securitycompliance

The Psychology of security

Posted on

Why do we continue to live with the situation that we have? Why are we willing to live with risks?   It has been shown from the ever capable Bruce Schneier youtube and his blog posts Humanity is risk averse when it comes to gains and risk seeking when it comes to losses. Here is a […]

securitycompliance

What systems did the attacker access?

Posted on

Will your company ever ask this question?     Hopefully the FBI does not call you … As Jim Aldridge from Mandiant says in this youtube video the first thing that will happen is the FBI will call you in a somewhat cryptic manner… Tell you the systems that were compromised and what systems compromised them. That’s […]

securitycompliance

The 8th network layer is always a problem

Posted on

As everyone knows – there are 7 OSI network layers. Microsoft explains And this is my favorite Open Source Interconnect (OSI) diagram: So what do I mean about the “8th network layer”?   Well I mean the human element  of course.   Got  a new book written by Christopher Hadnagy and Dr. Paul Ekman: “Unmasking […]

securitycompliance

more pentesting tools in the toolkit

Posted on

Hydra, w3af, Scapy    are all good as well. We can create our own scans using scapy – as we can create our own scan reviews depending on the environment that we need to look at. to make this work – one really needs to understand the tcp networking  from rfc793 contact us to learn […]