Using Countermeasures to Ensure Risk Management

While the last few years have brought about many great advances in IT and network technology security and risk management have a critical point. There is a host of new concerns the IT security manager must be concerned with, including social networking, mobile, cloud, and information sharing. This has unleashed a new wave of change and potential risk.

Risk management is required to deal with these emerging technologies and should provide the rationale for all information security activities within the organization. You can think of risk management as the process of ensuring that the impact of threats and exploited vulnerabilities is within acceptable limits at an acceptable cost. Risk management requires the use of countermeasures. Countermeasures can include any process that serves to reduce threats or vulnerabilities.

Read more

Vulnerability Assessment Tools

Recently, Microsoft released security updates for a total of 23 vulnerabilities for Microsoft products. While this may seem like a lot, these situations do occur. This points to the speed at which new exploits are created and the fact that vendors must rush to patch these vulnerabilities. Some of the most common vulnerabilities businesses face today are unpatched systems and applications. This is one of the primary reasons why vulnerability assessment tools have become so important. These tools can find and identify needed patches, insecure settings, buffer overflows, and a whole host of other security issues. Luckily, there are many vulnerability assessment tools that can be used to find these problems and fix them before they are exploited.

Read more

Cryptography Tools and Techniques

Consider how many financial transactions are performed on the Internet everyday. Protecting all this data is of upmost importance. Cryptography can be defined as the process of concealing the contents of a message from all except those who know the key. Cryptography can be used for many purposes, but there are two types of cryptographic algorithms you need to understand, symmetric and asymmetric. Symmetric uses a single key, whereas asymmetric uses two keys. What else is required to have a good understanding of cryptography? It’s important to start with an understanding of how cryptography relates to the basic foundations of security: authentication, integrity, confidentiality, and non-repudiation.

The post Cryptography Tools and Techniques appeared first on Global Knowledge Blog.

Read more

NSA Reveals Google Hacking Tricks

Google hacking is something I typically discuss when teaching ethical hacking. It’s a key component of the footprinting process. Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner. Footprinting is a passive process of that is designed to profile an organization with respect to networks.

Read more

CASP Approved for DoD 8570.1

According to the Defense Information Systems Agency (DISA) the CompTIA Advanced Security Practitioner (CASP) is now 8570.1 approved. That’s good news for anyone looking for an alternative to what’s currently on the list for IAT level III and IAM level II security certification compliance.

CompTIA’s CASP certification is one of the newest security certifications and is designed for security professionals that have a minimum of 10 years hands-on experience in IT administration and at least five years of hands-on technical experience. What I like about the certification is that it’s a challenging certification that requires candidates to have hands-on experience with multiple security and networking technologies. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent certification.

Read more