kicking off in September, which means the next 20 or so weekends will be filled with football.

So why am I talking about football? In the blog today, I’ll be comparing a common framework, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, to my favorite sport, football. Using comparisons when talking about security can be a powerful tool in helping to break down complex topics and make a technical problem easy to understand.

For a little background, below is a brief description of the NIST Cybersecurity Framework, from their website:

Created through collaboration between industry and government, the voluntary Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible,... read more >

Decoding a VBA Macro Downloader

Jacob Faires

September 20, 2016 - Posted by Jacob Faires to Security Insight

Phishing Email

Recently, NTT Security discovered a phishing email containing malware. The email had a Microsoft Word document attached with a malicious embedded macro. Macros are an effective infection vector and have been steadily gaining popularity in the last several years. Microsoft Office macros are a series of instructions run together as a single command. Microsoft extended macro capabilities to include Visual Basic for Applications (VBA) run inside of a Microsoft Office application (Access, Word, Outlook, Excel, and Power Point). The takeaway is that macros could be, and probably are, malicious code when coming from an unknown source.

The Document

Below in figure 1 is a screen shot of the document we discovered embedded in the email. As you can see, the document is well formatted, and looks very legitimate. It also gives step-by-step instructions, requesting the user to enable content so the... read more >

Pokémon Oh-No

When “catch them all” isn’t just Pokémon Go’s catch phrase

Chris Schwartz

September 15, 2016 - Posted by Chris Schwartz to Security Insight

Pokémon Go

Let me start off by saying that I have not played a Pokémon game since Pokémon Snap back in ‘99. When I heard there was going to be an augmented reality Pokémon game for mobile, my inner child fanboyed. I made sure to download it as soon as it hit the app store, and had the fever to “catch them all.” I quickly found out, however, that Pokémon were not the only thing people were catching.

The best way to catch a Pokémon is to go out to a public area. The game shows you a virtual map of the area (it’s connected to Google maps, so is a real map). As you explore, Pokémon “spawn,” or show up, on the app for you to catch. The first place that popped into my mind as a good place to catch Pokémon was the park. So I packed up my stuff, got my daughter ready to go, and off we went.

I started to catch Pokémon, and even gave my daughter a few tries. With both of us using the app, we... read more >

<< Newer Entries | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS