There's been a lot of buzz in recent months regarding the new US Securities and Exchange Commission (SEC) cybersecurity ruling involving incident resporting. Check out the following resources I created for the folks at web application and API vulnerability scanning vendor Probely. We help you cut through the noise and understand what really matters in the context of incident reporting/response and, especially, its impact on overall application security. SEC Cybersecurity ...
Continue Reading...I was recently surprised to find out about this new book - Cybersecurity All-In-One For Dummies - that much of my Hacking For Dummies content is featured in. The following chapters from my book are included: Introduction to Vulnerability and Penetration Testing Cracking the Hacker Mindset Developing Your Security Testing Plan Hacking methodology Information Gathering Social Engineering Physical Security With all the other content included, this book is a very ...
Continue Reading...Here are some new pieces I've recently written that you may be interested in...big things in security we need to have on our radar: Six Security Flaws on Your Network Right NowFind the Most Flaws By Balancing Automated Scans with Manual AnalysisCompliance is just the beginningNew and not-so-new security twists in the Cybersecurity Act of 2012Enjoy!Be sure to check out www.principlelogic.com/resources.html for links to all of my information security whitepapers, ...
Continue Reading...Here are a couple of #cybersecurity pieces I authored for TechTarget's SearchCompliance.com regarding the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as a National Asset Act of 2010 (Senate Bill 3480):Why the Cybersecurity Act is better for government than businessIs the latest cybersecurity bill an Internet takeover by the fed?You know how I am about government growth and its intrusion into the free market. ...
Continue Reading...You may already know how I feel about our out of control government. Well here's a new piece I wrote about the Cybersecurity Act of 2009 - legislation that'll make your head spin.Why the Cybersecurity Act is better for government than businessIn subsequent edits to this article I had added some material on the new Lieberman-Carper-Collins legislation Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Senate Bill 3480) ...
Continue Reading...I just finished a new article on the Cybersecurity Act of 2009 (a.k.a. Rockefeller-Snowe Cybersecurity Act or S. 773) and the equally scary Protecting Cyberspace as a National Asset Act of 2010 (a.k.a. Lieberman-Carper-Collins or S. 3480).Goodness gracious folks. Have you read these pieces of legislation yet? Are you tracking what's going on?There's some serious government control headed our way if we sit back at let politicians force these policies ...
Continue Reading...My rising from the ashes moment... Just a few weeks ago, I had the opportunity to serve as a keynote speaker to hundreds of people at the TribalNet conference in Las Vegas, NV. What a show! Great people. Super well-run event. 👍 This wasn't just any speaking engagement for me, though...Three years ago, I was one notch above being bedridden...most of the time. I was experiencing pain and dozens and ...
Continue Reading...Just when you think most people understand the basics of security, along comes a story like the following: Sources: College helmet communications on unencrypted frequencies Really!? All those efforts that coaches go to covering their mouths with their play cards...then this. According to the ESPN piece, execs for the SEC, Big 12, Big Ten and ACC have worked with GSC, the manufacturer of these coach to player communication systems, to ...
Continue Reading...You've likely heard the news about security cameras being vulnerable to exploits like what was covered in this piece: https://threatpost.com/breach-verkada-security-camera-tesla-cloudflare/164635/ I feel like I'm always talking in circles when it comes to security...stop repeating history, focus on the basics, do what you know needs to be done...It's especially true for vulnerabilities in network security cameras. A little over nine years ago I wrote about this problem with cameras that I ...
Continue Reading...One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...
Continue Reading...