Two Vulnerability Scanning Tools Evaluated

By Bozidar Spirovski, CISSP, MCSA, MCP

In terms of speed, Retina performed much faster. In terms of scan depth, Nessus has a small advantage, since it includes a web mirroring tool that is very helpful in HTTP. In a direct comparison, Nessus wins simply because Retina manifested erroneous results on repeat scans.

A Process Checklist for System Hardening

By Bozidar Spirovski, CISSP, MCSA, MCP

Most administrators and security officers are well aware of the necessity of system hardening for corporate systems. Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions a system performs, the larger the vulnerability surface. Here is a checklist and diagram by which you can perform your hardening activities.

Securing Hardware for Storage and Disposal

By Bozidar Spirovski, CISSP, MCSA, MCP

Any organization should have a simple and brief procedure to treat information carriers for systems that are to be discarded. All that hardware contains a lot of confidential information, and it is essential that such data is properly erased so it cannot be recovered. Here is a brief summary of the crucial information disposal procedure elements.

5 Minute Security Assessment for Businesses

By Bozidar Spirovski, CISSP, MCSA, MCP

While the real thing may take time, some budget lobbying, and the guts to admit that you are not perfect, here instead is a very fast security self-assessment which will give you a rough idea of where you stand.

Sound Advice for Evaluating SIEM Systems

By Bozidar Spirovski, CISSP, MCSA, MCP

Evaluating Security Information Event Management (SIEM) solutions is important, as they come in a lot of different flavours. So, in order to sift through the multitude of solutions, the buyer needs to ask the hard questions. Here are some of the key questions that need to be taken into consideration:

Tools for Detecting Spoofed Email Headers

By Bozidar Spirovski, CISSP, MCSA, MCP

In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.

Conducting Dbase Corruption Investigations

By Bozidar Spirovski, CISSP, MCSA, MCP

Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…

A Computer Forensics Process Tutorial

By Bozidar Spirovski, CISSP, MCSA, MCP

In reality, the computer forensics job is a standard process and every one of us does parts of the process when we debug our computers. Here is a simple tutorial on what is involved in performing more thorough computer forensics.

Security Information Event Management

By Bozidar Spirovski, CISSP, MCSA, MCP

Banking, Telecommunications, Power and Energy - anyone and everyone is under internal audit and regulator scrutiny to implement a Security Information Event Management system. But most Security Information Event Management implementations are rushed and placed only to shut up the auditors and to go on as usual. Since it’s a compliance requirement, the Security Information Event Management salespeople very rarely address whether the customer makes proper use of the solution, and whether this solution brings benefits to the company.

Top 5 Mistakes in Information Security

By Bozidar Spirovski

Does your information security implementation suffer from mistakes in approach? Everyone is focused on information security, and security is a constant addition into every corporate mission statement. And yet in nearly every security implementation there is a recurring range of mistakes in information security. Here are the most common five.

Next Page »

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (114)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (602)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (311)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (588)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (374)
  • Greg George (5)
  • H1N1 (15)
  • hackers (540)
  • healthcare (135)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (536)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (39)
  • Insider Threat (491)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (72)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (502)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (212)
  • national security (454)
  • PCI (309)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (553)
  • Rachel James (10)
  • reach (12)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (503)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (102)
  • Webcast (49)

• ISR Headline Index

  • Why We Did It and Don’t Want Any Money
  • Hackers Lurking in Hotel Networks
  • 7 Month Vulnerability in Windows Virtual PC
  • How to Secure a Cisco Router
  • On HTML Insecurities…
  • When Social Networking Clashes with Security
  • Spam Block: Public Servants or Vigilantes?
  • Sticky Situations in Social Media
  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs