Banks are required by law to follow government regulations; these subject the banks to specific requirements, restrictions and guidelines. The end goal being, among other things, transparency. What about setting specific requirements for banking website security? Pew Research Center statistics reveal that 51% of U.S. adults bank online and 35% of...

We’ve looked at the Tripwire IP360 Scoring System and how risk is commonly used in two different scenarios, so I figured it was worthwhile to dive into the other complex element of Tripwire’s scoring: skill. Skill is a term that, even within the IP360 Scoring System, has evolved over the years and it’s worth looking at the evolution of the word in...

There's little doubt that effectively remediating vulnerabilities is an important part of a comprehensive information security strategy. Vulnerabilities in desktops, servers, laptops and infrastructure are commonly involved in intrusions and incidents. For example, the Chthonic malware designed to steal banking details, exploits a known Microsoft...

On any given day, my inbox is a flurry of activity that would make a January snow squall in Canada feel like a light breeze with the occasional flake. Like a snowflake, each email is unique but many share common themes. One of these themes is my favourite discussion topic: vulnerability scoring. I was inspired to further discuss this issue after the...