Love 'em and Lead 'em!

U.S. Army Major General John H. Stanford was asked about how one becomes a leader. "When anyone asks me that question, I tell them I have the secret to success in life. The secret to success is to stay in love. Staying in love gives you the fire to really ignite other people, to see inside other people, to have greater desire to get things done than other people. A person who is not in love doesn't really feel the kind of excitement that helps him to get ahead and lead others and to achieve. I don't know any other fire, any other thing in life that is more exhilarating and is more positive a feeling than love is."

Keep reading...

The Race to Protect Customer Privacy and Gain Trust is On

By Katherine Teitler 

March 11, 2016

Trust dies but mistrust blossoms – Sophocles

Technology is an inescapable part of our lives. Unless you live completely off the grid—grow your own food, never drive a car, transact with only the cash kept under your mattress inside your built-by-your-own-hands house—your personal information is collected, tracked, and exchanged by and among businesses. We knowingly provide private information to some; others come by it through craftily drafted terms and conditions tacked onto customer agreements (often in small print).

Keep reading...

Mobile Devices in Investigations

Once upon a time, phones were only used to make calls. For most of us, our phone is a mobile office; central to a great deal of our daily activity, our phones are the hub through which our email, text messages, news, social media, calendars, driving directions, fitness goals, and so much more are all brought to us, organized, recorded, and shared.

Keep reading...

by George Gerchow, Director, Product Management for Security & Compliance, Sumo Logic

Let me start by saying that RSA is still the place that every security nerd on the globe gathers; "It's what we do!" 

From Amber restaurant to Jillian’s at the Metreon, The Marrriott Marquee to coffee shops, Chevy's, and of course the Tonga Room at the famous Fairmont Hotel, business meetings light up the conference with a constant exchange of information between colleagues, partners, customers, and attendees. In fact, outside the walls of the Moscone and into the surrounding businesses is where much of the action takes place during this massive event. The San Francisco metropolitan area is where innovation and strategy are being outlined on napkins and cardboard coasters, not in the sessions.

Keep reading...

Rootkit

The word "rootkit" originates from the word "root," which, in computer networking, refers to the top-level directory of a file system. Logging in as a "root user" with the highest level of administrative privileges, an attacker can install malicious software; access, copy, delete, or move files; change system configurations; gain access to most areas of the network, applications, and log files and keystrokes; steal passwords; spy on a computer user; monitor traffic; or install a backdoor that will allow the hacker easy entrée back into the system on subsequent visits. "Root" is the level of access, and "kit" refers to utilities, scripts, libraries, or other files that can be accessed once the system has been "rooted."

Keep reading...

Are you Trusted to be a Security Leader?

"Trust is the lubrication that makes it possible for organizations to work." -- Warren Bennis

There is no shortage of quotes to capture the importance of trust: hard to earn, easy to lose, and essential to our success as security leaders.

Yet a troubling trend is emerging: the trust we need to be successful as security leaders is eroding.

Keep reading...

A recap of this year’s show, and cheers to 25 years!

Over 40,000 attendees and nearly 550 vendors are getting back to their inbox this week after having attended the gargantuan vendor show otherwise known as RSA. It was RSA’s silver anniversary, and as with each passing year, it gets BIGGER with age!

Like any relationship, an anniversary is a great time to step back, reflect, and renew vows. In this case, reflect with a renewed sense of improving information security globally – at least that’s the stated intention of every vendor on the show floor. For this momentous occasion, let’s pause for a moment and look at the state of our relationship – this marriage of security solutions and end users. There’s something each side can offer his or her security partner in terms of strengths, weaknesses, and opportunities.

Keep reading...

Kernel

A kernel is the central module, or "seed," of an operating system (OS). At boot, the kernel loads first into a protected area of the main memory (which cannot be overwritten), and remains there until the session terminates. The kernel is a critical component of the OS because it mediates access to system resources; the kernel interfaces with hardware on the system and allows multiple applications to use the hardware when necessary. In short, it is a bridge between applications and data processing, managing input/output requests and translating them into data, ultimately determining what programs and applications can do. For speed and efficiency, it is important that kernels remain small while providing essential services of the OS and applications.

Keep reading...

Secure Privileged Accounts Faster Than Hackers Can Strike

During the past couple of years, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.

What's lesser known, though, is many of those breaches began with an exploit of a single, unsecured privileged account and escalated to eventually gain control over the network. Every large enterprise, whether on-premises or in the cloud, is home to potentially hundreds of thousands of vulnerable privileged accounts.

Keep reading...

Why are outdated laws governing current technology usage?

By Katherine Teitler 

February 29, 2016

Whatever side of the debate you’re on when it comes to Apple and the FBI, one thing is for certain: U.S. courts should not be using laws written in 1789 to make decisions about current technological capabilities. Over the years, many laws have been written then repealed—from prohibition to slavery to land ownership to voting rights, there’s no shortage of precedents. What may have made sense at one time no longer stood the test of time, and the courts took the action to overrule outdated practices and irrelevant laws.

Keep reading...

Bridging the Gap between Enterprise Information Security and the Business

Information security and the business need to be in a partnership, not a dictatorship with one party demanding the other follow certain rules and guidelines. Through a true partnership, information security risks can be mitigated and business disruptions limited, thereby creating an improved relationship and organizational efficacy. 

Keep reading...

DDoS

A DDoS, or distributed denial of service, is a malicious attack against a network or network resources that renders the target unavailable to users. A DDoS differs from a denial of service in that multiple compromised systems attack a target. A DDoS begins with an exploit to one vulnerable systems. Once the initial system is compromised, it becomes the DDoS "master." This "master" identifies and infects other vulnerable systems with malware, connecting all the systems, or "bots." The automated bots are remotely controlled and instructed by the master to launch an attack against a specific target during a specified time period, which results in an overload of system resources on the victim's system. The attack overwhelms the target, which could be a website, Web application, email, or other services, disrupting services and making them inaccessible to employees or customers. 

Keep reading...

By Katherine Teitler 

February 22, 2016

Encryption is not a new invention. In fact, evidence of encrypted messages dates back to 1900 BC when the Egyptians wrote alternative symbols on pyramid walls to relay secret messages to one another. In modern times, though, encryption takes on a new meaning. Encryption is an essential part of securing data that sits on or moves through networks, devices, and other information systems. 

Keep reading...

Staffing Your Team When the Market is Tight

By Katherine Teitler 
February 17, 2016

The security field needs more practitioners. The insanity that is our “always-connected” world necessitates more resources to manage, monitor, and maintain personal and enterprise data – from email accounts to mobile phones to chock-full-of-tech refrigerators. 

Keep reading...

War Dialing

War dialing, also known as "demon dialing" was a hacking technique that emerged in the late 1980s as a method for attackers to identify unauthorized or non-secure modems within an enterprise that provided access the company's voice or data network or its Intranet. Originally a manual process (think: prank calling when you were a kid), technologies rapidly evolved and new software allowed attackers to automatically scan a large block of random telephone numbers for unprotected user names or passwords. Some of the programs used in war dialing would also automatically log and enter successful connections into a database when they were found so attackers could return at a later time to leverage unauthorized access.ense in depth is a practical strategy for achieving information assurance in today’s highly networked environments, as defined by the NSA, which first applied the long-standing military strategy to network security. The basic premise of defense in depth is that layering security controls within a computing environment helps slow down an attacker’s progress should s/he gain access. 

Keep reading...

Advanced and Persistent: Neither is Necessary

The hype around advanced persistent threats (APTs) is as high as ever. Post-breach, hacked organizations sing the praises of their adversaries' skills. Practitioners are bombarded by industry marketing touting the latest APT detecting and killing technologies. You would think the number of advanced persistent threats were climbing dramatically, and that the majority of breaches were near impossible to prevent given the endless resources of bad guys.

Keep reading...

The Evolution of Security and the Opportunity of Leadership

A few decades ago, we advanced information security with a simple phrase: "the Internet is bad, a firewall is good." We linked the dangers of connecting to others online with a simple method of protecting our companies.

Now our ever-changing networks face dynamic, evolving threats. The stakes are higher. The visibility is greater. And the answers to our challenges aren't handled by a piece of equipment or a simple solution. It requires the buy-in and support of others.

Keep reading...

Why Government-Mandated Backdoors are a Bad Idea

By Katherine Teitler 
February 12, 2016

As debates about privacy versus encryption rage on, with the US, UK, and France on one side and Germany and the Netherlands on the other, Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar decided to take a look at the encryption products market and replicate a study conducted in 1999. The purpose of the recently released study was to understand where in the world encryption products are made and sold today. The researchers found that the highest number of products identified (865 in total) were developed in the US (about one-third of the total), followed by Germany and the UK. Many smaller countries, like Estonia, Algeria, and Tanzania, were also represented.

Keep reading...

Almost every morning I wake up and read about another company that has been breached, and consumers' or patients' information has been stolen as a result. It's getting to be so common that social security numbers and credit card numbers posted on dark Web sites sell for less than a dollar each. Every time this happens, the public is outraged and the security community starts pointing fingers and asks which company is doing the security testing for the breached organization. "Have they had a penetration test?" "When was it done?" "By which firm?" And the inquisition continues. In many of these breach situations we learn that the company had, indeed, been doing regular penetration testing with a security vendor, so this begs the question: how did they still get hacked? There are a number of reasons for this, however the question I want to focus on is: Are the companies getting the right kind of security testing? And whose responsibility is it to make sure they get the right kind of test in the first place?

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Cloud Security eSummit 300x58

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.