HackDig : Dig high-quality web security articles for hacker

A Fast Start to Your Security Immune System

There has been a lot of talk about the importance of building a holistic security immune system. That is, an intelligent, integrated way to protect a network using information from many different sources, all of which is ingested by powerful analytics tools to help correlate, prioritize and act on security incidents. When I put together security transformati
Publish At:2017-05-14 01:10 | Read:2469 | Comments:0 | Tags:CISO Network Risk Management Compliance Data Protection immu

Is Security Ready for the Next 20 Years of Technology?

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts.I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that consumed two
Publish At:2017-03-15 23:30 | Read:5601 | Comments:0 | Tags:Featured Articles Security Awareness Security Controls secur

Applying the Risk Management Framework

What is the Risk Management Framework?To sum up, the Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide “Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004.This was the result of a Joint Task Force Tra
Publish At:2017-02-22 01:15 | Read:5787 | Comments:0 | Tags:Featured Articles Security Controls risk RMF security

Why 53 Percent of Banks Think Security Controls Negatively Impact Customer Experience

How do you tell if a legitimate customer or a fraudster is signing into your online banking platform? How do you know if the authentication measures your organization is using are effective? How important is it to your organization to provide a seamless customer experience while maintaining adequate security controls? The Problem With Customer Security These
Publish At:2017-02-02 20:55 | Read:2549 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Bank Fraud Ban

Summer Security Interns: Tripwire’s Perspective

In 2015, Tripwire partnered with FIRST Robotics to bring on summer interns from local high schools. Our goal was to teach the students about various aspects of information security on both the offensive and defensive side.The goals I set out for our interns in 2015 were a bit lofty, to say the least. I had planned on teaching them about the various tools in
Publish At:2016-09-20 12:40 | Read:3693 | Comments:0 | Tags:Off Topic FIRST Robotics robot Security Controls SSL Verizon

How Lackadaisical Software Management Can Jeopardize Your Endpoint Security

Today, organizations can best defend against digital threats by practicing endpoint discovery. Knowing exactly which devices are installed on a network provides security professionals with key intelligence for effective incident response. Indeed, information security teams who lack that knowledge might fail to detect or contain an intrusion before it escalat
Publish At:2016-08-01 06:10 | Read:2239 | Comments:0 | Tags:EDR Featured Articles Network security Security Controls

Penetration Testing: Do We Need a New Term?

I am a penetration tester by trade. What does that mean I do in my day-to-day?Well, that depends on whom you ask, as it is open to interpretation. Penetration testing means different things to different people. What it meant a decade ago is different from what it means today, and that will be different from what it means a decade from now. So, maybe what we
Publish At:2016-07-22 08:30 | Read:2900 | Comments:0 | Tags:Events Featured Articles BSidesLV Infosec penetration testin

8 Top Tips for Successfully Implementing your Security Control

Have you discovered a security gap? Have you found a possible solution? Have you received funding for it?If you answered ‘yes’ to all of the above, you’re half way to successfully implementing a new control. Here are some other (often overlooked) actions you should consider to ensure the success of your project:1. Be sure the solution solv
Publish At:2016-01-05 08:05 | Read:2592 | Comments:0 | Tags:Featured Articles Security Controls Infosec Top Tips

3 Positive Signs for Better Security in Cloud Computing

Whether you’re a large corporation, a nonprofit organization, or an everyday person who wants to share your data with others, you’ve probably jumped on the cloud phenomenon already.Amazon’s cloud, the iCloud, and a range of others have interconnected the world with speed, efficiency and convenience. However, this system has earned a notorious reputati
Publish At:2015-12-29 13:20 | Read:3279 | Comments:0 | Tags:Featured Articles Security Controls Cloud cloud security Inf

The Agent vs Agentless Debate – Part 2: The Operations Side

This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective. In part 2, I offer advice that considers the implementation and ongoing operations management.Let’s look at operational considerations t
Publish At:2015-12-23 12:40 | Read:2504 | Comments:0 | Tags:Featured Articles Security Controls Agent Agentless Operatio

Black Hat ’15 Preview: My Bro the ELK

Cyber-attacks are continually increasing in scope and complexity; advanced persistent threats are becoming more difficult to detect; and over the past decade, there has been a growing “detection deficit,” according to the 2015 Verizon Data Breach Report. While 60 percent of attackers are able to gain access within minutes, the detection of attacks is usually
Publish At:2015-07-10 05:40 | Read:2146 | Comments:0 | Tags:Featured Articles Security Controls black hat ELK Open Sourc

Why It’s Not Too Soon to Learn From The OPM Hack

Speculation is rife. The OPM hack will become a fascinating story if we ever actually learn the details – how exactly did attackers penetrate and exfiltrate millions of federal employee records? What weaknesses did they exploit, and how did they escalate access? More to the point, what protections could have or should have prevented the penetration or reduce
Publish At:2015-06-11 15:50 | Read:3377 | Comments:0 | Tags:Featured Articles breach Defense in depth hack OPM Security

The Importance of Operational Security and User Education

An overview of the principal issues related to the 3 general categories that security controls fall under; physical, technical, and operational controls. What is Layer 8? Layer 8 is a term utilized by information security professionals and techies in general that represents the weakest link of every organization: the users.  W
Publish At:2015-05-31 11:10 | Read:3674 | Comments:0 | Tags:Breaking News Security Hacking operational security phishing

How Attackers Use Your Tools Against You: Living off the LAN

There is a lot of attention in the information security industry in detecting and preventing malicious software from executing on critical systems. Being able to detect new applications, drivers, and files such as these is what Tripwire Enterprise excels at. However, there are quite a few options for a motivated attacker to take advantage of built in applica
Publish At:2015-04-10 08:45 | Read:3478 | Comments:0 | Tags:Featured Articles Security Controls Attackers hackers Lan Ne

RBAC is Dead – Now What?

 Historically, access control has been based on the identity of a user requesting execution of a capability to perform an operation (e.g., read) on an object (e.g., a file). This was done directly either as in Discretionary Access Control or Mandatory Access Control or through predefined attribute types, such as roles or groups assigned to that user as
Publish At:2015-03-05 07:40 | Read:5375 | Comments:0 | Tags:Featured Articles Security Controls BYOD data RBAC security

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud