Superior Integrity Monitoring: Getting Beyond Checkbox FIM
If File Integrity Monitoring (FIM) were easy, everyone would be doing it. Actually, it is pretty easy. It’s not exactly rocket science. Practically anyone with a modicum of Python, Perl or development skills can write an app or a script to gather the checksum of a file, compare it to a list ... Read More
What Is SCM (Security Configuration Management)?
The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told ... Read More
Social Engineering: Hacking Brains…It’s Easier than Hacking Computers
The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to ... Read More
Understanding the Purpose of Security Controls and the Need for Compliance
What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do ... Read More
It’s All About the Baselines: Security Edition
I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.” So it would ... Read More
Harvesting Likes on Social Media or a Window for the Hacker to Climb Through?
So earlier this year, I wrote a piece about how we as humans are so quick to give away personal information to various companies in the quest for discounts or free stuff. As I gave it further thought, I realized that sometimes we give away our personal information in search ... Read More
Hacking Is Not a Crime! Additional Thoughts from DEFCON 2019
In my previous post, I spoke about all of the different DEFCON villages where attendees can learn about and purchase all sorts of fun hacking/counter hacking tools. Even so, I covered only a small fraction of the activities at the conference. For example, attendees have the opportunity to participate in ... Read More
Ideas and Innovations at DEFCON 2019
Every year when I go to Black Hat USA and DEFCON, I am reminded of the constant battle between light and dark…wait…that’s Return of the Jedi…. I mean of the constant battle between infosec and the big bad hacker. And it’s not just the uber sophisticated hacks that involve fuzzing ... Read More
Your Personally Identifiable Information Is Part of You: Stop Giving It Away
Are hackers really the problem when governments can just ask for or legislate the requirement to turn over user data? Russia currently has approximately 149 million people living in within its borders, and while Tinder is not the most popular dating app in the country, even a small percentage of ... Read More
Developing an Effective Change Management Program
Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually the monkeys who make the changes that bring ... Read More