China: Internet Freedom Is Culturally Relative

By Richard Stiennon, Chief Research Analyst, IT-Harvest

We have had a few weeks to absorb the implications of wide spread Chinese supported attacks against Google and thirty or so other organizations. The US Secretary of State made one of the most affirmative statements on Internet freedom yet articulated by a government. Various policy analysts have chimed in as well. Some thoughts on what they have said…

ROI and the InfoSec Value Statement

By Steven Fox, Founder of SecureLexicon

A value statement connects a project or investment to the mission and values of the organization and there are cases were value overrides financial ROI. A cogent value statement combined with a best-effort ROI can enhance both the bottom line and the security posture of the company by identifying the operational conditions for success.

Managing Your Internal Security Threats

Coby Royer, Technical Product Manager for Symplified

For a long time I have been recapitulating concerns to enterprises about managing the internal threat. And with the recent economic downturn, layoffs and other sources of employee dissatisfaction are increasing the risks from internal threats. The fact is, corporate management must pay attention to the insider threat and implement policies and controls to manage it.

Korea Held a Cyber War, But Nobody Came

By Richard Stiennon, Chief Research Analyst, IT-Harvest

Bruce Schneier points out the attacks against US Federal sites that succeeded in shutting them down or the malware spread by USB thumb drive that infected the US Military Central Command, demonstrate a lack of common sense anti-virus and patch management. But that is a very big deal Bruce…

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (104)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (592)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (301)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (578)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (364)
  • Greg George (5)
  • H1N1 (15)
  • hackers (530)
  • healthcare (125)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (526)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (29)
  • Insider Threat (481)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (62)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (492)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (202)
  • national security (444)
  • PCI (299)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (543)
  • Rachel James (10)
  • reach (2)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (493)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (92)
  • Webcast (49)

• ISR Headline Index

  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers
  • Risk Based Enterprise Compliance Programs
  • Data Loss Prevention Has Jumped the Shark

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs