Information Security Blog

HomeInformation Security Blog

The End of Network Penetration Testing as we Know it …

… but I don’t feel fine (see REM if you don’t get the reference).

Over the last few years significant changes have taken place in the vulnerability discovery space. In the “old days” a vulnerability researcher would discover a vulnerability, report it to the vendor, wait an “acceptable” period of time (for the vendor to (hopefully) issue a patch) and then publically publish their work (and “exploit code”).

Fast forward to today, the picture is radically different. Vulnerabilities are bought ...

Continue Reading →

Categories: Risky Business

Tags: ,

SIEM & IAM Integation – Compliance Management Simplified

One of the hotter areas today is the integration of IAM and SIEM. When Identity & Access management (IAM) and Security Information Event Management (SIEM) are optimally integrated, user access compliance monitoring capabilities are increased significantly beyond what either SIEM or IAM can provide alone.

This is because IAM provides a context to user activity event data (e.g., role, entitlements, cross-referencing of multiple user IDs, account status) that can be directly leveraged by the SIEM to identify exceptions in real-time ...

Continue Reading →

Categories: Risky Business

Tags:

Insider Data Theft Rate Soars in Financial Industry

I found a recent report by Actimize to be reamrkably compelling. According to their research 72% of financial institutions have experienced a case of data theft by an employee in the last 12 months.

Interestingly, it’s not the expected class of employees (e.g., outsourced/temporary) that is the greatest risk. The research shows that the insider fraud threat actually breaks down as follows:

  • 70% full-time employees,
  • 10% part-time employees,
  • 8% outsourced workers,
  • 6% temporary workers, and
  • 6% offshore employees.

The challenge is that ...

Continue Reading →

Categories: Risky Business

Tags:

Information Security is Inversely Proportional to Revenue Generation

A colleague of mine recently forwarded the following list of “security maxims” compiled by the Argonne National Labs.  Highly recommended if you need a quick smile or two.

We have a maxim here that I was surprised was not on the list:  ”The information security posture of a system is often inversely proportional to the revenue it generates. ”  or alternatively, “The information security posture of a system is often inversely proportional to its business criticality”.  On first ...

Continue Reading →

Categories: Risky Business

Tags:

When Business Partners Attack!

When Business Partners Attack!

… tip of the cap to the late 90′s FOX show “When Animals Attack!”

I found the recent Verizon Business study of more than 500 data breaches during the past four years a very interesting read. (Kudos to Verizon for their efforts on our behalf.)

Remarkably, 32% of data breaches involved partners’ networks being used by an external attacker. To be clear, the largest single source of risk in these organizations was a business partner. ...

Continue Reading →

Categories: Risky Business

Page 31 of 39 «...10202930313233...»