Let’s Get Physical
jun 27, 2012
Usually when we hear the term “cybersecurity” we think of things like passwords and firewalls. We seldom think of physical security. Yet physical security is just as critical or perhaps more than passwords or firewalls: A bad actor could likely compromise a system more easily if he or she had physical access. It is far […]
Circles are Bad. OVAL is Good.
jun 26, 2012
In information assurance, it is critical to have the best reporting about your vulnerabilities. Vulnerabilities, as you may recall from an earlier blog, are software flaws that may leave a system open to exploitation. There are tools that help identify and assess vulnerabilities. They are called vulnerability scanners, or VA tools. These are tools designed […]
Can You Get Cyber Insurance for Cloud Computing?
jun 25, 2012
A recent Business Insurance article addressed the applicability of cyber risk insurance to cloud computing. The article concludes that existing cybersecurity insurance policies are generally written in language broad enough to include cloud services under the category of outsourcing. Cybersecurity insurance is an important thing to consider, because cloud providers accept little to no liability. […]
Internet Crime Help From Uncle Sam
jun 20, 2012
One of the more interesting places to get information about crime on the Internet is the Internet Crime Complaint Center at www.ic3.gov. According to their site the IC3 “was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive […]
Will My Cloud Provider Read My Data?
jun 19, 2012
In my last blog post, I explained how you can verify that Amazon cloud storage is zeroized before being redeployed for the next user. But what about the cloud provider browsing through your data? After all, it’s stored on their hardware in their facility, so they have physical access plus the ability to interact with […]