Archive For: InfoSec

Windows Event Log Management Presentation

I recently presented a brief presentation to the Central Alabama ISSA Chapter on Windows Event Forwarding (WEF).  I have a previous blog with a number of resources for getting WEF up and going.  The main point of this presentation was to point out the simplicity of WEF and for people to consider what they are ... Read More
 

Risk of using VNC in an Enterprise Environment

VNC is a protocol used by a number of products for remote viewing and control of devices.  I am also including services such as X11 in this discussion.  Ultimately, this includes any remote viewing software that is not native to an application that runs persistently on the end device. Identity Access Management Software like this, ... Read More
 

Cyber Security and Non Profits

Running a non-profit is much like running a small business, and it also has many unique challenges.  In a small business, it is easy to justify overhead spending on IT equipment as a necessity to running the business even during times of fiscal struggle.  In a non-profit, when you have to weigh spending money on ... Read More
 

The Hitlist: Compliance

This post is focused on compliance and cyber security.  What we mean is if your organization is attempting to become compliant to an industry standard or regulation, these are things that will have to be considered and more than likely implemented across the board for things such as PCI-DSS, HIPAA, ISO27k, FISMA and more.  Here ... Read More
 

Heartbleed: What you need to know

Summary Heartbleed is a serious vulnerability that can allow attackers to intercept secure communications.  Email, Websites, VPNs, and other trusted security technologies are at risk – passwords and encryption keys can be breached.  You most likely have something that is affected.  What to do Update anything using OpenSSL, see below for more information. Check to see ... Read More
 

Study: Cost of Data Breaches Increasing

Cross posted from http://www.securit360.com/blog where I am a regular author. A study published by Ponemon Institute, and sponsored by IBM, purported that the average total cost of data breaches increased 15% in the last year to $3.5 million, or $145 per record containing protected information.  The study included participants from 314 companies in at least 10 ... Read More
 

Tips for Spotting a Phishing Email

Cross posted from http://www.securit360.com/blog where I am a regular author. Every day users are targeted with phishing emails from all around the world.  These emails can range from overtly “spammy” and easy to detect, to quite sophisticated an difficult to notice.  We have found that this is typically the least defended position in an organization, ... Read More
 

Verizon Breach Report 2013: What does it mean for your organization?

Cross posted from http://www.securit360.com/blog where I am a regular author. Each year Verizon releases their Breach Report; it is sort of a state of the union with regard to last year’s breaches.  It is worthy research to help determine the industry trends that could help steer the budgets and focus of IT departments.  This year’s ... Read More