You are viewing 'security policies'
Another Wednesday, another war story. As a Senior Security Consultant here at NTT Security, I am constantly performing assessments on-site for our clients. At a recent on-site social engineering and physical security assessment, we exploited some vulnerabilities that could easily have been avoided with the right security measures in place.
Also, as many of you are aware, October is National Cyber Security Awareness Month (NCSAM). The theme for this week is STOP. THINK. CONNECT, however, I’d like to change it to fit the theme of my blog: STOP. THINK. FACT CHECK. As I’ve said in previous war stories, always ask questions and check that the person is who they say they are. And no matter how nice someone may look or act, always fact check. Use your instincts and don’t let someone with seemingly legitimate credentials fool you.Assessment Background
The... read more >
In my time here at Solutionary as a Security Consultant, I’ve had the pleasure of seeing first-hand varying levels of maturity in information security programs. I’ve seen programs that work really well and I’ve seen some that could use quite a bit of maturing. In this blog, I’m going to attempt to identify programs that work well and how their success is achieved.Compliance Focused Program
I have rarely seen a security program succeed when it is solely focused on meeting requirements enforced by some sort of compliance body. Don’t get me wrong, compliance should always be a part of a security program but should not be the main motivation for a security program. I’ve witnessed a lot of compliance driven programs that put compliance at the forefront of security decision making and fail for several reasons. Two of the most common ways these programs fail are described in detail... read more >
Linode DDoS Attack
2015 ended with a bang and 2016 appears to be starting distressed …at least as far as Linode is concerned. Linode, a cloud service provider, has been under a Distributed Denial of Service (DDoS) attack since Christmas week. The attack has negatively impacted availability of all Linode’s global data centers and has brought the Atlanta data center under such a state of siege that operations were suspended for almost two days.
So, what are the lessons we might learn from this experience?
First, the need for business continuity planning is especially important as we leverage cloud service providers in fulfillment of our service delivery objectives. When the unthinkable happens (e.g., shutdown of a service provider’s hosting operation), will the impact to subscribers be such that business reputation will be impaired? The answer is most certainly a resounding “YES.” We must consider the ability of the service provider to reallocate... read more >
How does the cloud affect cyber security?
The cloud is growing without a doubt. International Data Corporation (IDC) predicts that more than 65% of enterprise IT organizations will be involved in hybrid cloud technologies this year. More and more companies are utilizing various aspects of cloud computing to assist in their IT infrastructure, provide applications to their employees, and store important data. Since the cloud is growing so rapidly and showing no signs of slowing down, it is extremely important for organizations to consider how the security aspects of cloud computing can affect their business.
As with most areas of technology, cloud computing is outpacing security. A proactive approach to security for cloud resources, however, can mitigate future trouble and provide a safe and accessible resource for your company.
When dealing with the cloud environment there are some important factors to keep in mind. Explore... read more >
Happy New Year! Chances are if you’re reading this, you’re already aware that 2015 continued the trend of big data breaches. You could spend hours reading the many articles discussing data breaches in 2015, or quickly glance over some of the Solutionary Threat Reports for some quick information on the Anthem, Ashley Madison, Internal Revenue Service (IRS), and Hilton breaches, as well as our Security Engineering Research Team (SERT) Q2 report discussing the Office of Project Management breach.
It’s ok. This blog will still be here while you glance over any of the above. Take your time.
Done? Excellent. That’s a lot of information. More importantly, this... read more >