- Assessments Why Your Security Assessment Recommendations Get Ignored
Security assessment recommendations get ignored for several reasons: reports go unread due to poor writing or checkbox compliance, readers disbelieve findings that contradict their views, IT staff...
- Social Networking Security Implications of the "Web" Becoming the "Social Web"
The web is becoming the social web—instant communication, public archives, mobile access, weak relationships. Security implications: business interactions occur outside corporate networks, data leaks...
- Assessments A Strong Executive Summary for Your Security Report
Decision-makers decide how to act on your findings based on what they see in the executive summary. Write it deliberately, with your readers' priorities and needs in mind.
- Authentication The Use of Pastebin for Sharing Stolen Data
Attackers use Pastebin for sharing stolen data because it's easy, handles large text, doesn't require registration, and doesn't proactively moderate. Trending pastes often include compromised...
- Social Networking When Bots Use Social Media for Command and Control
Malware authors use social media for command and control because HTTP traffic rarely gets blocked and blends into normal browsing. Examples include banking trojans retrieving instructions from...
- Incident Response When Does a Suspicious Event Qualify as a Security Incident?
Distinguishing suspicious events from actual incidents is challenging—panicking at every alert wastes resources, while ignoring meaningful ones allows escalation. Each organization must decide its...