ADS BY GOOGLE
From the Blogosphere

No matter what facet of information security you're in, from being the CISO down to just installing security patches and keeping up to date, there will probably be a point where you need to see the details of a hack. Maybe it's because you need to fingerprint what it does or how it act...
The human element has always played a role in security, cyber or otherwise. Growing up in Rhode Island, we used to always leave the keys in the ignition of the vehicles parked in our driveway. We felt safe were we lived – and granted, we lived in a rural area so the main crimes commi...
The same long-life availability and design excellence that Trenton has long been famous for in single board computers and backplanes now comes in an embedded motherboard form factor. Trenton’s WTM7026 is an SSI-EEB or Extended ATX motherboard with dual Intel® Xeon® processors 5600 seri...
When it comes to SharePoint deployments, I try to automate everything I can. I don’t like manual steps especially when it comes to setting up security. A common task when deploying any sites is setting up security in some manner. Today I am going to cover how to easily store definit...

“Security” concerns continue to top every cloud computing related survey. This could be because, well, CIOs and organizations in general are concerned about security. It could be because the broader question of control over the infrastructure – including security – is never proffere...

The current threat level is … the same as it was yesterday, and the day before, and will be tomorrow. We’ve all been in the airport before and heard the announcement. “The current threat level is orange. Blah blah blah blah yada yada whatever.” At least that’s what I hear today becaus...
When it comes to my technical expertise in IT security, I’m generally familiar enough to know I should not pretend to be an expert. However, that has not kept me from getting a lot of valuable insight at the RSA conference this week. RSA has provided me the opportunity to hear a lot ab...
Almost every day now, there seems to be a report about some ‘important’ system getting breached or some credit cards/identities being stolen or insecure infrastructures getting exposed with schools, universities, municipalities, states and even entire countries being the latest victims...
Some good news on the issue of security in the cloud. First, CA, Inc., has just joined the Cloud Security Alliance as a corporate member to help establish and promote best practices for security in cloud computing. The CSA is a non-profit organization formed to promote the use of be...
Certainly, users need to be extra vigilant when receiving suspicious emails with ‘Click Here:' boldly pronounced and organizations need to realize that their systems will be poked, prodded and tapped even more this year. On the web facing front, deploying a Web Application Firewall, l...
A couple of recent surveys reveal that for 2010, Security is back at the top of IT’s focus. It seemed for a while there that Cloud Computing was starring in most questionnaires that asked about future IT spending plans. If you remember, Security was still riding shot-gun slamming ...
Several specific and new requirements have been given to the national security community as part of the White House review of security and intelligence systems following the attempted terrorist attack on Christmas day. Collection, processing, organization, and dissemination of info...
Yesterday we started getting floods of malware alerts for machines on many different networks that we manage going out to a site that was identified a while ago for MS08-067 type activity. So we did our due diligence and notified our clients that we were seeing this traffic attempting ...
In the midst of the 1990's economic bubble, Alan Greenspan once famously referred to all the excitement in the market as Irrational exuberance. Similarly in today's cloud computing market a lot of the discussions seem to be driven by a new set of irrational expectations. The exp...
Frankly I’ve grown weary of the debates over the security of cloud computing. It’s not that I don’t appreciate that there are technical hurdles in front of us, but we have reached a point that a security vulnerability in a single offering, whether that offering is in the public or priv...
Here I am at ShmooCon 2010 right in the middle of what people here in Washington DC are calling Snowpocalypse 2010. The Metro, busses, and taxis are all closed down and essentially the city has shut down. Being from Cleveland I find it a little lau...
BriefingDirect assembled a panel this week to examine the need for IT security to run more like a data-driven science, rather than a mysterious art form. It turns out, rigorously applying data and metrics to security can dramatically improve IT results and reduce overall risk to the bu...
Today on Federal Executive Forum, Dave Wennergren, Deputy CIO, Office of the Secretary of Defense, shared his views on secure information sharing.



Mr. David M. Wennergren serves as the ...
Security is always top of mind for CIOs and CSOs when considering a cloud deployment. An earlier post described the main security challenges companies face in moving applications to the cloud and how CloudSwitch technology simplifies the process. In this post, I’d like to dig a little ...
We interview David Foote, CEO and chief research officer at Foote Partners on the IT job landscape for 2010, and gain his findings of where the recession has taken IT hiring and where the recovery will shape up. The latest BriefingsDirect Analyst Insights Edition, Volume 48, centers on...
Most enterprise technologists should see a continued payoff of the hard work in planning, architecture, documentation, development and configuration work that has been occurring over the last several years.  Enterprise technologists were building Service Oriented Architectures (SOA) lo...
Atlanta-based SecureWorks malware expert Joe Stewart says the main program used to hack Google and 30 other major companies and open a back door in their systems traces back to an unusual algorithm for error-checking transmitted data that appeared in a Chinese-authored technical paper ...
I almost didn't see a need to write this post. Most CTOvision.com readers, I believe, are technically savvy folks who are already avid readers of security and technology news.   But you are also a very busy bunch and some of you might not have gotten the word yet.  And I thought some o...
By now most of you have probably heard about the GoogleHack in China. Yesterday Google's Chief Legal Officer David Drummond wrote in a blog post that indicated the accounts of dozens of Gmail users in the U.S., Europe and China who are advocates of human rights in China were routine...

In the wake of Google’s revelation that its GMail service had been repeatedly attacked over the past year the search engine goliath announce...

Recently I’ve been faced with a very difficult type of question, and it isn’t even technical. No, it’s not the typical ‘How do you find a buffer overflow?’ or ‘Can you write me code entirely in assembly in 20 minutes?’ It’s much more difficult to answer. It’s answer, to many people, ma...
Sometimes it is important to reflect back on activities and achievements of the past year in order to focus on the road ahead. 2009 was a year full of “firsts” and exciting announcements for GoGrid and I thought that I would quickly summarize and highlight a some blog posts of interest...

Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to secure the application it also ma...

In an announcement on its web site, epic.org, the Electronic Privacy Information Center has sued the US Government over the use of "devices that capture images of individuals stripped naked." The Transportation Security Agency has confirmed that the Body Imaging devices, which are part...
Information Technology in the federal enterprise does not work like it does in Hollywood. Although there are plenty of success stories to go around, federal IT is more limited and constrained than we would all want, for lots of reasons. Some of the reasons are just do to complexities a...
OWASP AppSec DC 2009 had a compelling session that defined cloud taxonomies and the security implications associated with the cloud computing. Set of virtualized components that can be assembled to build a application. Amazon EC2, Rackspace, Opsource, and GoGrid are examples of IaaS w...
Security has been on the forefront of discussion in the technology community as being the primary concern gating enterprise adoption of cloud computing. Although this is a valid concern, most cloud providers, owing to the security demands of maintaining a multi-tenant infrastructure, p...
I really don’t have any problems with Facebook whatsoever since I don’t really use it in any meaningful way (can it be used in such a way at all?). But that does not mean that Facebook does not have some serius security problems. In fact I could write a book about them if I could find ...
Once a company has identified the business value of systems and data, they typically assign a risk value to losing those. This typically sets the wheels in motion to get a backup system in place. Backup, the very first step in Disaster Recovery and Business Continuity planning, is the ...
MIT Technogy review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing.  Some of the interesting points in this article include the cloud security threat is across two related dimensio...
Integration is the Enemy of Security and so is Flexibility - an attribute that is essential for organizations to survive.  A corporation that cannot service its customers and suppliers, establish long sticky relationships with them and build an
Think giants of commerce and names like Amazon, Walmart and Expedia come up. Now, think how much those giants depend on the huge cloud computing infrastructure to be secure and reliable to keep their businesses running and in shape. So, if you’re an IT person, you can imagine how serio...
Aloha and welcome to the post-blog report.  Over the last 5 months, I’ve been writing a blog series called, 26 Short Topics about Security and wanted to share some observations.  First, I went about this since there are so many IT challenges when it comes to security and it’s...
Have you ever googled „information security strategy“? Try it yourself and see the results. What you get is bunch of mixed-up terminology, most of it does not (should not) fit into what information security strategy really is (or should be). Major misconception is this – information st...
According to wikipedia, information security means „protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction“. Another definition could be – „managing the process of mitigating (transfering, reducing, avoiding) u...


ADS BY GOOGLE