- Authentication Better Internal Vulnerability Scanning With Authentication
Authenticated vulnerability scans provide far more comprehensive results than anonymous scans by allowing the tool to examine installed applications, patches, and configurations. Create dedicated...
- Malware Understanding Computer Attack and Defense Techniques
Modern attacks combine social engineering to bypass technical defenses, client-side exploits targeting browsers and add-ons, web application vulnerabilities like SQL injection, and persistent...
- Incident Response Insider Threat - A Touchy Security Topic
The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
- Leadership Return on Investment (ROI) - A Touchy Security Topic
ROI in finance means income-generating return, but security prevents loss rather than creating wealth. Vendors misuse "ROI" to justify expenses as "investments." ROSI calculations rely on annualized...
- Malware Advanced Persistent Threat (APT) - A Touchy Security Topic
APT causes heated debates because it's become a marketing buzzword. Some define it as an attack process with certain characteristics (the "What" group), while Mandiant uses it for specific...
- Communication The Lure of Notoriety for Information Security Experts
If an expert makes a discovery that improves security, can they make a difference if no one hears about it? On-line presence builds professional reputation, but pursuing notoriety diverts attention...