Welcome to Delicate template
Header
Just another WordPress site
Header

Interesting Insights from the Latest MSIR

October 12th, 2011 | Posted by Brett Edgar in Malware | Microsoft | Monitoring | Security | Security Awareness & Training - (2 Comments)

The latest Microsoft Security Intelligence Report (Volume 11) has been released and contains some interesting information that Microsoft has collected from the execution of its Malicious Software Removal Tool (MSRT) and Internet Explorer SmartScreen® data.  Several of the results confirm what those of us in the network security monitoring community already know: Java is the most often exploited application (page xvii), Adobe Acrobat exploits account for most malicious documents (page xviii), and Adware is the most common type of malware identified (page xx).  Microsoft also stated that over a third of malware detected could spread via the AutoRun feature on removable media or on network shares.  Updates exist that help make the AutoRun feature in XP and Vista more like the one in Windows 7, which is to say more secure.  Deploy those updates.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

,

BEAST: It’s What’s for Dinner

September 29th, 2011 | Posted by Brett Edgar in privacy | Security - (0 Comments)

For the past week, BEAST has been the talk of the InfoSec community.  BEAST stands for “Browser Exploit Against SSL/TLS” and is a new way to execute an attack against CBC mode encryption algorithms.  The attack has been theorized for quite some time (2006 seems to be about the time it became known), but until BEAST, an attacker had no practical way to execute the attack, and even with BEAST, the attack against CBC is still difficult to execute.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

IT GRC, The Story – How do you do it? – Part 2

September 8th, 2011 | Posted by Tommy Thompson in Compliance | IT GRC | Security - (0 Comments)

I was recently discussing IT GRC program implementation with the CIO of a growing, mid-sized software company when he presented the question, “But HOW do you do it?  I mean, how do you get employees to follow the rules in a GRC program?”  The following is the second part to my response to his question…Read more

Tommy Thompson

Tommy Thompson

Tommy Thompson is True's former Director of Program Development Services, specializing in IT GRC and security program initiatives. Tommy has implemented successful IT GRC programs from start to finish, gaining valuable experience and lessons learned to develop a proven, proprietary True IT GRC Framework Methodology used to guide clients to IT GRC success. Tommy has presented at multiple IT conferences; served as a Director of the Product Enhancement Committee for a leading GRC Platform software solution; and has consulted multiple Fortune 100 and 500 companies.

More Posts

, ,

PCI Vulnerability Scanning – External and Internal Views

September 3rd, 2011 | Posted by Brett Edgar in PCI | Security - (0 Comments)

Vulnerability scanning. Mention those two words, and your IT operations staff usually shudders. Conversely, your IT audit/security staff usually start doing a happy dance (I think those guys are sadists, like Steve Martin in Little Shop of Horrors.) Love it or hate it, vulnerability scanning is required by many compliance regimens. The PCI DSS states that you have to perform vulnerability scanning quarterly, and from both an external and internal perspective. If you follow the letter of the PCI law, that’s at least eight scans a year. I would like to posit that if you’re really doing PCI vulnerability scanning correctly, it’s more like a minimum of 12 scans each year, with 16 being the better number.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

,

True’s Executive Roundtable Event Held August 24th

August 31st, 2011 | Posted by Kayna Kelley in Compliance | Events | Security - (0 Comments)
True Executive Roundtable Event

TRUE’s latest event brought together a select group of industry thought leaders to discuss various aspects of risk management theories and principles as well as the metrics involved in executive-level decision-making.

Attendees benefited through open and candid exchange with peers on how risk impacted the various organizations. Participants conveyed how risk is defined within their respective companies and discussed quantitative vs. qualitative risk assessments and the concept of company-defined acceptable risk.Read more

Kayna Kelley

Kayna Kelley

Kayna Kelley is True's Marketing Manager and Technical Writer with responsibilities of managing True's marketing and sales support efforts. Kayna received her undergraduate and MBA degrees from Oklahoma State University and has rich experience promoting B2B technology companies.

More Posts

, , , ,