the State of Security

Cyber Security

Cyber Security and the State of Security

Are your security people lying about the impacts? Probably, but not on purpose.

by Shawna Turner-Rice

Security is a complex, often nuanced, topic. Today there’s a lot of subjectivity in 100% security oriented discussions. Business people like non-squidgy objective numbers. To make security investment decisions, security people have to sell their area to the business; which means speaking their language. As a consequence, security people are often trying to make objective [...]

Read More
Interesting security reading

Interesting security reading

by Dwayne Melancon

I’ve been reading couple of security-oriented books lately, and liked them enough to talk a little about them here. If you like to read, I have found two books that are great reads, which you can easily fit into your mood — serious or casual.

Read More
Challenges in placing information security teams in the right organizational structure

Challenges in placing information security teams in the right organizational structure

by Shawna Turner-Rice

I often write blogs based on what crosses my inbox during a week; and recently I saw just enough articles on who security should report to that I thought I’d select it as the topic du jour.  (Much like Adam, I rarely seem to get to writing these early. This isn’t a new topic, I [...]

Read More
Verizon’s latest breach delivery

Verizon’s latest breach delivery

by Dwayne Melancon

I was catching up on my backlog of podcasts last week, and listened to Episode 271 of the Network Security Podcast (part of my balanced diet of security fiber). If you’re not familiar with this podcast, it consists of Rich Mogull, Zach Lanier, and Martin McKeay shooting the breeze about security topics. It is very casual, and very informative – I recommend you subscribe if you haven’t already.

Read More
Check your doors and windows

Check your doors and windows

by Dwayne Melancon

Yesterday, I was reading about the Utah Department of Health’s recent breach, in which 500,000 patient records and 280,000 social security numbers were stolen. One of the things that jumped out at me was how insufficient configuration hardening played a role, based on a statement by the Utah Department of Technology Services (DTS).

Read More
Friendly pwnage? Or just a public beat down?

Friendly pwnage? Or just a public beat down?

by Dwayne Melancon

It seems some hackers (known as “MalSec”) are going around to security companies, defacing their web sites, and leaving “polite warnings” that they’d better get their act together or they face the risk of being hacked in a more malicious fashion. Are these “helpful” hacks really helpful or not?

Read More

← Previous Entries