risk management – Page 2

Defense through Offense, and how APT fits there

Apr 3, 2011

—

by

I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…

Defining Penetration Testing

Mar 4, 2011

—

by

iamit

in Opinion, Security Research

I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating a solid definition of what a penetration testing is. It has been a topic that has been abused, cannibalized, and lowered toÂ a level where we (as in…

Information Security Intelligence Report for 2010 and Predictions for 2011

Jan 24, 2011

—

by

iamit

in Opinion, Security Research

Looking back at 2010 shows a widening gap between cybercrime and law enforcement capabilities, in conjunction to nations that have started the cyber-race to develop defensive and offensive capabilities. Most of the attacks analyzed in 2010 depict organizations that fall behind in their defensive strategies as attackers take advantage of a hybrid approach that merges…

the art of not thinking about elephants

Jan 6, 2011

—

by

iamit

in Security Research

Approaching risk management should be done in the most holistic manner, this means that EVERY aspect of information flow should be taken into account. This article describes how a red-team test managed to exfiltrate data out of a closed/non-connected network using innovative thinking.

Learning from stux, and connecting more dots in infosec

Oct 11, 2010

—

by

iamit

in Opinion, Security Research

Learning from stuxnet on how we are exposed to similar attacks. Connecting the dots between technology, society, and the human factor when talking about cyberwarfare.

Tag: risk management

Defense through Offense, and how APT fits there

Defining Penetration Testing

Information Security Intelligence Report for 2010 and Predictions for 2011

the art of not thinking about elephants

Learning from stux, and connecting more dots in infosec