15 steps for a successful implementation
Implementing an ISO 27001, and subsequently ISO 27002 Information Security Management System (ISMS) is no small feat. It is a daunting task, disruptive to your organization and can also upset employees with necessary changes. How can your organization effectively implement a robust and successful security program?
The first step in determining whether your organization is ready for an ISMS is to ask, how will we benefit from this? Security professionals often overlook this step, but it is critical and can really encourage management's support of the program. It is not financially viable to pursue something that will not at some point increase the bottom line. Discuss whether your organization will retain or acquire customers based on the strength of the security program. Your organization may also experience a competitive market advantage or improve its reputation after implementation. Furthermore, not implementing a program could cause your organization to lose revenue,... read more >
Working from a strong foundation is the key to a successful security program
When a major security vulnerability is disclosed, everyone stops what they are doing and takes notice, especially when that vulnerability comes with its own logo. Now don’t get me wrong, newly disclosed vulnerabilities are important. They provide exciting opportunities for researchers and they do, if only temporarily, focus management’s attention on the often overlooked information security.
Don’t worry, this isn’t another blog about the pros and cons of vulnerability hype. Instead, I’d like to focus on the importance of keeping one eye on the basics, while the other is scrolling through the Twitter feed for the next upcoming disclosure. Because all too often, it is not the latest security vulnerability, but a failure to properly secure and deploy systems that is the root cause of a costly network breach.
Below are several recommendations to help keep your network more secure, and your company safe from new vulnerabilities (or old... read more >
ImageGate allows Ransomware Infection
With so many users accessing Facebook within corporate networks, it is imperative that your security team be up to date on current threats involving social media. A well-known piece of malware, Locky Ransomware, is spreading via Facebook Messenger by pretending to be a harmless image file. Since many companies allow employees to access Facebook, this presents a potentially massive hole in security programs.
The initial reports on this piece of ransomware show a commonality among the type of infection vector and approach used by the attackers. First, the user receives an instant message containing only an image file, or what appears to be an image file. It is usually titled generically with a .svg extension. A .svg (Scalable Vector Graphics) is an XML-based vector image, which is formatted for two dimensional graphics and support for animation and interactivity. These image files can be created and edited with any text... read more >
You’re a Mean One, Mr. Grinch
It’s that time of year again where the days grow shorter, the wind starts picking up, and the temperatures start dropping (and if you’re one of my neighbors, it also means swapping your Halloween decorations for Christmas lights. But I digress). The holiday season is just around the corner, and so are opportunities to ruin your holiday cheer. With a little caution, you can save yourself from a big headache. Below are my top tips on how to stay safe this holiday season:
Virtual credit cards – If you’re tech-savvy enough to be reading this blog, there’s a good chance you’re familiar with online shopping. Many credit cards come with an option to generate a short-term virtual credit card number associated with your main account. While we would all like to believe our information is safe with big name companies,...
How to use DNS logs
Over the last several months, there has been a lot of interest about Domain Name System (DNS) logging and what can be done with DNS logs. I discussed parts of this topic in my last blog, Finding the Culprit, and will continue to expand on some of those ideas. Many people ask if ActiveGuard® supports DNS logging. While it is not supported at this moment in time, there is a larger discussion to have around the topic.
This larger discussion starts with the number of logs produced by DNS servers. Let’s say an organization of 15,000 employees decides to log all the requests and responses for DNS. This organization would produce approximately 100 logs per second, or 8.6M logs a day. On average, these logs are 750bytes in size, so we will need 6GB per day uncompressed to store these logs. This is not too bad of a number, but you have to remember how your log collection capability... read more >
Three ways to protect yourself
If you keep up with security news then you have probably heard about atom bombing. Atom bombing is the latest way for attackers to inject malicious code into nearly any Windows operating system and it uses an inherent Windows mechanism known as “atom tables.” The jury is still out on just how dangerous this technique is, but anything that would allow an attacker to run malicious code on your machine should be considered a bad thing.
Atom tables are system-defined tables that store strings and corresponding identifiers. Windows uses these tables for a variety of purposes, everything from Dynamic Data Exchange (DDE) to applications. If you are interested in learning more about atom tables, you can go to https://msdn.microsoft.com/en-us/library/windows/desktop/ms649053(v=vs.85).aspx for more details.
For the purposes of this blog, I am... read more >
Hack the vote blog series: part 3
We reiterate that there have been no known malicious attacks against voting machines actively being used in an election in the United States. This doesn’t mean that such attacks aren’t possible, but simply that it hasn’t happened yet (or if it has happened nobody has noticed). Still, we should take the attacks against political parties and the voter rolls as a warning that somebody is interested in affecting U.S. elections.
As long as electronic voting machines have been around there have been security researchers finding vulnerabilities in them including one disclosed yesterday, the day before the election. The primary concern is that with the move to electronic voting systems the votes and even the ballots themselves are just bits in a database that can be easily flipped. It has become much more feasible for a malicious actor to have a large impact than in the days of paper ballots. While these technical vulnerabilities are a threat and should be... read more >