I came across this article this morning: 5 Ways Event Log Management Makes You More Secure. The claim there is, that adding 5 additional tasks will make you more secure:
Centralized logging makes it possible to review all the logs SIEM is French for “locked down” Event correlation helps you find bad things Search and . . . → Read More: Is Monitoring the Silver Bullet?
Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into . . . → Read More: Security in 2013 – the way forward?
I am following Shoaib’s blog since quite a while – actually due to the beauty of the Internet, we only met virtually so far .
He just posted on his blog: 5 Common Types of Security Professionals
I really like this post. The way he categorizes them is:
The NO-MASTER The By-The-Book Preacher The . . . → Read More: 5 Common Types of Security Professionals
l am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts:
The Budapest Convention is probably the best convention out there allowing a wide adoption of . . . → Read More: Council of Europe Octopus Conference- Some Thoughts
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections:
Governments Legislative Bodies The Armed Forces Law Enforcement Judges . . . → Read More: Cyber Security: The Road Ahead
Do you know the feeling? You should share a large file with somebody outside your organization. The file is too big to be sent by e-mail. What can you do? Well, you might have a service by internal IT (we have one) which is not really user-friendly, hard to use and – as you do . . . → Read More: Aligning Security with the Business
Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches:
Fake Phone Networks: I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for . . . → Read More: Six “New” Attack Vectors
As you know (I stress that fairly often ), I am Swiss. The reason why I am stressing this today is that I want to give you an example on security from the Swiss market: The banks here on place compete with each other – obviously. However, I have never seen the banks competing on . . . → Read More: Vulnerability Disclosure to Compete?
I just worked my way through the list SANS published. Looking at the list it is not surprising but scary to see which errors made it to the top of the list:
Cross-site Scripting SQL Injection Classic Buffer Overflow Cross-Site Request Forgery Improper Access Control
It shows as we often say that the attacks moved . . . → Read More: SANS Top 25 Most Dangerous Programming Errors – the same as very often…