It should come as no surprise that in this modern era of digital data we need encryption. But what exactly is it? How do you know what kind of encryption you need? If you were to ask someone what kind of encryption they use, they may respond with a specific encryption-based product, like full-disk encryption. Or they may mention an encryption-based protocol, like HTTPS (HyperText Transport Protocol over SSL). But encryption is much more complicated than that.Read more
Our computer systems and networks contain quite a bit of private and often very valuable data, and we do everything within our power (and budget) to protect this data from unauthorized access. But how do you know that your security is working? How can you be sure that hackers, also called “Threat Agents,” aren’t able to bypass your security controls and access your confidential information? We can gain more confidence in our security policies and controls by changing our perspective. This requires thinking like a hacker.Read more
A major component of IT security is determining who is allowed into your structure, both physically and logically, and what they do once they have gained access. Access control determines who has how much access. To get control, organizations must lock down their systems, including hosts, networks, applications, data stores, and data flows.Read more
Nearly everyone has received an e-mail with an urgent subject line such as “Verify your account information immediately or your account will be suspended!,” when the goal is just for some phisher to get your social security number, PIN, bank account.Read more
According to the Defense Information Systems Agency (DISA) the CompTIA Advanced Security Practitioner (CASP) is now 8570.1 approved. That’s good news for anyone looking for an alternative to what’s currently on the list for IAT level III and IAM level II security certification compliance.
CompTIA’s CASP certification is one of the newest security certifications and is designed for security professionals that have a minimum of 10 years hands-on experience in IT administration and at least five years of hands-on technical experience. What I like about the certification is that it’s a challenging certification that requires candidates to have hands-on experience with multiple security and networking technologies. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent certification.Read more