As the rise in security becomes a concern for most businesses, the security industry is also in demand for talented individuals who know how to protect data. The security architect is a bit different than other security professionals, because this opportunity involves crafting the way hardware and software is […]
Information assurance employees work with tons of data, so if you like to work with databases and big data, this job is for you. An information assurance person is a bit different than a database administrator or DBA. An information assurance employee defines the standards that protect the data […]
The role of a chief security officer is one that combines management with a deep understanding of information technology and data protection. A chief security officer usually has years of experience in the field, and he can manage standards that dictate how data is secured, transformed, stored, and transferred. […]
By: Philip Nowak
The evolutionary approach to IT security seems to be the most natural and efficient way to resist cyber-attacks. The Red Queen Effect describes the relationship between the attacker and the defender – the never-ending story of cyber battles, but can we minimize the ‘mean time to know’ […]
By: Jonathan Sander, Strategy and Research Officer, STEALTHBITS Technologies
If you are like me, there are many things you can check off your to-do list every day. However, if you are really like me, then there are some things which seem to lurk on the outside of your productive daily […]
Information security (IS) is a critical part of any small scale company and a big enterprise, and a challenge for any firm. Information security involves very confidential, important assets and other business process. It also includes private financial documents and other information of each and every employee within the […]
Over the last six months the name Edward Snowden has been appearing in the news on an almost daily basis. He has appeared in articles about the US government, the National Security Agency and the CIA and reports have even suggested that he has received death threats from senior […]
Application Whitelisting is a technology that has been in use in the security world for quite a long time. For those who may not already be familiar with AWL, it is, as the name would imply, the opposite approach to blacklisting. Everyone is definitely familiar with blacklisting, because it […]
By now, the risks associated with phishing are well-known and well-documented. What is often misunderstood or overlooked is a hidden threat related to phishing.Brief BackgroundThere are various forms of phishing, but each form has a similar objective: to elicit information from an unsuspecting victim (refer to this article for […]
A social engineering assessment is a very valuable tool in understanding the security exposure of most organizations. Since human beings tend to be the weakest link in any security strategy, this work can quickly identify which areas need to be addressed in the timeliest fashion. Another factor that needs […]
(or “Why PCI-DSS-Compliant Passwords Aren’t Enough” or “PCI-DSS-Compliant Password Analysis Reveals One-Quarter Still Trivially Compromisable”)
Thanks to PCI-DSS requirements and other security standards that specify a minimum length and strength of password, most sysadmins now have the awareness and patience necessary to set up a basic password policy. However, many […]
This article will briefly discuss the host-based intrusion detection system (HIDS) and an abstract approach that can be used to design an application firewall.
As per OSSEC, HIDS is an application-level firewall that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response. This is […]
In this article we’ll present the open source host-based intrusion detection system, which is needed if we would like to detect host-based attacks on our computer. First of all, we should emphasize that OSSEC is supported on most platforms including Linux, MAC, Windows, Solaris, HP-UX, ESX, etc and is […]
It is hard to accept that nowadays, organizations get along without having an astute and decisive information system. Providing a reliable and coherence information system requires a solid security framework that ensures confidentiality, integrity, availability, and authenticity of the critical organizational assets.
Information Security Management System (ISMS) defines to setup […]
Welcome back to my continuing series of articles on Snort rule writing.
My first couple of installments in this series addressed some very simple rules in order to lay down a conceptual framework for the development of more complex rules. See Part 1 and Part 2.
In this article, we will […]
A patent is defined as an exclusive right or rights provided by a government to an inventor for a certain period of time in exchange for the public disclosure of an invention. A software patent is a patent for an invention involving software. The extent to which software […]
Welcome back to my series on Snort rule writing.
In my first installment, we covered the basic syntax of a simple rule. We established the fundamental framework for all Snort rules by laying a simple template. This template breaks the rule into two basic components, (1) the rule header and […]
History, wrote Norman Cousins, is a vast early warning system. When faced with a security difficulty, it can help us to reach back and to remember how impossible it seemed the first time something similar came up. In this piece, I want to take a look at an early […]
Snort–the open source intrusion detection and prevention (IDS/IPS) system—for over a decade now has proven its value and efficacy and is ranked among the best IDS/IPS systems on the planet now. Snort installations can be found on every continent and in nearly every nation. It has been deployed by […]
Everything we do in the Internet leaves digital fingerprints. Therefore, it is only logical that many web users are worried about the issue of privacy. Their worry is not without reason. Because privacy laws differ from country to country, a company is not legally obligated to ensure that the […]