UPDATED 01/07/2016 to include RSA Conference USA. (Please see below.) In Part II of our 2015 Infosec Wishlist series, a number of security experts expressed their desire for the security community to renew its focus on collaboration, communication and unity in the New Year. To accomplish this goal, folks in information security will need to...

Have you discovered a security gap? Have you found a possible solution? Have you received funding for it? If you answered 'yes' to all of the above, you're half way to successfully implementing a new control. Here are some other (often overlooked) actions you should consider to ensure the success of your project:1. Be sure the solution solves your...

This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective. In part 2, I offer advice that considers the implementation and ongoing operations management. Let’s look at operational...

A recent article by The Financial Times argues that boards should be looking to employ younger directors to tackle the cyber security “problem." Meanwhile, the EU has unveiled the proposed Network and Information Security Directive. Think about the psychology here, really… The more we raise the bar and levels of expectations, given the volume of...

President Xi Jinping believes that the People's Republic of China should have the right to decide what to block and censor on the web. In his opening speech for the second World Internet Conference, which opened in Wuzhen, Zhejiang province on Wednesday, the Chinese president invoked national sovereignty, a principle enshrined in the Charter of the...

It is my privilege to have joined Tripwire as the company's Vice President of Sales for Europe, Middle East, and Africa (EMEA) earlier this Autumn. At this time, I would like to explain why ongoing developments in the security world influenced my decision to come aboard. So, let's jump right in. Why did I join Tripwire? First of all, EMEA – my area of...

If your doctor walks into the exam room for your annual physical and listens to your heart, takes a quick look at your throat, and then gives a clean bill of health without asking many questions, a quick interaction might make you feel good if you’re not worried about your health. However, if you haven’t been feeling well, or if you are at risk for...

The Internet of Things (IoT) is one of the most significant trends in technology today. A melding of innovations in the fields of computing and communication, IoT and its "smart" devices are poised to revolutionize not only user-machine interaction but also the way in which machines engage with one another. Already we are beginning to see the...

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that's a controversial statement, let me explain why I make it. Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to...

A transformative event is occurring where countless industrial devices, both old and new, are beginning to use Internet Protocol communication technologies. We refer to these collections of IP-enabled industrial devices and associated networks as the Industrial Internet of Things (IIoT). The Industrial IoT is at the very core of disruptive visions,...

In the last few days, I have seen multiple articles on ransomware in my news feeds (including a shameless reference back to our own post on The State of Security). As I read these, it occurred to me that there is an ironic similarity between these schemes and legitimate companies. The criminals running these malware and ransomware schemes have to be...

There are important security lessons for CEOs following the embarrassing revelation that a teenager hacked into the personal email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson. This isn't the first nor will it be the last time that people hack into accounts using a variety of techniques; it illustrates the...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-643 on Wednesday, November 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

For decades, the field of computer security has evolved as a cat-and-mouse game between security researchers and malware authors. When the former devises new methods to detect malicious programs, the latter incorporates into their software dormant functionality scenarios and a variety of other evasive techniques – four of which are now particularly...

Just last week, police forces across Europe arrested individuals who they believed had been using the notorious DroidJack malware to spy on Android users. Now attention has been turned on to another piece of software that can spy on communications, secretly record conversations, snoop on browsing histories and take complete control of a remote...

A blind spot is defined as “an area where a person's view is obstructed.” As a longstanding professional in the industry, seeing the rhetoric change over the years, from Information Security, through Information Assurance and now to “cyber security,” what is occurring is the creation of a significant and worrying blind spot. Sadly, what people...

British Gas has emailed approximately 2,200 customers urging them to change their passwords after their login credentials were posted online. According to The Guardian, the account details were posted to the online text-sharing service Pastebin and, if accessed, could have allowed an attacker to view the names, addresses, and previous energy bills...

We are very proud to announce the release of Version 6 of the Center for Internet Security Critical Security Controls for Effective Cyber Defense. This is a set of security practices developed and supported by a large volunteer community of cybersecurity experts. Based on an ongoing analysis of attacks, vulnerabilities and defensive options, the CIS...

Although associating with third parties and outsourcing certain processes provides many benefits – from reducing costs to leveraging their expertise – many organisations choose to overlook the security risks accompanying these benefits. According to a recent survey conducted by Tripwire at the IP EXPO Europe in London earlier this month, 63 percent of...

Defensible and defended are not the same thing. There are characteristics of an environment that make it more or less defensible. While IT and OT environments both have some mixed results, in general, OT environments are more defensible than IT environments. My hypothesis, as a reminder, is that a more defensible network is one in which currently...