Had to modify the latimes URL in the post due to a notice from Wordfence/Google I was reviewing the – er – highlights? – from the ninth ERM Symposium in Chicago over at Riskviews this morning and was intrigued by some of the parallels to the current situation in enterprise security risk management (the ERM… Continue reading
Post Category → Information Security
Behind The Mask : Supporting The New CIO Personas
This morning, @joshcorman linked to an article in the Harvard Business Review “The Conversation” blog that put forth the author’s view of The Four Personas of the Next-Genereation CIO. The term persona is very Jungian and literally refers to “masks worn by a mime”. According to Jung, the persona “enables an individual to interrelate with… Continue reading
Micropwns :: Risk Microprobabilities for Infosec?
NOTE: This is a re-post from a topic I started on the SecurityMetrics & SIRA mailing lists. Wanted to broaden the discussion to anyone not on those (and, why aren’t you on them?) I had not heard the term micromort prior to listening to David Spiegelhalter’s Do Lecture and the concept of it really stuck… Continue reading
Never A Better Time To Baseline
If you’re preparing to install Windows 7 or Windows Server 2008 R2 Service Pack 1, now would be a good time to give Microsoft’s Attack Surface Analyzer a spin. ASA takes a baseline snapshot of your system state and then lets you take another snapshot after any configuration change or product installation and displays the… Continue reading
Herding [Fire]sheep
By now, many non-IT and non-Security folk have heard of Firesheep, a tool written by @codebutler which allows anyone using Firefox on unprotected networks to capture and hjijack active sessions to popular social media sites (and other web sites). The sidebar/extension puts an attactive and easy-to-understand GUI over a process that “real” security people have… Continue reading
Securing ‘su’ with Google Authenticator
Google’s new do-it-yourself two-factor authentication (Google Authenticator) enables you to setup stronger logins on your linux system. Nick Wilkens (@nwilkens) has a good/quick tutorial up on his company’s blog for acquiring, compiling and setting up Google Authenticator for ssh sessions. NOTE: On the Ubuntu VPS I was doing testing on, I had to add the… Continue reading
For Everyone Who Thought I Was Just A Zombie
You were right…(UPDATED with PK talk appearance )
Metricon: Verification versus Validation
Speaker: Jennifer Bayuk Based on work for Stevens Institute of Technology. How do professional systems engineers work? History: Mainframe physical security (punch cards) cables to terminals network to workstations (some data moves there & on floppies) *spike in misuse & abuse modems and dedicated links to external providers/partners added midrange servers (including e-mail) added dial-back… Continue reading