By Bob Gourley One of our CTOvision Pro subscribers requested we provide more context on web based and mobile application security and referenced the good work underway by OWASP. Over the next few weeks we will be publishing more on this topic, but wanted to start with an introduction to OWASP itse...
By John Scott Cyber has been called the ultimate team sport: CIOs, CTOs, SysAdmins, Software Developers, CISOs, threat teams, red teams, testing groups, etc. etc, but really should it be? It seems more like a jobs program that moves headcount from one part of the enterprise to the expensive nerdy-si...
By Katie Kennedy Every year for 19 Years Symantec has produced an Internet Security Threat Report, capturing insights which can inform defenses. Their April 2014 report has proven to be particularly insightful, foreshadowing many of the events seen from that month to today. For example, in 2012...
By Shannon Perry One of the simplest steps to bolstering cybersecurity is employing caution and complexity vis-à-vis passwords. Good passwords cannot be found in the dictionary; good passwords do not consist of only letters or only numbers; good passwords do not get shared with friends and family. ...
By George Romas Why does security have to be so onerous? Is this password secure enough: Mxyzptlk? Wait, that might be vulnerable to a comic book dictionary attack (bonus points for Superman fans), so let’s add some numbers and special characters: M4xyZ!ptL#K. Not bad, but suppose policy requires ...
By Albert Fruz Organizations are giving more priority to development of information security policies, as protecting their assets is one of the prominent things that needs to be considered. Lack of clarity in InfoSec policies can lead to catastrophic damages which cannot be recovered. So an organiza...
By Bob Gourley Editor’s note: I’ve referenced before my participation on the board of Centripetal Networks, and their ability to deliver large scale commercial solutions of MITRE’s IBIP are an area I am particularly proud of. – bg Over the last several years The MITRE Corporation has pub...
By Bob Gourley Widely known security practitioner Dave Schackleford is presenting a webinar on Thursday 15 may at 2pm Eastern that should be of high interest to any enterprise technologist seeking to understand the dynamics of the modern data breach. The following is from the invitation: You’re a ...