-
-
Subscribe by Email
Categories
-
Recent Posts
Archives
Category Archives: Information Security
Don’t Let Your Helpdesk Help the Wrong People!
Here’s a blog post by Simon Herring of Ubersecure which describes how (during an authorized penetration test) he was able to “persuade” a helpdesk agent of a large company to reset his password by pretending to be a salesman in … Continue reading
Posted in Education, Information Security
Leave a comment
Requesting Your Suggestions for Cosaint’s 2011 Refresher Training Course
In a blog post last year – The Second Year and Beyond – I described how we recommend the use of a refresher course to fulfill the annual training requirement of regulations such as HIPAA, GLBA, PCI DSS … Using … Continue reading
Posted in Education, Information Security
Leave a comment
Not Enough Time – 5 Reasons Why Security Awareness Training Programs Fail – Part 4
I’ve seen a number of security awareness training programs run into problems when the designers of the program didn’t take into account the limited time that students have. Here are some things to think about when planning your program.
Posted in Education, Information Security
Leave a comment
Too Expensive – 5 Reasons Why Security Awareness Training Programs Fail – Part 3
You have the right subject matter, and a sound plan for presenting your materials. But, like it or not, cost is a major consideration when putting a security awareness training program in place. Initial price is often the thing people … Continue reading
Posted in Education, Information Security
Leave a comment
‘Tis the Season for … Hoaxes and Scams
It’s that time of year again – when fraudulent and nuisance emails, and online hoaxes and scams start making the rounds even more quickly than usual. Sophos has posted a warning about one such hoax spreading rapidly on Facebook where … Continue reading
Posted in Education, Information Security
Leave a comment
Facebook Security
If you’re concerned about security and privacy on Facebook (and you should be), go to the official Facebook security page and click on ‘Like’ to receive updates and suggestions about how to protect your personal information. Here’s the link: http://www.facebook.com/security … Continue reading
Posted in Information Security
Leave a comment
SSL All The Time? Secure Web Application Development
Paul Ducklin at Sophos has published a very nice review article discussing why web applications which use SSL (encrypted) connections for login processing should use SSL throughout the application, and shouldn’t revert to unencrypted connections once the user has been … Continue reading
Posted in Information Security
Leave a comment
Why You Need a Strong Password for Your Cell Phone
You don’t store any confidential information or account numbers or your Social Security number on your phone – you just use it for calling, text messaging, and sending and receiving emails. You don’t even browse the Internet, and you certainly … Continue reading
Posted in Information Security
Leave a comment
The Duhs of Security – A Free Security Awareness Video
The Commonwealth of Virginia posted a nice security awareness video to YouTube. The video makes good use of humor incorporating impressions of celebrities (Arnold Schwarzenegger, Jack Nicholson …) but it doesn’t distract from the content. You could send out the … Continue reading
Posted in Education, Information Security
Leave a comment
‘Who’s Viewed Me?’ on Facebook
People keep falling for this one, so it’s worth reminding them – there isn’t a way to see who’s viewed your profile on Facebook, and any application that offers to do this for you is a scam. In fact, Facebook … Continue reading
Posted in Information Security
Leave a comment