There are many sites with security policies on the Internet, such as Universities recommending what to do and not do. http://sites.gse.harvard.edu/its/top-10-security-dos-and-donts http://www.feinberg.northwestern.edu/docs/mis/General_Security_Policy.pdf A security policy is a guideline to employees and users of network and computing resources for the safety and security of data and resources. It is good to know what one is supposed … Read more
I am always working on trying to explain how better security can save your company from headaches and certain disaster in the future. While also figuring out why people are just not paying attention to security in general. And as they say a picture says a thousand words. So lets discuss my little pie … Read more
“Detection is a Flawed” Strategy by Simon Crosby at Dark Reading: http://www.darkreading.com/endpoint/times-running-out-for-the-$76-billion-detection-industry/a/d-id/1321381 Simon goes over the problems we have had including the Target failure, where the malware was detected but not acted upon (2014). So the Firewall Industry does sell a difficult job – they do know that breaches occur, there will be breaches. (image … Read more
I’m always monitoring multiple newsfeeds for the latest Security news (this is why I set up my top30 Security News Analyzed page). In my review I found the following 2 links which are tied into a recurring theme us security people attempt to work through. CIO’s real security headache http://www.techrepublic.com/article/the-cios-real-security-headache/ Six technical measures … Read more
What does it mean to say check my firewall with an automated pentest scan? That means to test the firewall using various programs to review the vulnerabilities using an application like Nessus or Nikto to test the IP address for vulnerabilities known to Nessus or Nikto. Nessus: The above … Read more