Blog
Delicious content for your skill-up pleasure.
Cybersecurity Insurance Basics
The Department of Homeland Security (DHS) defines cybersecurity insurance [1] as guaranteed coverage for a variety of cyber incidents. This topic can go pretty deep but this post will briefly cover cybersecurity insurance basics. The types of cyber incidents this...
Read moreEighty percent of the intrusions of your networks today can be handled by patches, anti-virus and user actions. We spend 90 percent of our time on the 80 percent of the issues that could be handled by good hygiene.
Brigadier General Paul Nakasone on Intrusions
Quote by Brigadier General Paul Nakasone, Deputy Commander, U.S. Army Cyber Command
Your Trolling Definition is Wrong
It's always good to keep your door open to constructive criticism when creating documents or anything else for that matter. Sometimes you get amazing feedback and sometimes you just get noise. I'm sure you've experienced both ends of the feedback spectrum. In the...
Read moreSecurity breaches usually entail more recovery efforts than acts of God. Unlike proverbial lightning, breaches of security can be counted on to strike twice unless the route of compromise has been shut off.
FedCIRC on Security Breaches
Quote by FedCIRC
Use Your Gift Card Before Your Waiter Does
Early this week I got a chance to use one of my Christmas presents, a $50 gift card to Outback Steakhouse. I shared dinner with someone special and the night went pretty smoothly. We got the bill for $46.39 and I handed our waiter the gift card. He returned the...
Read moreIf security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.
Dan Farmer on Too Much Emphasis on Security
Quote by Dan Farmer, System Administrators Guide to Cracking
Read more“Do I want to know why you’re so informed about spyware?” she asked. Nikolaos gave her a charming, dazzling smile. “No, my dear. You do not.”
Excerpt on Knowledge of Spyware from Persephone’s Orchard
Quote by Molly Ringle, Persephone’s Orchard
Exploring Regulated Information: PCI Data
PCI is the Payment Card Industry. The most common standard they provide is the PCI Data Security Standard (PCI DSS). The information this standard protects is considered PCI data. The basic premise is that all cardholder data and sensitive authentication data must be...
Read moreWe didn’t install the [Code Red] patch on those DMZ systems because they were only used for development and testing [Shortly after spending 48 hours straight removing Code Red worm from internal corporate servers in 2001].
Excerpt on Patching Development Systems from Secure Coding Principles and Practices
Quote by Anonymous client, Secure Coding Principles and Practices by Mark G. Graff & Kenneth R. van Wyk
Exploring Regulated Information: HIPAA Data
HIPAA is the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA data is the information that would be covered under this act. Under this act is Protected Health Information (PHI) and ePHI which is only allowed to be viewed...
Read moreThe methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won’t suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.
Kevin Mitnick on Importance of User Training and Education
Quote by Kevin Mitnick
Exploring Regulated Information: CJIS Data
Next in line for the Exploring Series is exploring regulated information. That is information that is governed by law and punishable by fines or other sanctions if there are data breaches or compliance issues. This is a measure to get organizations to protect data...
Merged Projects
Helping you study and earn IT and security certifications. Stick around for what comes next, the job!
You're your own best tech. Learn the basics of IT troubleshooting here.
Helping you raise your income when you're underpaid and underappreciated so you have more money to reinvest in yourself.