Resources

Blog

HIPAA – A Guide to Compliancy

HIPAA compliance makes sense if you understand all the rules, but unfortunately, only a few have the time, resources and training invested. Most healthcare professionals understand the importance of PHI, and their intentions would never be to purposely place this information at risk. The challenge is that these professionals earn their living by providing the services that they spent eight years...
Blog

Word Crimes Part 3 – Developing Cybersecurity Vision, Mission & Strategy Statements

As we introduced in part 1 and part 2 of this “word crimes” series, cybersecurity terminology is important, especially when representing our profession. In this final installment, we have broadened the scope as it relates to business terminology. It is vitally important for cybersecurity professionals, including current and future leaders, to understand the nuances between common business...
Blog

School District to Spend $314K on Rebuilding Servers after Malware Attack

A school district in North Carolina intends to spend $314,000 on rebuilding more than a dozen servers affected by a malware attack. On 27 December 2017, the board for Rockingham County School District held an emergency meeting and voted 7-1 to approve a 12-month, $314,000 service contract with Georgia-based technology solutions provider ProLogic ITS...
Blog

It’s 2018, Secure Your Budgets with Secure Configurations!

Happy 2018, everyone! With the start of a new year, everyone makes resolutions that they may or may not be able to keep. One of the most common New Year’s resolutions (and arguably the most difficult to keep) is to exercise, get healthy, and/or lose weight. This is a common thread in businesses, as well, as we see many organizations make the resolution to trim the fat, cut budgets, and do more...
Blog

Foundational Controls for Integrity Assurance - Part I

Among organizations today, there's not enough focus on where digital security matters, that is, setting up the challenge/risk. Let’s come right out and say it: if you haven’t been hacked yet, you soon will be. This is not a surprise to you. You know this. We know this. Other companies know this. And yet, we saw WannaCry spread to hundreds of...
Blog

Internet of Things In Healthcare - What to Expect in 2018?

We are heading into an era which embraces the Internet of Things (IoT), artificial Intelligence (AI), and machine learning (MI) that have immensely overturned the tech world. With particular reference to IoT, it has profoundly impacted global commerce and lifestyle. If this existing pace remains consistent, then it wouldn’t be onerous to predict the...
Blog

Women in Information Security: Roselle Safran

Last time, I had the honor of speaking with Tiffany Gerstmar. Her work with the US Navy led to her become a cybersecurity policy professional. In this final interview of the current series, I got to speak with Roselle Safran. Not unlike Tiffany, work in US government agencies also helped her to get where she is today. Now she's the president of...
Blog

Data Breach Potentially Struck Tallahassee Utility Customers

A data breach at a payment processor might have compromised the personal and financial information of some Tallahassee utility customers. Tallahassee Treasurer Clerk Jim Cooke is warning that a breach at TIO Networks, a company used by Florida's capital to help people pay their bills, might have affected an untold number of utility customers in the...
Blog

Data Breach Exposes 300K RootsWeb Users' Login Credentials

A data breach has exposed the login credentials belonging to 300,000 users of RootsWeb, a service owned and sponsored by Ancestry.com. On 4 December 2017, someone posted a file containing the usernames and plaintext passwords of 300,000 users to a hacker forum. An analysis of the dump, which was...
Blog

The State of Security in Industrial Control Systems

The main challenge for industrial control systems is that the processes that control those systems are connected to critical infrastructure such as power, water, gas, and transport. This means they require high availability, and it is not easy to interrupt those systems to apply security updates. Effects of any downtime means that it can affect...
Blog

The Top 10 State of Security Articles of 2017

With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year. My favourite State of Security blogs from 2017 Pentest Toolbox Additions 2017 It´s becoming a yearly tradition, but one our readers and I...
Blog

Canada Proposes $17.5M Settlement for Student Loan Privacy Breach

Canada has proposed to pay $17.5 million to settle a privacy breach involving hundreds of thousands of individuals who applied for student loans. Under the proposed settlement, Canada would pay $60 to Canada Student Loan borrowers affected by the breach. The federal government could reduce that individual payment, however, in the event the total...
Blog

The Future of Ransomware 2018 and Beyond

Ransomware is a problem on the rise, a simple threat with some very large business implications. Statistics show it has reached new levels of menace, and it's growing at a remarkable rate: 6000% in 2016, an IBM study found, and a triple-digit increase into 2018. Although a very real and present danger (as shown by some very high profile infections...
Blog

OWASP Top 10 Most Critical Web Application Security Risks of 2017

As organizations' IT environments become increasingly more complex, so too does the software they install on their systems. Software developers and managers have embraced microservices written in node.js and Spring Boot, for example. These new types of dynamic applications challenge organizations to establish appropriate trust chains and secure old...
Blog

Women in Information Security: Tiffany Gerstmar

Last time, I spoke with Stephanie Vanroelen. She's an OWASP contributor who specializes in web penetration testing. She also organizes BruCON, Belgium's largest cybersecurity convention, and volunteers at CyberSKool, an information security camp for kids. This time, I have the pleasure of speaking with Tiffany Gerstmar. Working with the US Navy...
Blog

5 Notable DDoS Attacks of 2017

We all know what a great year distributed denial-of-service (DDoS) attacks had in 2016. In the last four months, the web registered two significant DDoS campaigns. The first targeted Brian Krebs at a peak size of 620 Gbps. The second struck Dyn and, in so doing, took down Twitter, Amazon, Spotify and other clients of the DNS provider's critical...
Blog

How Employees Unknowingly Gamble with Your Data

Modern-day encryption is surprisingly effective. Take the gold standard: AES 256-bit encryption. It’s military-grade, trusted by governments and top security professionals worldwide. The encryption keys use so many number combinations that it’s virtually brute-force proof. In theory, someone might be able to crack it if they invented a supercomputer...