Comments for True Insight http://www.truedigitalsecurity.com/blog Information Security in Today's Digital Culture Fri, 14 Oct 2011 20:40:41 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Comment on Interesting Insights from the Latest MSIR by MSIR Indicates Users Are Weak Link in Computer Security - True Insight http://www.truedigitalsecurity.com/blog/2011/10/12/interesting-insights-from-the-latest-microsoft-security-intelligence-report/comment-page-1/#comment-92 MSIR Indicates Users Are Weak Link in Computer Security - True Insight Fri, 14 Oct 2011 20:40:41 +0000 http://www.truedigitalsecurity.com/blog/?p=786#comment-92 [...] by Brett Edgar in Microsoft | Security | Security Awareness & Training In my previous two blog posts, we looked at the insights and interesting findings contained within the latest Microsoft [...] [...] by Brett Edgar in Microsoft | Security | Security Awareness & Training In my previous two blog posts, we looked at the insights and interesting findings contained within the latest Microsoft [...]

]]> Comment on Interesting Insights from the Latest MSIR by More Insights from the MSIR - True Insight http://www.truedigitalsecurity.com/blog/2011/10/12/interesting-insights-from-the-latest-microsoft-security-intelligence-report/comment-page-1/#comment-91 More Insights from the MSIR - True Insight Thu, 13 Oct 2011 20:54:18 +0000 http://www.truedigitalsecurity.com/blog/?p=786#comment-91 [...] Insights from the MSIR October 13th, 2011 | Posted by Brett Edgar in Microsoft | Security In yesterday’s article I detailed some interesting results from the latest Microsoft Security Intelligence Report from the [...] [...] Insights from the MSIR October 13th, 2011 | Posted by Brett Edgar in Microsoft | Security In yesterday’s article I detailed some interesting results from the latest Microsoft Security Intelligence Report from the [...]

]]> Comment on IT GRC, The Story – How do you do it? – Part 1 by Adhope13 http://www.truedigitalsecurity.com/blog/2011/08/19/it-grc-the-story-how-do-you-do-it-part-1/comment-page-1/#comment-52 Adhope13 Mon, 22 Aug 2011 22:07:00 +0000 http://www.truedigitalsecurity.com/blog/?p=503#comment-52 A phased approach is a great technique for change in an organization. I used to work as a business process consultant at a telcom company and re-engineering the organization was constant change, but the phased approach with buy in from top to bottom is the way to go. Keep on top of the changes and throttle up or down based on input from the users. Tommy has this down, just allow time for it to sink in and let change become the norm. Nice blog, Tommy, now get Part two published. A phased approach is a great technique for change in an organization. I used to work as a business process consultant at a telcom company and re-engineering the organization was constant change, but the phased approach with buy in from top to bottom is the way to go. Keep on top of the changes and throttle up or down based on input from the users. Tommy has this down, just allow time for it to sink in and let change become the norm. Nice blog, Tommy, now get Part two published.

]]> Comment on Picking on the Little Guy by Jdawkins http://www.truedigitalsecurity.com/blog/2011/08/17/picking-on-the-little-guy/comment-page-1/#comment-48 Jdawkins Wed, 17 Aug 2011 15:22:00 +0000 http://www.truedigitalsecurity.com/blog/?p=492#comment-48 It seems that all we hear about is big information security breaches. Breaches like Sony and RSA, but are those the norm or anomalies? This article is an interesting read. While this threat stretches beyond just credit cards, it is many times the easiest example of the problem. I often find that smaller merchants don’t fully understand the extent of the threat. They are using virtual terminals (websites to process credit cards) or a point of sale system that is “PCI Compliant.” They claim they don’t retain credit card numbers so this threat doesn’t impact them. In reality they are the target! Just because a system is “PCI Compliant” does not mean the merchant has secured the system appropriately. Even technical employees fail to fully understand the various attack vectors hackers take to steal information. How then can a small business owner take control of their environment? It’s not an easy solution. Unfortunately, hiring a security firm can be expensive and outside a small business budget. What I hate hearing is highlighted in the article: “The cyber attack "cost me my dream," says Mr. Griffith, 47 years old.” Large or small, the threat is real. It seems that all we hear about is big information security breaches. Breaches like Sony and RSA, but are those the norm or anomalies? This article is an interesting read.

While this threat stretches beyond just credit cards, it is many times the easiest example of the problem. I often find that smaller merchants don’t fully understand the extent of the threat. They are using virtual terminals (websites to process credit cards) or a point of sale system that is “PCI Compliant.” They claim they don’t retain credit card numbers so this threat doesn’t impact them. In reality they are the target! Just because a system is “PCI Compliant” does not mean the merchant has secured the system appropriately. Even technical employees fail to fully understand the various attack vectors hackers take to steal information. How then can a small business owner take control of their environment? It’s not an easy solution. Unfortunately, hiring a security firm can be expensive and outside a small business budget.

What I hate hearing is highlighted in the article: “The cyber attack “cost me my dream,” says Mr. Griffith, 47 years old.”

Large or small, the threat is real.

]]> Comment on Solving the Verizon DBIR 2010 Cover Challenge by Solving the Verizon DBIR 2011 Cover Challenge … Again http://www.truedigitalsecurity.com/blog/2010/08/26/solving-verizon-dbir-2010-cover-challenge/comment-page-1/#comment-41 Solving the Verizon DBIR 2011 Cover Challenge … Again Thu, 28 Apr 2011 17:02:41 +0000 http://www.truedigitalsecurity.com/blog/?p=281#comment-41 [...] I solved this year’s challenge. If you are interested in last year’s solution check out my blog post from last [...] [...] I solved this year’s challenge. If you are interested in last year’s solution check out my blog post from last [...]

]]> Comment on Solving the Verizon DBIR 2010 Cover Challenge by Christopher Kunz http://www.truedigitalsecurity.com/blog/2010/08/26/solving-verizon-dbir-2010-cover-challenge/comment-page-1/#comment-17 Christopher Kunz Thu, 26 Aug 2010 22:16:15 +0000 http://www.truedigitalsecurity.com/blog/?p=281#comment-17 <strong>How to NOT solve the DBIR 2010 cover challenge...</strong> In a previous blog post, I had written about a couple of ideas for the DBIR cover challenge. Jan (a colleague from the DCSEC group of University of Hanover) and me finally solved the challenge today and I found out I HAD THE CORRECT SOLUTION FOR OVER A... How to NOT solve the DBIR 2010 cover challenge…

In a previous blog post, I had written about a couple of ideas for the DBIR cover challenge. Jan (a colleague from the DCSEC group of University of Hanover) and me finally solved the challenge today and I found out I HAD THE CORRECT SOLUTION FOR OVER A…

]]> Comment on New SDL templates for Visual Studio Team System by Microsoft’s banned functions | True Insight http://www.truedigitalsecurity.com/blog/2009/05/20/new-sdl-templates-for-visual-studio-team-system/comment-page-1/#comment-7 Microsoft’s banned functions | True Insight Thu, 21 May 2009 15:25:33 +0000 http://www.truedigitalsecurity.com/blog/?p=199#comment-7 [...] reading Michael’s earlier post about SDL, I started digging a bit deeper into Microsoft’s SDL documentation and came across [...] [...] reading Michael’s earlier post about SDL, I started digging a bit deeper into Microsoft’s SDL documentation and came across [...]

]]>