July 2026 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
XKCD Explains Heartbleed
Posted in Security Blog
Tagged 2014, Heartbleed, Information Technology Security Awareness, xkcd
Comments Off on XKCD Explains Heartbleed
Phoenix ISSA Q2 Meeting
I went to the Phoenix ISSA meeting today, saw some people I used to work with, and also had a short refresher in PCI and got a few good tips on where to look for creating a MDM solution that works with BYOD.
Prior to the meeting officially kicking off, we were educated a little on the HeartBleed Bug. Before logging into a website, check out this website by Filippo Varsoda. http://filippo.io/Heartbleed/
A good resource is the Ponemon Institute for figuring out costs for breaches, which is pretty essential when creating a quantitative risk and somewhat needed when looking at a qualitative risk.
Another good resource is the NIST 800-124 Guidelines for Managing the Security of Mobile Devices in the Enterprise (pdf).
And of course, I would be remiss if I didn’t include the ISO 27000.
Aside from all that good information, I got some CPE credits.
Sometimes I’m not a big fan of vendor presentations, but since they help pay for food and keep membership fees and guest fees affordable, I tolerate. I really like speakers who are passionate about what they are talking about. There was a gentleman from ECTrust and he was enjoyable to listen to.
The Nano UAV, Black Hornet PD100
This is the future tool for the military. I predict that very soon, drones will be part of every type of business. Some businesses such as insurance, use drones to assess damage to roofs, sending the video feeds to claims adjusters. I bet parking lots will be monitored by drones with cameras and probably hallways of buildings.
The Art of Cyberwar
This was a great presentation at the DefCon 20, tying together CyberWarfare and Sun Tzu’s Art of War.. Sun Tzu was a Chinese military general, strategist, and philosopher. The gentleman presenting is Dr. Kenneth Geers, an NCIS Cyber Subject Matter Expert.
Posted in Security Blog
Tagged 2014, art of war, cyberthreat, cyberwarfare, security
Comments Off on The Art of Cyberwar
Interactive Cyber Threat Map
The Kapersky Cyberthreat real-time map is pretty flashy.
Posted in Security Blog
Tagged 2014, cyberthreat, detection, kapersky, map, monitoring
Comments Off on Interactive Cyber Threat Map
Security for IoT
A good awareness video in regards to the Internet of Things.
Posted in Security Blog
Tagged 2014, awareness, information security, Information Technology Security Awareness, Internet of Things, Security Awareness
Comments Off on Security for IoT
What’s New with PCI DSS 3.0
Posted in Security Blog
Tagged 2014, compliance, infographic, PCI Compliance
Comments Off on What’s New with PCI DSS 3.0
Top 20 Critical Security Controls
You know, I really dig SANS for putting things together. On their page called Critical Security Controls for Effective Cyber Defense, they list the top 20 critical security controls.
I’m actually amazed at how quite a few companies do not place high emphasis on some of these. I worked for one company that thought security was ONLY having anti-virus.
Each of these security control links tell you why the control is critical, how to implement the control, procedures and tools, effectiveness metrics, automation metrics, effectiveness test, and diagraming it out for documentation of your implementation. It is nearly foolproof. That being said doesn’t mean every place has a budget for this. I was in a conference today where I heard that socializing the concept will allow for better adoption, which can be used with executive management to drive the point of securing funding for complete implementation and maintenance.
- 1: Inventory of Authorized and Unauthorized Devices
- 2: Inventory of Authorized and Unauthorized Software
- 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- 4: Continuous Vulnerability Assessment and Remediation
- 5: Malware Defenses
- 6: Application Software Security
- 7: Wireless Access Control
- 8: Data Recovery Capability
- 9: Security Skills Assessment and Appropriate Training to Fill Gaps
- 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- 11: Limitation and Control of Network Ports, Protocols, and Services
- 12: Controlled Use of Administrative Privileges
- 13: Boundary Defense
- 14: Maintenance, Monitoring, and Analysis of Audit Logs
- 15: Controlled Access Based on the Need to Know
- 16: Account Monitoring and Control
- 17: Data Protection
- 18: Incident Response and Management
- 19: Secure Network Engineering
- 20: Penetration Tests and Red Team Exercises
Posted in Security Blog
Tagged 2014, critical security controls, diagram, implementation, maintenance, sans, top 20
Comments Off on Top 20 Critical Security Controls





