HackDig : Dig high-quality web security articles for hackers

What is Configuration Drift?

In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like the Center for Internet Security (CIS) provide guidelines on how to best configure operating systems to minimize the attack surface. The CIS calls these “benchmarks.”Man
Publish At:2020-05-03 08:07 | Read:669 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Security C

P2P Session: Metrics for Managing and Understanding Patch Fatigue

At RSA 2015, I facilitated my first Peer-2-Peer session, “Vulnerability and Risk Scoring: What Ratings Really Mean” in front of full audience. I went into the event not really certain what a Peer-2-Peer was and what I would take away, but I knew I was very interested in discussing vulnerability scoring and metrics with a group of like-minded individuals.Whil
Publish At:2017-02-09 18:00 | Read:4734 | Comments:0 | Tags:Off Topic Metrics peer-2-peer RSA 2017

Avoid the Infosec Machine Learning Trap: The Data Is More Important than the Algorithm

User Behavior Analytics. Network threat detection. The increasing focus on using security data analytics to extract insight and find or predict ‘bad’ has brought with it an influx of marketing promising close-to-magical results. Among the offenders are those machine learning products suggesting data can be thrown at an algorithm and – voila! – insight will a
Publish At:2016-12-14 12:25 | Read:5411 | Comments:0 | Tags:Featured Articles IT Security and Data Protection behavior a

Is your security awareness training program working?

Employees at Axe Investment, the fictional firm of biollionaire Bobby Axelrod in Showtimes new series, Billions, were downright angry when they learned that surprise SEC raid was only a test. Axelrod, though, found the mock raid fruitful as it revealed the internal weak links of his organization.These are metrics that enterprises should be using to evalu
Publish At:2016-09-13 11:15 | Read:5276 | Comments:0 | Tags:Security Leadership and Management Metrics Social Engineerin

Remote Banking Fraud Up, Card Fraud Up

The Financial Fraud Action UK (FFA UK) has published its latest figures about financial fraud in the UK.e-commerce card fraud losses increased from £190.1m in 2013 to £217.4m in 2014 — a 14 per cent riseIn a news release published at the end of March, the FFA UK states the increase is primarily due to a change in tactic by fraudsters who are deceiving custom
Publish At:2015-04-14 15:55 | Read:5031 | Comments:0 | Tags:defense metrics incidents PCIDSS operation

Payment Security and PCI DSS Compliance 2015

Verizon has published its annual PCI Compliance Report 2015 covering data up to the end of 2014, describing compliance, the sustainability of controls and ongoing risk management.PCI Compliance Report 2015 analyses information from PCI Data Security Standard (PCI DSS) assessments undertaken by Verizon between 2012 and 2014, together with additional data from
Publish At:2015-03-17 15:00 | Read:4220 | Comments:0 | Tags:detective metrics technical PCIDSS validation maturity corre

London Cyber Security Summit for Startups

OWASP London Chapter is helping host next week's Cyber Startup Summit in conjunction with techUK, PixelPin and Sonatype.The primary focus of the Cyber Startup Summit is to promote innovation across cyber security. It intends to enable collaboration between enterprise security leaders, security startups, creative entrepreneurs, students and academics to discu
Publish At:2015-01-21 20:40 | Read:3734 | Comments:0 | Tags:metrics operation awareness specification maturity SDLC deve

SANS SWAT Checklist and Poster

The SANS Institute has published a poster called Securing Web Application Technologies (SWAT).SWAT 2014 (PDF) is a two-page large-format colourful poster combining a SWAT checklist with a What Works in Application Security chart.The SWAP checklist groups its suggested best practices into the following areas: authentication, session management, access control
Publish At:2014-12-02 17:05 | Read:6821 | Comments:0 | Tags:testing corrective operation metrics maturity administrative

Cost of Cyber Crime for UK Companies 2014

The third annual study of the cost of cyber crime in UK companies has been published.This 2014 report from Ponemon Institute is the third annual study of U.K companies, and is based on a representative sample of 38 organisations across industries. Findings for other regions/nations, relating to 257 companies in 7 countries in total, have also been published.
Publish At:2014-10-19 06:40 | Read:4646 | Comments:0 | Tags:technical corrective metrics administrative preventative inc


Tag Cloud