You can learn alot by watching people. I had breakfast this morning and was stunned to overhear someone on their cell phone give the administrative login credentials for the company website to someone else. They also very carefully spelled out the entire URL to the login page. If I were not trustworthy, I could log [...]
I don’t know if your memory is like mine, but sometimes I cannot remember what happened last week. Do you remember each and every information security exposure that is found? Several years ago I started keeping a Risk Register. This is very similar to the checkbook register that we all keep. When I find a [...]
Are Facebook and Privacy mutually exclusive? Take a read of this article from Sophos. Simple Facebook flaw put all members at risk of identity theft A flaw has existed in the Facebook security model that has allowed access to private information in a member’s “Basic Information” page. The reminder cannot be made often enough… Be [...]
Continue reading about From Sophos: Simple Facebook flaw put all members at risk of identity theft
The final commonly held element of good Defense in Depth is Operations. I say “commonly held” because various authors make additions to the list of People, Technology and Operations. For a functioning description, consider Operations to be the tasks required to maintain a desired level of security. It is easy to get bogged down thinking [...]
Any Defense In Depth strategy requires a technology component. Yes, we’ve already seen that people play an important role, but technology is used where consistency and repeatability are needed. You could have someone assigned to capture and analyze every packet that is aimed toward your your network, but they wouldn’t be able to do this [...]
