Something to talk about

By Katherine Teitler

September 26, 2016

Twenty minutes before the talk was scheduled to begin, attendees anxiously queued up outside the center ballroom to hear Chris Hadnagy present Mindreading for Fun and Profit Using DISC. Hadnagy, a renowned social engineer and DerbyCon staple, promised to share with the audience “how to use a quick and easy profiling tool to make targets feel as if you can read their minds.”

Read more ...

Penetration Testing

Penetrationtesting, also referred to as “pen testing” or “pentesting,” is a process through which an experienced hacker or team of hackers attempts to exploit the vulnerabilities of an organization’s networks, applications, endpoints (physical and digital), and human resources.

Keep reading...

By Marcos Colón

September 26, 2016

The cybersecurity industry is full of terms that both vendors and end users love to glom on to. Ok, maybe vendors lead the way, but their customers may not be doing a good job of speaking up and asking them to clarify what it is they do  taking the various mixed marketing messages as they come and running with it.

Read more ...

She blinded me with science

By Katherine Teitler

September 21, 2016

“You can’t just go to the shops and buy threat intelligence; it doesn’t come in a box.” This nugget of wisdom comes from Jim Hart, Vice President at AlixPartners LLP in the UK. Whilst upon reading, this idea is a big “no kidding,” yet many in the security industry still confuse threat intelligence feeds and tools with a threat intelligence program. In fact, “threat intelligence feeds” might be a misnomer in and of themselves, but let’s sidestep that issue for now.

Read more ...

By Katherine Teitler

September 20, 2016

“Red team” vs. “blue team” exercises have been adapted intocybersecurity from the military and intelligence realms. As a means to simulate real-life threats and attack scenarios, organizations have been putting this methodology into play, either with internalresources, or by hiring outside experts to help find system issues and prepare for actual cyber events.

Read more ...

Cross-Site Scripting (XSS)

Cross-site scripting, commonly abbreviated as “XSS,” is a client-side web application attack used by malicious actors to gain access to private information stored in or entered into a web application or website. XSS, categorized by OWSAP as a “Top 10” attack, can be executed when an attacker injects malicious code into a vulnerable application or website by taking advantage of improperly validated code in the scripting language used to develop the website or app. Cross-site scripting is executed when an attacker manipulates a user’s form inputs.

Keep reading...

A well respected man

By Katherine Teitler

September 16, 2016

Hiring security staff is a big challenge. Not only does the industry need more people to fill the open positions than it currently has, but to complicate matters further, hiring managers aren’t necessarily security professionals themselves; many organizations’ security teams report to IT, operations, or even finance, and the hiring process generally starts with the hiring manager—a non-security professional in these cases.  

Read more ...

Takin’ care of business

By Katherine Teitler

September 14, 2016

By many estimates, the demand for information security practitioners far exceeds availability. As security becomes an appreciable concern for large and small companies alike, it stands to reason that the industry is going to face a serious shortage in the coming years if new practitioners aren’t found or cultivated. Strategies to combat the problem are discussed frequently during industry conferences and online in social media: Implement more school programs focusing on security (vs. general technology or computer science); groom savvy technical staff; look for qualities like creativity or deep analytical skills in non-technical staff, then recruit and train those individuals into security positions; start or join programs in one’s community to increase awareness of and interest in security; volunteer to teach an “intro to security” program at your local school or youth center. What’s interesting is that none of the ideas begin with, “Promote security certification programs!” 

Read more ...

Runaround Sue

By Katherine Teitler

September 13, 2016

While most of the U.S. is focused on did-she-or-didn’t she as it relates to Hillary Clinton’s private email server and the rules Clinton may or may not have broken, new emails from also-former Secretary of State Colin Powell highlight a well-known but persistent information security problem: When usability and accessibility are in question (and when aren’t they, really), end users will always seek out shortcuts that make their lives easier.

Read more ...

Zero Day 

A “zero day” may refer to either a vulnerability or an exploit. A zero-day vulnerability is a vulnerability—a flaw or weakness—in software about which the developer of that software is yet unaware. The weakness leaves the software susceptible to attack.

Keep reading...

By: Marcos Colón

September 9, 2016

The term cyber threat intelligence gets thrown around a lot, especially on show floors teeming with security practitioners being approached by vendors with the solution to all their problems. But fundamentally, are organizations successfully leveraging the tactics surrounding it? 

Read more ...

By: Marcos Colón

September 8, 2016

Unless you're oblivious to the news, you're well aware that the information security industry is getting a lot of attention. Be it the headline-grabbing breaches taking place on a seemingly frequent basis, or the fact that the number of digital internet-connected devices per capita is increasing constantly.

Read more ...

Money, money, money

By Katherine Teitler

September 6, 2016

Like it or not, fall is right around the corner, and for many private enterprises, fall means Q4 which means facing the dreaded budgeting season. If budgeting itself weren’t cumbersome enough, cybersecurity budgets—even if they stand alone—are often part of a larger function. That means the “budget” you get isn’t really your own, cementing the fact that infosec is still today perceived as a sidebar of IT, operations, or even finance. 

Read more ...

Vulnerability Scanning

Vulnerability Scanning is an automated process used as part of an information security program to determine weaknesses in a computer, IT network, or applications. Vulnerability scanning may be performed by an organization’s IT or security team, or by an outsourced provider. The process uses a vulnerability scanning application or software to detect vulnerabilities—or flaws in systems, software, or applications that can be exploited—by comparing found vulnerabilities to a database of known security issues, generally the Common Vulnerability Scoring System (CVSS). The CVSS is very helpful for benchmarking but does not take into account an organization’s unique environment. In addition, a vulnerability scan is only as good as the input data, therefore, organizations should check for the most up to date data before running a scan.

Keep reading...

By Katherine Teitler

September 1, 2016

Identity is who we are. It’s what we do and how we do it. In the digital realm, our identities are part of what affords access to the systems, tools, accounts, and functionality that make it possible to perform job responsibilities and effectively contribute to the organizations for which we work. In the workplace, employees don’t typically have provenance over one’s own digital identity, and should rarely have management over the access that identity provides (a system of checks and balances ought to be in place for admins). Along with this comes a considerable IT and security burden.

Read more ...

Jet airliner

By Katherine Teitler

August 31, 2016

Political staffer Huma Abedin has been dominating media headlines as of late for a number of issues, including leaked emails uncovered by Citizens United and released publicly by Fox News. In the exposed emails, she refers to an intent to leave her mobile device, specifically a BlackBerry, behind during a 2009 trip to Russia.  

Read more ...

Let’s get it started

By Katherine Teitler

August 30, 2016

Applications have become the technological underpinnings which enable employees to do their jobs faster, more accurately, and with greater ease. Applications have become so ubiquitous within organizations that most employees don’t even consider the tools with which they are working “applications” at all, rather, that spreadsheet, that portal, that project tracking system is just a part of getting things done. 

Read more ...

Computer/Cyber/Digital Forensics

Computer forensics, also known as cyber or digital forensics, is a set of investigation techniques used by forensics investigators to find, gather, analyze, and preserve digital evidence in the event of a cybercrime such as a breach or intrusion, when fraud has occurred, or if threats to the organization exist. The goal of a forensics investigation is to uncover information about the crime and create and preserve a documented chain of evidence that may be used in a court of law.

Keep reading...

Technology

By Katherine Teitler

August 26, 2016

The European “right to be forgotten” is an important directive for both privacy and information security advocates. With roots as far back as 1995, a European Data Privacy Directive laid the foundation—and set regulations—for how EU citizens’ personal information must be protected and handled by “controllers of personal data” (i.e., companies and internet search engines). 

Read more ...

A little less conversation

By Katherine Teitler

August 24, 2016

Privacy and terms of service policies appear on every website, every app with which users interact. Enterprise- and consumer-focused tools alike include equal amounts of legalese. When individual users are required to first accept usage policies and then interact with the website/application/tool by allowing it to collect information (either automatically or through manual input), both the user and the enterprise for which the user works are put in a position of risk. Why? Because the likelihood that he or she will read the policy is slim to none.

Read more ...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.