CSO Blogs -

Application Security: The Battle Plan

David Schekaiban — Tue, 26 May 2009 09:07:35 -0400

Application Security: The Battle Plan

by David Schekaiban

The importance of using the correct platform for your applications
Trojan infected ATMs were discovered on Eastern Europe this year, first in Russia and later this month same problems were spotted in other cities.
The Infamous Admin Rights
Either you are in charge of a small business or part of the IT group with networks consisting of hundreds of servers, you face some similarities in certain areas of the business structure, one of them
A Closer Look to Microsoft's IIS WebDAV Vulnerability
Just weeks ago, on May 18th, Microsoft released their Security Advisory 971492 (1), on the vulnerability regarding Internet Information Services, which is Microsoft web server solution.

» read more

The CISO Perspective

Ed Bellis — Tue, 26 May 2009 09:04:58 -0400

The CISO Perspective

by Ed Bellis

Crowdsourcing Payment Security
In my inaugural post to this blog, I wrote about many of the religious wars that break out today regarding payment security and specifically PCI.
OpenID Publishes Security Best Practices
A set of security best practices were recently published via wiki for users, providers, and relying parties of OpenID.
Our Need For Security Intelligence
No I am not speaking of military intelligence, but rather, business intelligence within a security context.

» read more

Forrester Research Blog

Forrester Research — Tue, 26 May 2009 09:02:28 -0400

Forrester Research Blog

by Forrester Research

Securing Google's Chrome OS
By Andrew Jaquith
And The Results Are In... The Forrester Enterprise GRC Platform Wave 2009
By Chris McClean
TSA’s Muddy Response To The Clear Shutdown
By Andrew Jaquith

» read more

Attack Points

Ivan Arce — Tue, 26 May 2009 09:01:07 -0400

Attack Points

by Ivan Arce

June’s Patching Inferno
The month is over, patching is past and we are not saved. June 2009 may have been one of the busiest months of the year for information security officers with patch and vulnerability management oversight
A Race To The Silicon
Addressing the emerging threat of low-level hardware attacks. How would you do it?

» read more

Walking the Ramparts

John Tierney — Tue, 26 May 2009 08:58:06 -0400

Walking the Ramparts

by John Tierney

Building A Culture of Preparedness
How much is your organization doing to prepare personnel for emergencies?
Why Don't You Take Care of That?
I’ll begin my blog here on CSO with this quick introduction and then I’ll dive in. My background has encompassed more than 25 years in information systems and security. Wait, are you reading the right blog, here?

» read more

Security Paradigms

Steven Fox — Fri, 19 Sep 2008 08:13:53 -0400

Security Paradigms

by Steven Fox

NetWitness's Amit Yoran comments on The Art of War
Amit Yoran, Chairman and CEO of NetWitness, discusses the parallel's between the information security business and Sun Tzu's The Art of War. He comments on the Cyberspace Review, the conditions for victory in a cyber conflict, cyber espionage, the leadership attributes needed by the modern enterprise.
The Art of CIO Success
A June 3rd, 2009 Midwest Technology Leaders panel discussion explored the attributes critical to landing a CIO job. Interestingly, Sun Tzu attributed many of these qualities to the leader of an army – The General.
Countering Auditor Deception
A cross-industry survey of 150 IT managers and technical staff showed that 20% of that population either admitted to cheating on an IT audit or knew someone that did. This blog post explores some basic ways to detect these attempts at auditor deception.

» read more

Olzak on Business Continuity

Tom Olzak — Thu, 18 Sep 2008 19:43:39 -0400

Olzak on Business Continuity

by Tom Olzak

Open door? Game over.
Meet Henry, whose exploits prove that all the technical security controls in the world will not protect your business from an attacker who gains physical access to your network.
Tone Resonates Throughout an Organization: Be Sure It's the Right Note
When executives say the right things and act in ways which show clear support for security, then they are setting the right tone for the organization.
Server Virtualization and Control Contexts
Keep your data safe in a dynamic datacenter.

» read more

Security Blanket

Robert McMillan — Thu, 31 Jul 2008 05:45:06 -0400

Security Blanket

by Robert McMillan

US Bank knocked offline by DDOS attack that hit US, South Korea
Web site uptime monitoring service Pingdom says US Bank was knocked offline by the DDOS attack that hit US and South Korean Web sites this week.
List of US, South Korean sites targeted in ongoing DDOS
A Korean blogger has analyzed the malware behind an ongoing DDOS attack that took down US and South Korean government sites this week.
Online attack hits US government Web sites
Nobody knows who's behind a powerful DDOS attack that took down the FTC's Web site and hit other government and business sites in the U.S. and South Korea.

» read more

The Brave New World of InfoSec

Jeff Bardin — Thu, 31 Jul 2008 04:59:46 -0400

The Brave New World of InfoSec - Treadstone 71

by Jeff Bardin

Abu Mansoor Al-Amriki
“Were we meant to believe that the twin towers were massively huge daycare centers and maternity wards?”
Adam Perlman - Jew, Christian, Muslim - Terrorist
Gadahn, a 'reformed' heavy metal rocker has perfected his Arabic over the years
FTP - Full Time Permanent loss of data
Using FTP at the edge continues to enhance reputations

» read more

Lohrmann On GovSpace

Dan Lohrmann — Thu, 31 Jul 2008 03:51:56 -0400

Lohrmann on GovSpace

by Dan Lohrmann

Hacking Power: Feds Promise Smart Grid Security
My first exposure to "back doors" on computers came from watching the movie "War Games." It was 1983, and I was a computer science major at Valparaiso University. I still remember two of the taglines: "The only winning move is not to play." Or, "Is it a game, or is it real?" Get ready for new movies highlighting smart teenagers hacking into your local power grid.
Watch Your Language: Rebuilding The Case for Cybersecurity
Bottom line, with all of the ID Theft, fraud and hacker stories, why are they cutting my security budget? Gaining executive support for cybersecurity requires us to use the same words that our leaders use.
The Next Chief Risk Officer: Are You Sure?
What are the top ten business risks around the world? Aon Corporation worked with leading organizations in more than 40 countries across 31 industries late last year to answer that question. I think the results will surprise most CSOs and CISOs. More than that, your career plans may be impacted.

» read more