General | ISSCP Security Blog

Need for multi-talented security team

By Barry, on August 27th, 2009

Based on the current attack vectors that are taking place, we need defense teams that are multi-talented.

Attacks are no longer simple and scatter gun, like the Nigerian scam. The principle behind this type of attack is launch a hundreds of thousands attacks and hope that just a very few stick. Grammar was poor, yet overall [Click to Read more...]

RISK Analysis Audit

By Barry, on July 29th, 2009

Most Security regulations like HIPAA, SOX, GLBA and PCI (which is an industry standard Not a regulation), all call for a risk analysis audit. To many this is an unknown or difficult process, so I thought I would present the common goals for a Risk-based Analysis Audit

GOAL 1: The network defined

We need to [Click to Read more...]

Why can’t we allow specialists in the IT industry?

By Barry, on July 26th, 2009

Read an article that just blew me away!

“An IT auditor may also work a a forensic specialist (cyberforensic) where the objective is usually directed toward potential crimes or nefarious deeds”

Then let us make lawnmower mechanics, aviation engineers. Let us have the local lawnmower repair guy service the jet engines to 747s. Obviously we will not!. [Click to Read more...]

What we DO NOT look out for.

By Barry, on July 19th, 2009

This was born out of two sequences of events:

(1) Attending the SANS webcast Virtual rountable: featuring Ed Skoudis, Mike Poor, and Hal Pomeranz, the discussion point concerning cyber warfare / cyber attack was raised due to the current activity against South Korean and US government networks.

(2) During the same week I was reading “The Management [Click to Read more...]

The ostrich the great Defender

By Barry, on July 8th, 2009

The ostrich the great Defender, sorry I mean Pretender.

Why is it that when we have addictive problems, like drugs and alcohol we address the issue by stating you can only get right, once you admit you have a problem. This is why so many meetings have “Hi my name is X, I am [Click to Read more...]

System Logs: Nightmare or Treasure trove

By Barry, on October 3rd, 2007

System Logs: Nightmare OR Treasure trove?

Posted: October 03rd 2007

I guess the answer to the question depends on the lorg reader’s (the human reader) approach, feelings and job function/description. Sadly there are many “log readers” that seek the “instant society approach to completing their duties. They seek systems and applications to read the log files and [Click to Read more...]

IT Governance, Why run from it

By Barry, on August 29th, 2007

IT Governance, Why run from it?

Posted: August 29th 2007

It’s been six years since the 2001 Enron scandal erupted, resulting in Compliance and Governance beguin elevated today.

Large (Fortune 1000 companies) have had to comply, and to a large degree, are quite willing due to the [Click to Read more...]

Why is incident response SO IMPORTANT

By Barry, on August 28th, 2007

Why is Incident Respons So IMPORTANT?

Posted: August 28th 2007

Incident Response plays a vital role along with an organization’s DRP (disaster receovery plan). We must be sure it is implemented correctly?

Incident Response has a preset structure: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
These steps [Click to Read more...]

Why is SAS 70 confused with security

By Barry, on August 27th, 2007

Does SAS 70 imply tight security?
Does SAS 70 prove no vulnerabilities?
These questions and more are answered for your understanding.]]>

Why is SAS 70 confused with security?

Posted: August 27th 2007

In talking with multiple busines partners, it never ceases to amaze me that there is such a small grasp of [Click to Read more...]

ISSCP Security Blog

Archives

Polls

My Library