- Cloud Cloud Security Attestation Beyond SAS 70
SAS 70 was designed for financial systems, not security certification—it only confirms controls the provider paid auditors to evaluate. Better options include SysTrust (prescriptive control set), ISO...
- Malware Analysis Stuxnet Malware Research - Recommended Papers
Stuxnet fascinated the world due to its Industrial Control Systems targeting and sophisticated infection capabilities. Recommended papers include Symantec's PLC infection analysis, Mandiant's memory...
- Incident Response The Big Picture of the Security Incident Cycle
Incident response doesn't exist in isolation—it connects with intrusion detection, penetration testing, application security, and network defense through a four-phase cycle: Plan, Resist, Detect, and...
- Social Engineering Asymmetry of Data Value, Social Engineering, and What To Do
Information perceived as valueless won't be protected—but its value to attackers differs from value to the organization. Knowing AV product names helps tune malware; knowing application versions...
- Malware Detailed PDF Malware Threat Report from Symantec
- Privacy Security Possibilities for Continuous Wearable Video Capture
Wearable video devices like Looxcie ($199) enable continuous capture with security applications: witnessing crimes, recording physical security walkthroughs during pen tests, documenting incident...