Showing Blog Posts: 61–70 of 132 tagged Data Breach

  • Secure Coding in C and C++

    by Ben Rothke on May 7, 2013

    Behind nearly every security vulnerability is poorly written or insecure code. Fix the code and a majority of the security vulnerabilities go away. In the just released 2nd edition of Secure Coding in C and C++, author Robert Seacord of CERT has created an invaluable resource for developers. Research from OWASP and CERT shows that a lion's share of core vulnerabilities can be found in a small…

  • Applied Information Security: A Hands-on Approach

    by Ben Rothke on April 22, 2013

    In Applied Information Security: A Hands-on Approach, authors David Basin, Patrick Schaller and Michael Schläpfer detail some of the labs exercises and texts that they used for courses they gave at ETH Zürich (Eidgenössische Technische Hochschule Zürich), an engineering and science -based university in Zurich, Switzerland. In fewer than 200 pages, the book is an intense introduction to the…

  • The Death of the Internet - Markus Jakobsson

    by Ben Rothke on April 15, 2013

    When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too many books that are pasted together by myriad disparate authors, creating a jerry-rigged book with an ISBN, but little value or substance. The only negative thing about the book is the over the top…

  • Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure

    by Ben Rothke on April 8, 2013

    Imagine if the smart guys from the SANS Institute came to the Federal Energy Regulatory Commission (FERC) and told them there it was impossible that the smart grid could be effectively secured. What are the chances that FERC and other state regulators would put the brakes on this new modern power infrastructure? The reality is that the chances would be very low, as the smart grid is coming hell…

  • Managing Risk and Information Security: Protect to Enable

    by Ben Rothke on March 20, 2013

    Risk management in the real world is not an easy endeavor. On one side, people use toilet seat covers thinking they do something, on the other side, millions of people smoke cigarettes, ignoring the empirical evidence of their danger. In Managing Risk and Information Security: Protect to Enable, author Malcolm Harkins deals with the inherent tension of information security – that between…

  • RSA 2013: The Culmination of Cybersecurity Month

    by Gib Sorebo on March 12, 2013

    It’s not unusual for cybersecurity vendors to time new product announcements and major initiatives to coincide with the RSA Security Conference. Similarly, major threat reports, such as Mandiant’s APT1 Report, are often released to gain maximum exposure at RSA. But now it seems the White House has gotten into the act with its release of the Cybersecurity Executive Order, or so the conspiracy…

  • The Hacker's Guide to OS X: Exploiting OS X from the Root Up

    by Ben Rothke on March 5, 2013

    The Macintosh operating system was long considered more secure than Windows. Part of the reason was that the vast majority of attackers targeted Windows given it was so ubiquitous. A lot has changed and the Macintosh operating system, currently known as OS X is both a target and highly vulnerable. In The Hacker's Guide to OS X: Exploiting OS X from the Root Up, authors Robert Bathurst, Russ Rogers…

  • California's New Defense for Medical Data Breach Cases

    by Stephen Wu on February 24, 2013

    Last year, I discussed the phenomenon of a big dollar class action suit seeking almost a billion dollars in statutory damages arising out of a healthcare data breach.#_ftn1 A break-in at Sutter Health occurred at its administrative offices in October 2011, in which burglars stole a desktop computer containing unencrypted electronic medical records on a large number of patients. On the date Sutter…

  • Security Engineering: A Guide to Building Dependable Distributed Systems

    by Ben Rothke on February 15, 2013

    Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson is one of, if not the best information security book ever written. With a list price of $80, it's worth every penny. With that, thanks to Robert Slade for pointing out today in Risks Digest 27.16 that Ross Anderson has made all chapters from the second edition now available free online. You can get it here. …

  • Can I Get Credit Monitoring for That Transformer?

    by Gib Sorebo on January 2, 2013

    As organizations struggle with cyber attacks and their after effects, more and more are looking to insurance policies to cover the damage. And that really begs the question of just what do a get with a cyber insurance policy? After all, we are bombarded with news stories of stolen customer information where the biggest cost, which some cyber insurance policies cover, is credit monitoring, a…

This document was retrieved from on Wed, 07 Oct 2015 02:34:14 -0400.
© 2015 EMC Corporation. All rights reserved.