• A Morality Tale: The Good and Bad of DDoS Attacks, and What to Do About Them

    by John Linkous on December 8, 2014

    It's 4:55 p.m. on a Friday afternoon, and your phone rings. You're a CISO of a large company selling products online. It's your lead SOC analyst calling with a big problem. The moment that you've successfully avoided for your tenure so far has finally arrived: web-facing applications are slowing to a crawl, and customers are calling and complaining. You are under attack—it’s a distributed…

  • Your End-of-the-Year Security Checklist

    by Fahmida Y. Rashid on December 5, 2014

    Let's talk about checklists! Specifically, checklists of things information security professionals should complete between now and the end of the year. Slow period? What slow period? The end-of-the-year is a very busy time for IT security. Last minute modifications and additions to next-year's budget are underway, as well as looking at this year's budget and figuring out what else needs to be…

  • What's in Your Privacy Policy?

    by Christopher Burgess on December 4, 2014

    The days of asking "Why do I need an entire policy about privacy?" are long gone. Users regularly evaluate the trade-off between how their information is being used and the cost to personal privacy. Every company needs to be upfront about how user data is being used, shared, and stored. What Does a Privacy Policy Look Like? A quick survey of well-known companies and their respective privacy…

  • New Standards and Protocols Introduce Wireless Security Threats

    by John Linkous on December 3, 2014

    When I hear the term "wireless security," the first thing I think of is my 802.11 Wi-Fi-enabled router, humming along with WPA2 (and Wi-Fi Protected Setup disabled, naturally). There is a relatively low risk that anyone will be able to get to my data—at least until it routes to the Internet. What I—like many of you, probably—tend to forget about are the other, lesser known protocols and standards…

  • Keeping the Lights On, Networks Safe

    by Fahmida Y. Rashid on December 1, 2014

    December is a month for looking back at all the things that happened this year and for looking ahead to what is in store next year. For many information security professionals, it is also a month of long hours as organizations rely on skeleton staff to defend the network. Criminals frequently launch their campaigns over holidays, weekends, and late at night when IT staff has a skeleton crew in…

  • Latest Guidelines for Malware Detection

    by Robert Moskowitz on November 28, 2014

    Today's malware brings a wide range of threats that—without proper detection and defense—can wreak havoc on any computer system. While various kinds of malware can get onto your system via the original manufacturer, information-seeking government agencies, and covert infiltrators, the vast majority of malware still comes over the Internet as software downloads. Deceptive Downloads Because a…

  • Public or Private Cloud: How Secure Is Your Cloud?

    by Christopher Burgess on November 27, 2014

    Public and private cloud service providers have many providers to choose from. The cloud offers low-cost data storage solutions and infrastructure to host web applications and processes. The company can remove applications from client-side devices and they don’t need skilled IT professionals to manage the infrastructure. In a September Forbes article, "How to Avoid a Cloud Strategy Fail,"…

  • Network Intrusion: NIDS and Detection

    by Robert Moskowitz on November 24, 2014

    Network intrusions—any unauthorized activity on a computer network—utilize network resources that can be better used for other, authorized, purposes. They threaten the security of the network and data. There are a variety of ways to detect an intrusion, including monitoring network logs, sniffing network traffic, and real-time filtering for specific network events. At a minimum, network security…

  • Bulletproof SSL and TLS

    by Ben Rothke on November 24, 2014

    If SSL is the emperor’s new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it’s indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS…

  • Which Is It: Privacy vs. Security, or Privacy and Security?

    by Christopher Burgess on November 21, 2014

    The age-old question: is it "privacy vs. security" or "privacy and security"? This year, we’ve seen data breach after data breach affecting companies of all sizes and across all industries. We’ve also seen victims grapple with privacy headaches in the aftermath. It would seem, then, that security and privacy are intertwined. But when considering the users and how they interact with company data, …

This document was retrieved from on Thu, 26 Nov 2015 00:07:06 -0500.
© 2015 EMC Corporation. All rights reserved.