Businesses in all industries often need to provide their employees with a way to access their internal networks when they’re away from the office. Such functionality is especially important when employees travel for business, and to assure continuity if a disaster strikes a work site. Remote access is also […]
ActiveX is a framework created by Microsoft to extend the functionality of the Component Object Model (COM) and Object Linking Embedding (OLE) and apply it to content downloaded from networks.
It was first created in 1996 and is predominantly used in Windows Based Operating systems; ActiveX clients must run on […]
As chief information security officer, you’re constantly being pressed to communicate how you’re enabling the business, balancing security risk with business demands, and continuously improving security—not to mention reducing costs, becoming more efficient, and demonstrating return on investments.
If you delve into complex security topics and use jargon foreign to […]
1. Definition & Intro
Information Security Policy /ISP/ is a set or rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its […]
HeartBleed … the Internet encryption earthquake
The first serious earthquake in the encryption world is the disclosure of the Heartbleed vulnerability (CVE-2014-0160), a serious flaw in the popular OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.
One month later, security […]
I remember the eager anticipation that led to the turn of century. All throughout 1999, all I ever saw or heard in the media was millenium this, millenium that. Sure, the Gregorian calendar is a completely human invention. But it has a strong social impact on our lives. Many […]
Unmanned Aerial Vehicles (UAVs) are one of the most flexible and useful solutions adopted by the military and private industries. Drones could be used in commercial contexts as in high critical environments, and the production of even more sophisticated models is expanding their possibilities of use. UAVs are considered […]
Email retention policies are no longer just about conserving space on your Exchange server. Today you must take into account how your email retention controls increase or decrease risk to your company.
Pros and Cons of Short and Long Email Retention Policies
Generally speaking, longer email retention policies increase the risk […]
The security community is observing a sensible increase of botnet activities, in particular of cloud-hosted botnets that are mainly based on the Amazon cloud architecture.
Amazon isn’t the only provider that’s been abused by cybercrime. “Cheap hosting” providers represent a privileged choice for bad actors because they usually implement a […]
DOS/DDOS stands for Denial of Service/Distributed Denial of Service. DOS or DDOS is a type of attack in which a machine or a network resource is unavailable to its intended users. This is one of the most commonly known and frequently encountered attacks these days due to the availability […]
Risk reduction is often associated with prevention only. Effective security, however, also needs detection and response. Those three (prevention, detection, response) are the fundamental pieces of the process oriented approach to IT security, which allows us to effectively reduce the risk and is the subject of this article.
Windows 7 is an Operating System developed and released by Microsoft in 2009. It was designed to be a successor to the Windows Vista range of operating systems. Windows 7 builds upon the features and design philosophies of Windows Vista and adds several enhancements along the way.
Windows 7 primarily […]
1. Preface: Cyberbullying and Digital Natives
Dr. Sameer Hinduja and Dr. Justin Patchin at the Cyberbullying Research Center define cyberbullying as “wilful and repeated harm inflicted through the use of computers, cell phones and other electrical devices,” and it is especially popular among teenagers. Cyberstalking and cyberharassment are forms of […]
This article introduces two types of risk analysis (quantitative, qualitative) and presents how to perform qualitative risk analysis with the DREAD model .
2. Quantitative vs. Qualitative Risk Analysis
Quantitative risk analysis is […]
By now, everybody who hasn’t been living under a rock since April 7th this year has heard of Heartbleed. Most know that it is a devastating blow to security which can lead to the loss of a wealth of sensitive information from affected servers and that vulnerable machines were […]
With rising trends and forms of attacks, most organizations today deploy a Security Incident and Event Management (SIEM) solution as a proactive measure for threat management, to get a centralized view of their organization’s security posture and for advanced reporting of security incidents. This article discuss the use cases […]
2013 may be remembered as the “year of the retailer breach”. This statement was reported in the last Verizon Data Breach Investigation Report 2014, and reminds us that last year was considered by security experts as one of the worst years due the impressive number of data breaches […]
In today’s electronic world where everything is done online, “trust” is hard to come by. Conversations can be snooped on, credit card numbers can be stolen, identities can be exchanged and unseen eyes are everywhere. Imagine business emails being maliciously read by competitors, company’s proposals being leaked and even […]
Have you ever stopped to consider the sensitivity and potential value of the information you have distributed using the many widely available file sharing websites?
These types of sites have seen considerable uptake in recent years, as users struggle to share large files whilst battling standard email file size and […]
Portspoof is meant to be a lightweight, fast, portable, and secure addition to any firewall system or security system. The general goal of the program is to make the information-gathering phase slow and bothersome for your attackers as much as possible. This is quite a change to the standard […]