Information Security Today is brought to you by Auerbach Publications


IT Management


Risk Management

Business Continuity and Disaster Recovery Planning


Operations and Data Center

Networking and Telecommunications

Project Management

IT Performance Improvement


Auerbach Information Management Service

Editorial Calendar


Contributor Guidelines

Contact Editor


New Books

The Complete Guide for CPP Examination Preparation, 2nd Edition by Anthony V. DiSalvatore; ISBN 978-1-4987-0522-6
Business Continuity Planning: A Project Management Approach by Ralph L. Kliem; ISBN 978-1-4822-5178-4
Touchless Fingerprint Biometrics; ISBN 978-1-4987-0761-9
Introduction to Communications Technologies: A Guide for Non-Engineers, Third Edition; ISBN 978-1-4987-0293-5
The U.S. Domestic Intelligence Enterprise: History, Development, and Operations by Darren E. Tromblay; ISBN 978-1-4822-4773-2
Expert Witnessing and Scientific Testimony: A Guidebook, Second Edition; ISBN 978-1-4987-2106-6

Click on a book cover for more information or to order.
SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--at checkout.

Cybercrime as a Business—Part 3: The Evolution of the Arms Race
Part 2 talked about the criminal lifestyle of the computer as it got infected (from MalSpam, to exploit, to Trojan, to ransom), and how you, an "involuntary contribution associate" would enrich various criminals. Initially, things were simpler. Electronic banking was so easy, it was just a username and password and nothing else. But then banks started to get worried because it was too simple. Today they're using two factor authentication and SMS messaging verification with mobile phones, but this hasn't stopped the criminals because they are able to infect your phone as well. Part 3 discusses the evolution of the arms race.

Cybercrime as a Business—Part 2
Part 1 talked about using the cloud for business the criminal way, the benefits of the cloud, and how everything that applies to a regular business in the cloud also applies to the criminal business in the cloud, using examples of and Part 2 talks about the scheme, or the step-by-step process, that your computer goes through when it gets infected by things like Trojans and ransomware and what you can do to avoid that.

Avoiding the High Cost of Ambiguous Decisions
Truly bad decisions are made every day, often because the decision-making process is murky, and needed conversations are rushed. What is a better approach to facilitating group decisions? Joining Nancy M. Settle-Murphy, the author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, in writing this Communiqué is her friend and colleague Rick Lent, president of Meeting for Results. Although the concepts can be applied to any kind of meeting, we offer tips for those who lead virtual meetings, where you lose vital visual cues.

Cybercrime as a Business—Part 1
Criminals are business people too and just as the Internet and related technologies such as cloud computing have revolutionized traditional business models and created new opportunities, so they have for the criminal business. This three-part series discusses the ways that criminals use the Internet to more efficiently steal money from the rest of us. It also touches upon what happens when you become an involuntary contribution association, as well as provides examples of how the arms race between criminals and those defending them has evolved. People have gotten a little bit smarter about stopping these things, but so have the attackers.

Facial Recognition Technology: Commercial Uses, Privacy Issues, and Applicable Federal Law
Facial recognition technology, which can verify or identify an individual from a facial image, has rapidly improved in performance and now can surpass human performance in some cases. The Department of Commerce has convened stakeholders to review privacy issues related to commercial use of this technology, which GAO was also asked to examine.

The Ripple Effect of Identity Theft
As a society, we hear about data breaches all the time, but we rarely hear about what happens to the stolen data afterwards. We may not think much of losing one username and password combo or having to cancel a credit card, but each piece of data doesn't just disappear. It gets collected and combined into the tool of choice for today's fraudsters; one that is so difficult to overcome that we've had to rebuild how we do internet security. This article discusses the ripple effect of identity theft: what happens to data once stolen, the rise of account takeover, and how to protect yourself from data thieves.

The Financial Industry's Biggest Threat
With all the data breaches and cyber attacks that the financial sector has suffered recently, it is no surprise that cyber security is now seen as the top concern. Nearly half of financial services respondents cited cyber risk as the single biggest threat to the financial industry, and 80% listed it as one of the top five risks, according to a recent study. Cyber risk was listed far ahead of other concerns such as geopolitical risk, the impact of new regulations, and the US economic slowdown. This article looks at what financial organizations should be doing to protect themselves against data breaches.

Security Countermeasure Selection and Budgeting Tools
This chapter from the second edition of Risk Analysis and Security Countermeasure Selection explains what makes a security countermeasure effective or ineffective, the functions of security countermeasures, infiltration and attack scenarios, attack objectives, criminal offender types, criminal offender countermeasures, how to develop countermeasure effectiveness metrics, and how to develop a Decision Matrix to help decision makers reach consensus on a specific countermeasure when there are many points of view to consider.

Protests or Profiteering: The Hack Remains in Same
Whether it's cyber terrorism, hacktivism, or just another set of hackers trying to get famous by jumping on the media's hot topic, the key to fighting back is threat intelligence. Staying ahead of future attacks requires a proper investment in intelligence groups who have the proper tools, people and processes to deliver up-to-date intelligence.

How Can Hospitals Protect Their Medical Equipment from Malware?
The challenges in protecting hospitals from cyber attacks are very similar to those faced in ICS and SCADA environments; the equipment used in hospitals is not user-serviceable and therefore often running out-of-date software or firmware. This creates a dangerous situation. The medical industry isn't alone in fighting this threat. They don't have to invent new techniques for preventing infection, they simply need to adapt the proven strategies employed by other industries.

Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies
The GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity. In an effort to bolster cybersecurity across the federal government, several government-wide initiatives, spearheaded by the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), are under way. While these initiatives are intended to improve security, no single technology or tool is sufficient to protect against all cyber threats. Rather, agencies need to employ a multi-layered, "defense in depth" approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies.

Maintaining Security despite Enterprise Mobility
This article provides some solutions your company can incorporate so that it doesn't have to forego the positive effects of enterprise mobility. Keep in mind that, to some degree, there's only so much you can do. Hackers are more sophisticated than ever before and that trend isn't going to reverse any time soon. Still, while there’s no way to guarantee you won't ever be a target, many hackers just want easy ones; it's nothing personal. If you make your business tougher to break into, they'll go elsewhere.

IT Performance Improvement: What's in the Latest Issue
In latest edition of IT Performance Improvement, "Assessment and Recovery of Projects in Trouble" by Soren Lyngso. "Payment Card Industry Data Security Standard (PCI-DSS)" by Abhay Bhargav. "Information Security for Systems" by Brook S. E. Schoenfield. Alfonso Bucero on "Developing Trust." "Turn Nine Common Virtual Meeting Misconceptions Inside Out" by Nancy Settle-Murphy and Steve Bather.

Five Ways to Improve SCADA Security
SCADA attacks are on the rise. Given these challenges, what can be done to improve the security of critical infrastructure? Here are five ways to improve SCADA security.

Multilevel Modeling of Secure Systems in QoP-ML
This book introduces the Bogdan Ksiezopolski's quality of protection modeling language (QoP-ML), which provides the multilevel modeling language for making abstraction of security systems that put emphasis on the details concerning quality of protection. The analysis of the secure systems can be performed automatically by means of an automated quality of protection analysis tool. Based on the multilevel analysis, the foundations of the new decision support system can be introduced. The book includes a number of examples and case studies that illustrate the QoP analysis process by the QoP-ML.

McAfee Labs Threats Report: May 2015
For the first time ever, the report explores attacks on firmware. It also highlights the emergence of new families of ransomware and Adobe Flash vulnerability exploits. Key topics include a huge surge in powerful and clever ransomware encrypts files and holds them hostage until the ransom is paid; new Adobe Flash exploits target the growing number of vulnerabilities that have not been patched by users; and persistent and virtually undetectable attacks by the Equation Group that reprogram hard disk drives and solid state drive firmware.

Just Because You're Silent, You May Not Be Really Listening
Most communications skills courses tend to focus on making people more articulate, effective and expressive through writing, speaking and presenting. Listening is rarely a focus. In this article from Communiqué, Nancy Settle-Murphy offers some practical tips for making you a better listener.

Call for Chapters: Information Security Management Handbook, Seventh Edition
The new edition of the handbook is following the National Cybersecurity Workforce Framework.

Insider Threats: DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems
The GAO reports that without an identified program office dedicated to oversight of insider-threat programs, DOD may not be able to ensure the collection of all needed information and could face challenges in establishing goals and in recommending resources and improvements to address insider threats.

Why Insider Threats Are Succeeding
As corporate networks expand in scope and geographic area, it has become easier for insider threats to access sensitive data and inflict catastrophic damage. While the malicious insider comes with a different set of challenges than other security concerns, organizations can protect themselves with the right tools and mindset. Early detection of these attackers can keep a security event from becoming a high-profile data breach.

Endpoint Anti-malware
This excerpt from Securing Systems: Applied Security Architecture and Threat Models discusses deployment models for endpoint anti-malware software.

Operational Models of Corporate Security Intelligence
This excerpt from Corporate Security Intelligence and Strategic Decision Making discusses why it is useful to have a model of intelligence to help guide structures, processes, and the deployment of resources. It then introduces a simple security intelligence model, applicable to any scale of deployment. Finally, it discuss aspects of a common dedicated countercrime model (the National Intelligence Model).

Why the Padlock Symbol and Green Bar Appear in Your Browser, and Why You Should Care
Consumers trust that when they enter their credit or debit card numbers and other sensitive information into the online checkout page, those companies are taking appropriate steps to secure that information. However, the same cannot be said of the consumers themselves. Those are some of the key findings of the CA Security Council (CASC) 2015 Consumer Trust Survey report. The good news: most shoppers can significantly improve their security postures by following some simple precautions, and by developing a better understanding of the technologies retailers can deploy to protect shoppers.

Turn 9 Common Virtual Meeting Misconceptions Inside Out
The basic premise: Successful virtual meetings require a thoughtful discipline that demonstrates a deep sense of respect for all participants, enabling them to be full and equal participants in the conversation. We also believe that any kind of meeting should be held only when discussions are needed. (If content review is required, let people do that somewhere else.) This article by Nancy M. Settle-Murphy refutes nine of the most popular misconceptions people hold about virtual meetings, and offer some practical tips that can help transform virtual meetings from mediocre to memorable. Nancy M. Settle-Murphy is author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results.

Fifteen Years After the ILoveYou Bug: Has the Face of Malware Changed?
Where were you when the ILOVEYOU bug started spreading on May 4, 2000, exactly 15 years ago? Was your computer one of the tens of millions of PCs the Love Letter attacked? How are malware changed in the last 15 years? Read on ...

Internet, Social Media, and Cyber Attacks on Critical Infrastructures
The increasing number of both people and devices becoming connected in cyberspace will greatly impact specific portions of our nation's critical infrastructure. Those infrastructures most immediately impacted will be the electrical grid system, transportation, and telecommunications. Other infrastructure sectors will also be impacted, such as food, water systems, emergency services, and banking and financial services, but the impact on their performance and continuity of service will not be as profound as the former. The salient point is that as societies become so interconnected to both their devices and the critical services they require, this increasing dependency may well increase our vulnerability to disruption of our critical infrastructures.

Privacy Threats Come from All Corners
The types of personal information crooks, marketers, surveilliers, and others are after varies greatly. You can see it in the kinds of organizations under attack from black-market entreprenuers, just-because-I-can hackers, and even Chinese computer manufacturers. Increasingly, consumers must practice diligent privacy practices with every entity they allow access to their personal information. Read on for tips on doing exactly that.

Flip Your (Virtual) Meetings - Learning from Our Best Teachers
To stave off boredom and stimulate learning that lasts longer than a class period, my kids' teachers are experimenting with "flipped classrooms." Rather than lecturing at kids with a bunch of PowerPoints during the precious classroom time, the teachers assign the content in advance. This way, sutdents come to class ready to debate ideas and apply what they've learned in ways that make the topics come alive. Let's take a page from teachers who have seen great results by flipping their classrooms. Here are a few steps to get you started.

Sorry Symantec. Antivirus Is Not Dead.
This whitepaper highlights why there is still a need for end-point security protection; how the rise of 'crimeware' has highlighted the need for all users to protect their networks endpoints; despite 100% single antivirus protection no longer being a realistic expectation, organizations and individuals still have a need for antivirus security solutions; and how multi-scanning technology and anti-malware software can work alongside APT protection in helping prevent organizations from malicious attacks.

Rebecca Herold's Privacy Professor Tips for May
Data breaches, phishing scams and high-profile email "scandals" in the political world have shone a much-needed spotlight on privacy and data security issues. Consumers are beginning to pay closer attention to the threats and vulnerabilities posed by new technologies and expanded connectivity. Take advantage of the increased curiosity to further educate your peers, colleagues, friends and family. Read on for a few pointers that may get you started.

Protecting Critical Infrastructure from Threats
Portable media are a primary vector for cyber-attack. They are often the only way to transport files to and from secure areas. This article outlines a secure data workflow that organizations can implement in order to balance their security needs against their operational requirements, as well as how best to approach the crafting of security policies that address the inclusion of portable media while ensuring adherence to EO 13636.

Hacking the Human Operating System
McAfee Labs released a report, Hacking the Human Operating System, that examines how social engineering bypasses the "human firewall" and what you can do to better protect your people and your organization against these attacks.

Why Client-Side Encryption Is the Next Best Idea in Cloud-Based Data Security
In today's always-on digital climate, the complex and constantly evolving range of security threats is intimidating, leading many of us to consider whether or not our data can ever truly be safe from theft or loss. High-profile data security breaches haven't helped. Although it may be impossible to ever completely guarantee protection from potential data loss, client-side encryption is emerging as a viable alternative to end-to-end encryption and other less robust technologies--equipping today's personal and business users with the highest possible level of security for sensitive data and files.

Self-Service Reset Password Solutions: Issues Addressed and Problems Solved
You're thinking about implementing a self-service reset password solution, but you are not quite sure if it is worth it or if it will benefit your organization. The following checklist provides an easy overview of issues you might face, as well as solutions to how a password reset solution can easily solve these issues in addition to saving you time and money.

IT Performance Improvement: What's New March 2015
"A Reality Check for Project Managers" by Lynda Bourne. "What Is Project Management Maturity?" by J. Kent Crawford. "The Scope of Project Scope Management" by Jamal Moustafaev. John Monroe's and regular columnist Nancy Settle-Murphy's "How to Create a 12-Month Plan in Just Two Hours."

Concepts of Database Security
An excerpt from Multilevel Security for Relational Databases. It includes "Database Concepts," "Relational Database Security Concepts," and "Access Control in Relational Databases."

Onslaught of New Ransomware Strains
Ransomware is now a common term in our vocabulary, but it continues to evolve. The release below warns of an onslaught of new flavors and how they can be found and averted. The tactics range from using help files to infect along with phishing emails. Games are also now being targeted, bad news for those with teenagers in the house.

Basics of Security and Cryptography
An excerpt from Practical Cryptography: Algorithms and Implementations Using C++ edited by Saiful Azad and Al-Sakib Khan Pathan. It includes "The Perimeter of Cryptography in Practice" and "Things That Cryptographic Technologies Cannot Do."

Browser Security
In recent years with constantly updated browser versions, browser security features are becoming more powerful. This chapter from Web Security: A WhiteHat Perspective introduces some major browser security features.

What Is the Role of a CISO?
Andrew Wild, Lancope's new CISO, has spent over 25 years developing effective, customer-driven information security, incident response, compliance and secure networking programs for IT and security organizations. Here he discusses the role of the CISO, how it has changed over the years, and what tools and skills a CISO needs.

Security and Provenance
This chapter from Secure Data Provenance and Inference Control with Semantic Web discusses scalability issues for a secure provenance framework with building a scalable framework is the major goal. Then is discusses aspects of an access control language for provenance. Finally, it discusses graph operations on provenance, using graph structures to represent provenance.

Ten Tips to Avoid Massive Data Breaches. Don’t Be the Next Sony!
With Sony recently setting aside $15M to investigate the reasons for and remediate the damage caused by last year's data breach, many organizations—from large enterprises to small business—are wondering what they need to do make sure they aren’t the next big data breach headline. The good news is that most data breaches can be prevented by a common sense approach, coupled with some key IT security adjustments.

Cyber-security: Changing the Economics!
The impact of recent cyber attacks will be felt for years to come, perhaps having risen to a new level of hurt with the Target and Sony attacks. With a Fortune 500 CEO ousted and a Hollywood movie held hostage, cyber-security is on the minds of chief executives and board members as they gather in their first meetings of 2015. How can a massive organization with complex systems and networks prevent itself from becoming the next Target or Sony? Is there any hope? Yes, there is hope! However, we have to change the economics of cyber attacks.

Top 2014 Security Hacks and How Managed Services Could Have Helped
This list of the top security hacks from 2014 explains how managed services could have helped in each situation. The list includes a short Q&A that further details these hacks and potential managed service remedies, as well as information about proactive vs. reactive cloud security, best practices in avoiding security breaches, and more.

Critical Infrastructure Executives Complacent about Internet of Things Security
Tripwire, Inc. today announced the results of an extensive study conducted by Atomik Research on the security of the "Enterprise of Things" in critical infrastructure industries. The study examined the impact that emerging security threats connected with the Internet of Things (IoT) have on enterprise security. Study respondents included 404 IT professionals and 302 executives from retail, energy and financial services organizations in the U.S. and U.K.

The Smart Grid and Privacy
This chapter from Data Privacy for the Smart Grid discusses the emerging privacy risk and the need for privacy policies, reviews relevant privacy laws, regulations, and standards, and outlines privacy-enhancing technologies and new privacy challenges.

Cisco Annual Security Report Reveals Widening Gulf between Perception and Reality of Cybersecurity Readiness
The Cisco 2015 Annual Security Report reveals that organizations must adopt an 'all hands on deck' approach to defend against cyber attacks. Attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity. Defenders, namely, security teams, must be constantly improving their approach to protect their organization from these increasingly sophisticated cyber attack campaigns. These issues are further complicated by the geopolitical motivations of the attackers and conflicting requirements imposed by local laws with respect to data sovereignty, data localization and encryption.

How to Create a 12-Month Plan in Just Two Hours
There's something about the blank slate of a brand new year that makes it a perfect time to get your group together and lay down plans for the next 12 months. Sounds like a good idea in theory, but it can be near impossible to persuade people to hunker down in a meeting room for a couple of days when their 'day jobs' are so demanding. In this article Nancy Settle-Murphy describes how (and why) a processed called the Magic Wall works in a face-to-face (FTF) setting, and explores how some of these concepts might be played out virtually.

The Lean Leader: A Personal Journey of Transformation
In The Lean Leader, Robert B. Camp uses a compelling novel format to tackle the nuts and bolts of leading a Lean transformation. You'll follow along as the characters face real crises and what seem to be unreasonable deadlines. After reading this book, you'll know how to shed the decision-making tasks that have cluttered their days and delegate those decisions to employees who are closer to the action. You'll also learn how to look over the horizon to define and communicate a new course of action and compel others to follow. Click here to read Chapter 1.

In this chapter from Techniques and Sample Outputs that Drive Business Excellence, H. James Harrington and Chuck Mignosa discuss brainstorming (creative brainstorming), a technique used by a group to quickly generate large lists of ideas, problems, or issues. The emphasis is on quantity of ideas, not quality.

Widespread Employee Access to Sensitive Files Puts Critical Data at Risk
It's been 18 months since Snowden demonstrated the inability of the Puzzle Palace to identify and mitigate internal threats. Now, a new survey suggests--not surprisingly--that most organizations are having difficulty balancing the need for improved security with employee productivity demands. Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.

2014-2015 Security Surprises, Challenges and Predictions
As 2014 comes to a close, it is time to cast 2015 security predictions and look back at 2014 predictions to see what we got right, what we got wrong, and what surprised us. Here TK Keanini, Lancope CTO, takes retrospective look at his 2014 predictions, and projects 2015.

7 Ways to Keep Stakeholders Close in a Virtual World
Even though our intentions may be similar when working face-to-face and virtually, how we go about initiating and cultivating stakeholder relationships can be very different. Here are a few tips from Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, for engaging stakeholders virtually for projects that really matter.

5 Ways You Can Stay Protected Online This Holiday Shopping Season
With two of the biggest shopping days of the year--Black Friday and Cyber Monday--taking place this month, many consumers will turn to online channels to avoid hectic crowds and long checkout lines. While shopping online is convenient, e-commerce comes with its fair share of disadvantages, one of which is cybersecurity risks. Whether you choose to shop on Black Friday, Cyber Monday, or at any other point during the holiday shopping season, they must keep security top-of-mind to avoid falling victim to scams and potentially fraudulent transactions. Here are key tips to keep in mind.

Four Questions to Consider When Building a Security Platform
While most security professionals have come to grips with the fact that at some point they will fall victim to a compromise, the approach to security by and large still revolves around responding after something bad has occurred. Now this is by no means the fault of the security professional alone. The tools they have at their disposal, most of which offer a siloed view into their security posture, many times restrict their capabilities. To truly make the shift towards Continuous Advanced Threat Protection, security professionals need to evaluate tools and processes with a fresh set of eyes. This article outlines the four things to consider when making this necessary shift in security approach.

Cyber Economics
The economics of cyber threats are simple: cyber attacks are easy to organize and cheap to enact. Any computer anywhere can become the front line of an attack, which is not only difficult to defend against but leads to the need for constant vigilance and flexible defensive moves, both of which are rather more costly. CIOs and CISOs need to reverse these economics and change the game in their favor by driving down the cost to defend and increasing the cost to attack.

Breaking the Wall of Silence in a Virtual World
If you have ever led a virtual meeting, this scenario is familiar: You pose a brilliant provocative question, hoping to trigger a flurry of insightful responses. And instead, you hear ... Nothing. Nada. Zippo. Zilch. So what’s your next step? There are many techniques for generating more active participation in the virtual world. But first, you have to try to figure out the reasons for the silence. If you guess wrong, you might drive people further away from the virtual table. In this article from Communique, Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, explores some of the typical causes for a lack of participation, and will offer some remedies to help break through that painful wall of silence.

Basic Concepts of Multilevel Database Security
Mandatory access control (MAC) is a method of restricting unauthorized users from accessing objects that contain some sensitive information. An implementation of MAC is multilevel security (MLS), which has been developed mainly for computer and database systems at highly sensitive government organizations such as the intelligence community or the U.S. Department of Defense. This chapter from Multilevel Security for Relational Databases introduces the basic concepts of multilevel database security.

McAfee Report Reveals Organizations Choose Network Performance Over Advanced Security Features
McAfee today published a new report titled Network Performance and Security, exploring the challenges organizations face in deploying security protections while still maintaining an optimally performing network infrastructure. The report uncovered that an alarming number of organizations are now disabling advanced firewall features in order to avoid significant network performance degradation.

Android Malware Evolution
The evolution of Android malware, while mapping closely to the desktop trends, is often viewed at an accelerated pace. Malware and botnets have had time to grow and trial different methods of infections and potential uses, and the authors of the mobile counterparts are definitely applying these learned lessons. As explained in the chapter from Android Malware and Analysis, there are clear indicators that these are often the same groups working toward extending their list of infected machines to the Android world.

2014 Internet Security Threat Report
The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.

8 Ways to Stop Interruptions from Derailing Your Next Virtual Meeting
In this edition of Communique, Nancy Settle-Murphy explores practical steps that virtual meeting leaders can take to anticipate and effectively handle interruptions and other types of disruptions that may throw virtual meetings off-course.

New F-Secure Threat Report: Ransomware Rising, Even on Android
The first half 2014 saw an increase in online attacks that lock up user data and hold it for ransom -- even on mobile devices. According to F-Secure Labs' brand new 1H 2014 Threat Report, rising numbers of attacks from malicious software known as ransomware underscore the importance of data security for home, enterprise and government users. To find out the top countries for Android malware, the safest online market for mobile apps, and for more details about all the threats to PC, Mac and mobile, check out the full 1H 2014 Threat Report.

The Top 10 Ways to Combat Insider Threats
An adversary who attacks an organization from within can prove fatal to the organization and is generally impervious to conventional defenses. But there are things you can do to mitigate the risk. Below is Lancope's Top 10 Ways to Combat Insider Threats.

Survey of Secure Computing
Secure computing spans a wide spectrum of areas, including protocol-based security issues, denial of service, web and cloud, mobile, database, and social- and multimedia-related security issues, just to name a few. Even as threats present themselves, active mechanisms and good preparation can help to minimize incidents and losses arising from them, but it is also to be noted that security in computing is still a long way from complete. This chapter from Case Studies in Secure Computing: Achievements and Trends presents a survey of common issues in security attacks and defenses in computing through the application of cryptography and the aid of security models for securing systems.

Don't Leave Remote Participants Hanging: 8 Tips for a Meeting of Equals
Let's face it: It's almost impossible to make remote callers feel like they're on equal footing with people who are gathered in the conference room for the big meeting. But with some thoughtful planning, you can come pretty close. Taking the perspective of a frustrated remote participant, Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, offers eight tips for people who plan and run "hybrid" meetings, consisting of people who are gathered face-to-face and those who join from afar. Here she assumes that the meeting planners are using WebEx and phone conferencing, but these tips can apply with almost any kind of virtual meeting set-up.

"Digital Forensics Explained" Cited as Expert Testimony in US Supreme Court Case
Greg Gogolin's book, Digital Forensics Explained, was cited eight times in a recent US Supreme Court case. The case concerned whether evidence admitted at petitioner’s trial was obtained in a search of petitioner’s cell phone that violated petitioner’s Fourth Amendment rights. Greg's book was cited as expert testimony.

Beyond PCI Compliance
An organization begins a journey when it achieves PCI compliance. It is usually a starting point for a continuing path to information security and assurance. It is very important for the organization to understand the potential challenges and effectively address them after they achieve successful PCI compliance. This excerpt from PCI Compliance: The Definitive Guide briefly discuss the challenges and success factors that the organization must be aware of to maintain compliance and achieve optimum information security for the enterprise.

Before You Take Your Next Trip
I don't know if you've ever read Stratfor's guidance on personal security, such as "Taming Chaos with a Personal Plan," but this new book, Personal Security: A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, "Before You Go," maps out expert advice and lessons from real life cases to give you insights into basic planning questions.

Ethical Hacking: The Postexploitation Phase
After you have successfully exploited a target and managed to gain access to it, you enter the postexploitation phase, which is the last phase of the penetration testing process. Read on to learn how to exploit our targets further, escalating privileges and penetrating the internal network even more.

Subscribe to Information Security Today

Google Reader or Homepage
Add to My Yahoo!

Bookmark and Share

Search the Site

The Blog


From Our Authors

Nancy Settle-Murphy: CommuniqueAvoiding the High Cost of Ambiguous Decisions


Cybersecurity Vigilance for BDs and IAs on August 24-25, 2015 in New York City

SPTechCon on August 24-27, 2015 in Boston

Next Generation Testing on 17 September, 2015 in Chicago

STARWEST on September 27-October 2, 2015 in Anaheim, California

13th Agile Business Conference on October 6-7, 2015 in London, England

Big Data TechCon on November 2-4, 2015 in Chicago

The Agile Development, Better Software, & DevOps East Conferences on November 8-13, 2015 in Orlando

5th Annual Oil & Gas Cyber Security Conference on November 30-1st December 1, 2015 in London, United Kingdom

Cyber Security Exchange on December 6-8, 2015 in Florida

Nice Global Forum on Homeland Security and Crisis Management on February 2-5, 2016 in Nice, France


Here are links to all Rebecca Herold's monthly Privacy Professor Tips to date.

Guided Insights

© Copyright 2015 Auerbach Publications