From the Fall 2014 Issue

Cloud Vulnerability – Scanning Options for Enterprises

Author(s):

Kellep A. Charles, Information Security Analyst/Researcher, SecurityOrb, LLC

Many enterprises wisely consider regular security vulnerability scans on information processing systems to be a vital component of their security programs. They allow the administrator to locate security weaknesses, assist in asset management and, most importantly, comply with regulatory compliance. In a traditional environment, the process is not difficult to carry out, but with the … Read more

From the Summer 2014 Issue

Stalking Prey: An RF Hacker’s Perspective

Author(s):

Rick Mellendick, Chief Security Officer, Process Improvement Achievers, LLC

Nearly everyone has an RF signature, and it is becoming as common as your fingerprint. This signature is the culmination of device and device usage such as: Your cell phone’s frequency Names of the networks you connect to with yourdevices Bluetooth devices and the connections to andfrom them Your device or devices (e.g., laptop, phone, … Read more

From the Summer 2014 Issue

Cybersecurity in the Supply Chain

Author(s):

Taylor Wilkerson, Program Manager, Supply Chain Management Program, LMI

For most of us, cybersecurity means network and data protection. We think of intrusion detection, firewalls, secure network design, secure and trained workforce, social engineering, and other security activities. Essentially, we view cybersecurity as the tools and activities that keep our networks and the data that they handle secured. But what if one of the … Read more

From the Spring 2014 Issue

Near-Term Vision of IT Security Threat Monitors

Author(s):

Benjamin Shelton, , Nangwik Services

Don Tobin, ,

Continuously updating, learning and optimizing in an ever-changing “threatscape”   As most information security professionals are aware, breaches go from initial point of entry to data extraction in a matter of hours or seconds, yet their detection, analysis, and remediation is usually measured in weeks. New techniques and approaches are needed to shrink this time difference. There … Read more

From the Spring 2014 Issue

Preventing Friends and Foes from CyberSpying on YOU

Author(s):

Dr. Christopher V. Feudo, President, University of Fairfax

We all are well aware that cyber attacks continue to increase in complexity, frequency and severity. These malicious cyber activities continue to grow at an unprecedented rate, severely threatening the nation’s public and private information infrastructure, as well as our very essence – our identities, our data, our personal conversations, our finances, and all aspects … Read more

From the Spring 2014 Issue

Eliminating Threat Vectors in Cyber Attacks

Author(s):

Steve Stratton, Vice President, Business Development, COPT

Question: Can infrastructure play a positive role in your Cybersecurity program? Most often we think of infrastructure in a negative way, something we have to protect. It is the mess that we have to attempt to control through policy, procedures, technology and training. It takes a lot of different systems, network and data security components … Read more

From the Spring 2014 Issue

Wireless Security: Not just 802.11 Anymore

Author(s):

Rick Mellendick, Chief Security Officer, Process Improvement Achievers, LLC

With the increase of organizations establishing wireless networks, including wireless guest networks, as well as creating Bring Your Own Device (BYOD) environments, organizations have increased their susceptibility to newer types of threats. Organizations are struggling to balance convenience with security and too often, convenience is being implemented proactively while security is being implemented reactively. When … Read more

From the Winter 2014 Issue

Cost Effective Security Assessments in Remote Locations

Author(s):

Gabe Koss, , Pwnie Express

Imagine a large bank. It has large corporate offices in several major cities in the United States and over 1000 branch offices across the country. It even has international branches. All of these different locations mean the bank functions on a large-scale, distributed infrastructure.  Being a bank, like government institutions, they are subject to varying … Read more

From the Winter 2014 Issue

It’s Time for a New Approach to Mitigate Insider Threats

Author(s):

Richard Park, Director of Product Management, Hexis Cyber Solutions

Recent high-profile national security breaches, such as the Edward Snowden and Bradley Manning cases, underscore the need for a new approach to detecting and mitigating insider threats. One emerging trend is the importance of big data security analytics and automated response. In a March 2012 report Gartner states that “information security is becoming a big … Read more