Don’t Miss it!
August 2-7, Caesars Palace Las Vegas, USA
This August, The Black Hat Briefings return to the venerable Caesars Palace Hotel and Casino for another installment of the premier North American technical information security conference. Every year the lineup of presentations helps define the security headlines for the following year and 2008 will be no exception.
Technology has greatly changed how we communicate in our personal and professional lives. Whether we’re shopping on line, sending e-mail or simply browsing our favorite internet site we must be aware that prying eyes are watching. Everything we do online is susceptible to being monitored and possibly reconstructed.
Data communications travels in mainly two forms, “in the clear” or encrypted. When data is traveling “in the clear”, it means that none of the communication is confidential. The data you are sending can easily be sniffed and reconstructed in its entirety. When communication is encrypted, the data portion of your transmission is protected through a mathematical equation that only your system and the destination computer can reverse. This allows you to be assured your communication is being handled privately with no unauthorized disclosure.
Encrypting your data is extremely important for protecting confidentiality. Whenever you send an e-mail from your home computer you are sending information “in the clear.” That means that anyone “listening” on the line between you and the destination can grab the information and reassemble it. Can you imagine the amount of damage that can be done if your information contained items such as username & passwords, social security number, or credit card numbers?
Make sure you are not caught sleeping at the wheel. Ensure you are taking appropriate actions to protect your information. If possible, use an e-mail encryption program and protect yourself by shopping only at sites that use encryption which is represented by a pad lock on the web page.
Accountability within a system means that anyone using the system is tracked and held accountable for their actions. The organization must have methods in place to hold users accountable for their actions Accountability applies to both intentional and unintentional actions. When a user knows they are accountable for their actions on a system, hopefully, they will tend to avoid activities that could damage that system.
Some steps an organization could take to hold users accountable is an Acceptable Use Policy, Logon Banners and the auditing of changes to objects such as files & folders.
Please post comments & questions
The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS). The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential. The CISM job practice also defines a global job description for the information security manager and a method to measure existing staff or compare prospective new hires.
Please post comments or questions
As the first credential accredited by ANSI to ISO Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP®) certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP® CBK®.
The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.
https://www.isc2.org/cgi-bin/content.cgi?category=97
Please post comments or questions
The Systems Security Certified Practitioner (SSCP®) credential is ideal for those working towards or who have already attained positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators. The SSCP designation is frequently viewed as the first step on an information security career path.
For more info visit https://www.isc2.org/cgi-bin/content.cgi?category=98
Please post comments & questions
Properly implemented, access controls only give employees access to the applications and databases they need to do their jobs. At many regulated organizations, such controls are too often manual, outdated and largely ineffective.
Please post your ideas & comments
Cryptography conceals information, ensures the privacy of information, and can guarantee the integrity of information.
Public key cryptography and digital certificates permit the authentication and verification of a sender.
Non-repudiation is also possible with signed messages; a sender cannot deny sending a particular message at a particular time, or deny the validity of the content.
A good crypto systems should rely on the strength of the algorithm used (not the secrecy), be strong based on the size of the key used (larger key sizes should confer greater resistance to cryptanalysis), and be equally efficient for all keys in a given key space.
Please post you thought and questions
When Identifying risks & threats, you may find that events affecting your organization may be different from those faced by other businesses. Each business must identify what they may be in danger of confronting. While not every threat is likely to occur, the number of them can be overwhelming. Threats can come from a wide variety of sources and present different levels of risk to elements of your company. However, threats can generally be divided into three different categories: environmental, deliberate and accidental.
Please post thoughts and experiences
Why is the physical layer so important to network security?
Network security involves many things including making sure the network is available. The physical layer contains network cabling and data hubs. If either of these items is not available, either through an attack or mechanical failure, the network may be rendered useless and data transmission would not be available.
Please post your thoughts and comments