“30 minutes or less to a better security program.  Online webinars and training from US Department of Defense – Defense Security Service.”

CDSE Webinars.

Thanks to the DOD

Encryption is coming.  Google’s recent backtracking from their announcement that Lollipop would use full disk encryption is proof – not that it is here, but that major device vendors understand the relationship between encryption and personal security.

Google quietly backs away from encrypting new Lollipop devices by default [Updated] | Ars Technica.

Thanks to HD Moore abd Ars Technica

“Formerly the exclusive domain of IT, information security is now a mainstream issue, as major retailers and government agencies have suffered data breaches, denials of service and destructive intrusions. Millions of individuals have been affected, and organizations are now forced to devote more resources to prevention and remediation. Everyone in the information chain, from consumers to CEOs, has become acutely aware of the hazards of failing to protect information.”

The theme of the first quarter of 2015 seems to be Information security and who carries the responsibility for providing it to Internet users.  Last year’s breaches continue to remind us that our Identity and Internet security are ALWAYS at risk.  But until we get breached, hacked, or have our identity stolen, we still don’t pay attention.


via Information security goes mainstream – KMWorld Magazine.

 Thanks to KMWorld Magazine


For those of you who don’t know that there are actual rules and policies that govern the organization and implementation of security policies within large organizations, let me introduce ISO 27001.

Now, mind you, these policies and their implementation don’t guarantee that any large organization will be able to prevent or eliminate breaches, intrusions, or compromises of their data.  But they do go a long way toward improving the information and data security climate.

Information Security Policy – How to structure the document(s) | 27001Academy.

Thanks to 27001 Academy

Passwords continue to be the least secure point of entry into any of the computing devices that we use.  The two biggest problems are the use of simplistic, easily predictable passwords like 123456 and asdfgh and the “cookies” on devices that store passwords in plain text just waiting for a sneak attack.

So the White House goal is enviable, but we are waiting patiently to hear the remedy.

White House goal: Kill the password | TheHill.

Thanks to The Hill

If you’ve got nothing to hide, then why are you worried about being surveilled?  Is it the principle of the thing?  Stubborness? Or just plain immorality?

“The use of CloudFlare worries some who feel it increases the likelihood of Pirate Bay users being surveilled. Which obviously won’t be a problem for the overwhelming majority of users who use it to access free content or Linux distributions and have nothing to hide.”


via Pirate Bay data now tugged by IP-address-tracking current • The Register.

Thanks to The Register – UK

The point is that common/casual attacks (on your computer, network, smartphone, home network) can be prevented by all of us. The second point is that targeted attacks – that is if you have digital assets worth stealing or compromising – are extremely difficult and expensive to prevent.  But there are early warning and post attack tools that will help you minimize the damage – usually.

And if you are Home Depot of Target or Sony, you already have discovered – the hard way – the essence of this post.

Defeat The Casual Attacker First!!.

Thanks to Anton Chuvakin and InfoSec Island

We consumers and Internet users are doing precious little to protect ourselves beyond using the protections that come by default on our devices and within the applications we choose.  So it makes perfect sense to require the custodians of our information, data, and money to require a high standard for them.  But the costs of insurance will just be passed on to us and by lowering the financial risk to the institutions themselves, they might be lulled into a false sense of security rather than increased diligence.

Will Banks Be Required to Have Cyber-Insurance?.

Thanks to BankInfo Security

Post Navigation