DoS, DDos and DeOS… Oh My!!

In the security industry, we classify our security infrastructure in a variety of ways. One important classification method is called the “CIA Triad,” which refers to three security objectives defined by the Federal Information Security Management Act (FISMA). These three objectives are Confidentiality, Integrity and Availability. The goal of any information security team is to protect against these three objectives, and the goal of an attacker is to compromise one or more of these objectives.

Read more

Top 10 Steps to Building a Better Password

While most folks not in the depths of your IT department have little involvement keeping your organization’s data under wraps, there are some best practices that even the least tech savvy among us can deploy. Apparently keystroke encryption, anti-malware products, and patch management are the keys to keeping big data safe these days. But a strong password is a great start, too.

Read more

How Thinking Like a Hacker Can Make You More Secure

Our computer systems and networks contain quite a bit of private and often very valuable data, and we do everything within our power (and budget) to protect this data from unauthorized access. But how do you know that your security is working? How can you be sure that hackers, also called “Threat Agents,” aren’t able to bypass your security controls and access your confidential information? We can gain more confidence in our security policies and controls by changing our perspective. This requires thinking like a hacker.

Read more

A Brief Look Into the Investment Economics of Cybersecurity

There has been a lot of discussion among chief information security officers (CISOs) about the “right number” to invest in cybersecurity. It’s a hot button topic with few signs of waning. Unfortunately, there is no hard and fast rule for this type of investment due to various factors. If only it were as simple as a percentage, dollar amount or range. Let’s take a closer look at why it’s hard to find a “magic number” for cybersecurity investment.

Read more