Mistakes People Make that Lead to Security Breaches
Technological holes account for a great number of the successful break-ins, but people do their share, as well. Here are the SANS Institute's lists of silly things people do that enable attackers to succeed.
|
|
|
|
Corporate Security Summary Template
This word template can be used to give management an overview of an organizations secuirity posture. It covers the top risks as well as mitigations for them. Ongoing security related projects, and other general security metrics.
|
|
Privacy: A Study of Attitudes and Behaviors in US, UK and EU Information Security Professionals
As technology continues to modify the ways in which information of all types is stored, analyzed and exchanged, concerns related to privacy are growing. At the same time, the very concept of privacy is highly subjective, varying culturally as well as organizationally. In this presentation some of the cultural and organizational aspects of privacy will be examined, and some Internet-related threats to privacy discussed. Then, new survey data from our study of user behavior and technical facilitators of privacy will be presented. The study focuses on users' attitudes toward privacy and their responses to some globally applicable privacy-related threats. The data show some unexpected results, which will be interpreted by application of several well- nown psychological models to the user behavior. Finally, the need for further work in the field is highlighted, and suggestions for further research provided.
|
|
Got Cyber Insurance?
Thanks to a crippling series of computer attacks in 1998, Seattle-based Viznet Inc., an online merchant exchange network service provider once valued at $1 million, is now selling off its customer lists for $50,000. The worst damage occurred when the attacker spammed Viznet's 90 merchant customers, claiming Viznet was a cover for a pedophile ring. The attacker, a former programmer at the company, knew that the wife of owner/operator Jim Vizner owned a day care center.
|
|
Security Management - The Fundamental Tradeoffs
Security administrators face some interesting tradeoffs. fundamentally, the choice to be made is between a system that is secure and usable, one that is secure and cheap, or one that is cheap and usable.
|
|
Building a Security Management Point
Keeping networked environment secure can be a very difficult task nowadays. There are many means of attack. One must always be aware of the vulnerabilities discovered most recently, not to mention the eternal activity of viewing logs and looking for suspicious traces. All this takes time and becomes worse when we are dealing with networks. Watching a single machine requires careful effort, doing the same with an entire network may take many times the effort. What we need is to increase our watching range with as little time as possible. A well implemented security environment can make the most of the security manager's time by allowing him to do carry out his/her main tasks with less effort. This article will present a way to build a security management point by using free IDS solutions.
|
|
A Holistic Approach to Securing the Enterprise
The continuance of malicious computer attacks has made security a front page topic in almost every board room and IT oversight committee. Most IT departments accept that routine updates to software operating environments are a necessary part of managing systems. It's also not hard to convince the IT professional that the protection of data assets forms the foundation of recovering from a disruptive event. But very seldom do we think of security, systems and storage management as part of a seamless and holistic approach to securing the enterprise.
|
|
Why You Should Switch to Firefox Now
Recent flaws in the way Microsoft processes common Internet image files, and a decision to offer IE updates only to Windows XP users, lead to just one logical conclusion: ditch Internet Explorer.
|
|
Information Security, The New Niche
Information is now not being stored in hardcopy format in boxes upon boxes of paper and kept in light and humidity controlled rooms somewhere beneath the earth. It is now being stored on a digital medium, with the medium being optical or magnetic. This new digital medium poses a risk because it makes the data that is held on these disks much more accessible for all the good and bad reasons. The good reasons far overwhelm the bad reasons this is why we have arrived at the digital age where everything is being stored digitally.
|
|
Protecting your Intellectual Property with DRM
Implementing a DRM service does not have to be complex or expensive to set up and administer. To a large extent that will depend upon your scale of operation. If you publish a small number of books or documents to a small number of customers you can run a system manually without any difficulty. Obviously if you are publishing several documents every week to hundreds of customers that is more complicated purely from an administrative standpoint. The DRM component need not be so complex.
|
|
Introduction to Digital Rights Management
Most people have heard of software licensing and pay per view television, but possibly not connected it with a development in technology called Digital Rights Management (DRM). To understand what DRM is trying to achieve you first of all need to understand intellectual property.
|
|
Encryption is not enough for DRM
If you examine the ordinary PDF file you will find that a large amount of control information can clearly be seen. In other words, not everything is actually encrypted. That is a weakness since there should be no reliance upon information that has not been protected. Many document protection systems have been attacked successfully using that external control information. It may also allow others to see information that you did not want to be known. So check that all your information is encrypted, and not just the visible content.
|
|
Data breaches: turn back the tide
An information security best practices primer to minimize the risks posed to business and customer information. Despite the hundreds of millions of dollars that organizations have invested in information security technology to secure their critical business-technology infrastructures, the bad news keeps breaking. In the past year, dozens of companies have had to inform their customers that the exposure of their personally-identifiable financial information had placed them at great risk of identity theft. The incidents range from fraudsters successfully establishing bogus access accounts to steal legitimate consumer information to hacked networks to lost backup tapes containing the financial information of millions of consumers.
|
|
Actions
Category Stats