- Incident Response Initial Security Incident Questionnaire for Responders
This cheat sheet helps incident handlers assess situations by asking the right questions: understanding background (how detected, security posture), defining communication parameters (coordinator,...
- Malware Evolving Threats: The Long Tail of Potential Data Breach Victims
The "long tail" of potential breach victims—numerous SMBs comprising 80% of the population—attracts attackers who prefer quantity over quality. These targets have weaker defenses and there are many...
- Social Networking Using Twitter for Public Relations During a Data Breach Incident
Twitter can be effective for data breach PR—research shows tweets reduce negative feelings and decrease support calls, especially when from employees rather than executives. Use it to acknowledge...
- Incident Response Insider Threat - A Touchy Security Topic
The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
- Training What is a Cybersecurity Expert?
Three types of security experts: specialists with superior performance in domains like forensics or network defense, generalists with extensive business understanding, and architects who piece...
- Incident Response Incorporating Mobile Devices into Enterprise Security
Enterprise security hasn't kept up with consumerization—powerful mobile devices often have VPN access and email but lack mature OS security controls. Organizations need greater network segmentation,...