Leveraging Open Source for Business Intel

By Bozidar Spirovski, CISSP, MCSA, MCP

Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence…

Cloud Computing Challenges Infrastructure

By Bozidar Spirovski, CISSP, MCSA, MCP

Cloud Computing is becoming more and more the buzzword of every conference, meeting and article. Yet it is still in it’s inception, and there are multitude of issues and problems. Here are the mechanisms by which we can approach the level of trust that we have in our infrastructure for the cloud.

Windows Security Logs and MS Log Parser

By Bozidar Spirovski, CISSP, MCSA, MCP

Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to analyze windows event logs. But before you start going commercial, there is a tool that will get you going without any cost. Against all odds, it’s a tool made by Microsoft!

Microsoft Threat Assessment & Modeling

By Bozidar Spirovski, CISSP, MCSA, MCP

Every organization has some form of Information Security Risk Assessment - some perform a formal risk assessment, others simply use their practical experience. There aren’t that many tools that assist the organization in performing risk assessment. The most widely used one is Excel, but it is far from a good choice.

Two Vulnerability Scanning Tools Evaluated

By Bozidar Spirovski, CISSP, MCSA, MCP

In terms of speed, Retina performed much faster. In terms of scan depth, Nessus has a small advantage, since it includes a web mirroring tool that is very helpful in HTTP. In a direct comparison, Nessus wins simply because Retina manifested erroneous results on repeat scans.

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (106)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (594)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (303)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (580)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (366)
  • Greg George (5)
  • H1N1 (15)
  • hackers (532)
  • healthcare (127)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (528)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (31)
  • Insider Threat (483)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (64)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (494)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (204)
  • national security (446)
  • PCI (301)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (545)
  • Rachel James (10)
  • reach (4)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (495)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (94)
  • Webcast (49)

• ISR Headline Index

  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs