What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-06 10:46:21 | CISO workshop slides (lien direct) | A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142): | Malware Vulnerability Threat Patching Guideline Medical Cloud | Uber APT 38 APT 37 APT 28 APT 19 APT 15 APT 10 APT 34 Guam | |
|
2020-03-12 09:41:18 | NBlog March 12 - reflecting on privacy (lien direct) |  Anyone who read Orwell's masterpiece or saw the film "1984" appreciates the threat of mass surveillance by the state a.k.a. Big Brother. Anyone who has followed Ed Snowden's revelations knows that mass surveillance is no longer fanciful fiction. There are clearly privacy impacts from surveillance with implications for personal freedoms, assurance and compliance. At the same time, surveillance offers significant social benefits too, in other words, pros and cons which vary with one's perspective. Big Brother sees overwhelming benefits from mass surveillance and has the power, capability and (these days) the technology to conduct both overt and covert mass or targeted surveillance more or less at will. The same thing applies to other forms of surveillance and other contexts: many of us gleefully carry surveillance devices with us wherever we go, continuously transmitting information about our activities, conversations, locations, contacts and more. We may call them 'smartphones' but is that really a smart thing to do? Drug dealers and other criminals appreciate the value of burner phones, essentially buying a modicum of privacy. What about the rest of us? Are we wise to rely on the technologies, the phone companies and the authorities not to invade our privacy? Some of us are introducing IoT things into our homes, seduced by the convenience of being able to tell our smart TV to order a pizza without even getting up from the sofa. Evidently people either don't even consider the privacy implications, or accept them presumably on the basis that they own and chose to introduce the surveillance devices, and could just as easily stop and remove them (fine in theory, doesn't happen in practice).Then there are the surveillance devices we use to monitor, track or snoop on various others: baby monitors, nanny-cams, commercial and home CCTV systems, webcams, dashcams, audio bugs, covert cameras, spyware, keyloggers and more. Surveillance tech is big business, both retail, commercial and governmental/military. Need to know where a recent arrival from China has been? Simply collect the surveillance jigsaw pieces into a credible sequence and despatch the hazmat teams.Overt surveillance in the form of obvious CCTV camera installations are just the tip of the iceberg. Covert cams and bugs are already snooping on us in changing rooms, toilets, video-conference facilities, courts and mor |
Threat | Uber | |
|
2017-11-22 16:30:57 | NBlog November 22 - A to Z of social engineering controls (lien direct) |  I didn't quite finish the A-to-Z on social engineering methods yesterday as planned but that's OK, it's coming along nicely and we're still on track. I found myself dipping back into the A-to-Z on scams, con-tricks and frauds for inspiration or to make little changes, and moving forward to sketch rough notes on the third and final part of our hot new security awareness trilogy: an A-to-Z on the controls and countermeasures against social engineering. Writing that is my main task for today, and all three pieces are now progressing in parallel as a coherent suite.It's no blockbuster but I have a good feeling about this, and encouraging feedback from readers who took me up on my offer of a free copy of the first part.Along the way, a distinctive new style and format has evolved for the A-to-Zs, using big red drop caps to emphasize the first item under each letter of the alphabet. I've created and saved a Word template to make it easier and quicker to write A-to-Zs in future - a handy tip, that, for those of you who are singing along at home, writing your own awareness and training content.I'd like to include some graphics and examples to illustrate them and lighten them up a bit, but with the deadline fast approaching that may have to wait until they are next updated. Getting the entire awareness module across the line by December 1st comes first, which limits the amount of tweaking time I can afford - arguably a good thing as I find this topic fascinating, and I could easily prepare much more than is strictly necessary for awareness purposes. Aside from that, the release of an updated OWASP top 10 list of application security controls prompted me to update our information security glossary with a couple of new definitions, and a radio NZ program about a book fair in Edinburgh (!) prompted me to explain improv sessions as a creative suggestion for the train-the-trainer guide for the social engineering module. |
Uber |
1
We have: 3 articles.
We have: 3 articles.
To see everything:
Our RSS (filtrered)
