Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more
Is there something fundamentally wrong with our thinking? Anthem is only the latest victim of the multiple victims last year. Over 1 Billion records were breached or stolen in 2014 and human error or accidents are the cause 25% of the time (Network World story). “Mega breaches are the defining trend, exposing tens of millions … Read more
As you may know SSL is the security standard upon the encrypted Internet was first built. the Secure Socket layer is no longer secure though. If you read our POODLE (Padding Oracle On Downgraded Legacy Encryption)post: http://oversitesentry.com/the-sslv3-vulnerability-fix-and-explanation/ It showed the current reality of SSLv3 (the latest version) is no longer secure. And thus it is … Read more
Moving to the Cloud is important for the “next” level of IT in the board room(the Chief xO’s and directors…) all you need is a browser in “the cloud” Why? Now we can have computing at our desktops and mobile devices without the local infrastructure. We don’t need those specialist IT people (I … Read more
At the hackers were there for several weeks(maybe months)- copying and taking data before they started deleting data, and breaking stuff. Every day more malware (malicious software) is being created which is very hard to detect – why do you think Symantec says that anti virus is dead, the defenses of a network must contain more … Read more
