Circles are Bad. OVAL is Good.
In information assurance, it is critical to have the best reporting about your vulnerabilities. Vulnerabilities, as you may recall from an earlier blog, are software flaws that may leave a system open to exploitation. There are tools that help identify and assess vulnerabilities. They are called vulnerability scanners, or VA tools. These are tools designed […]
Can You Get Cyber Insurance for Cloud Computing?
A recent Business Insurance article addressed the applicability of cyber risk insurance to cloud computing. The article concludes that existing cybersecurity insurance policies are generally written in language broad enough to include cloud services under the category of outsourcing. Cybersecurity insurance is an important thing to consider, because cloud providers accept little to no liability. […]
Internet Crime Help From Uncle Sam
One of the more interesting places to get information about crime on the Internet is the Internet Crime Complaint Center at www.ic3.gov. According to their site the IC3 “was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive […]
Will My Cloud Provider Read My Data?
In my last blog post, I explained how you can verify that Amazon cloud storage is zeroized before being redeployed for the next user. But what about the cloud provider browsing through your data? After all, it’s stored on their hardware in their facility, so they have physical access plus the ability to interact with […]
Social Engineering on Father’s Day
Social engineering is a powerful tool. But, it is tough art to practice. It’s fun and interesting to read about it. But, what if you wanted to experience first-hand how it works? You can’t just waltz into some establishment and run a con game. Sending phishing or spearphishing emails to friends will not endear you […]