Some companies test once a year. Some test several times a year. So what frequency is correct for your organization? Well that all depends on how frequently your environment changes and other unique factors affecting your organization. When determining how often to conduct network penetration tests, consider the following:
If you work in the information security industry go ahead and give yourself a pat on the back. In 2012 information security professionals enjoyed one of the lowest unemployment rates in the country according to the United States Bureau of Labor Statistics. In my line of work I often come across IT and various other […]
Yes, it’s another information security predictions article – security hiring trends. No, I won’t be discussing APT, China, or anything involving our favorite prefix, “cyber.” Instead, here’s a brief glimpse at what we infosec recruiters are seeing in terms of enterprise demands for cyber security roles. While all infosec positions, from firewall jockey to CISO, […]
FOR IMMEDIATE RELEASE HALOCK Investigation finds that over 70% of mortgage lenders may be putting sensitive financial data at risk through their application processes Schaumburg, IL, January 29, 2014: Cybersecurity firm HALOCK Security Labs found many of the nation’s large and small mortgage lenders allow for information sharing practices that may put applicants’ personal and […]
Incident Responders take a lot of pride in finding that ‘Needle in the Haystack’ when conducting data breach investigations. The thrill of forensics lies in finding the tiniest clue that unravels the story of how a breach occurred and what exactly was compromised as a result. But the reality is that during forensic investigations, there […]
What happened to Target® last week is every business’ worst nightmare. We’ve received a number of inquiries regarding the security breach incident from concerned clients and friends and wanted to share a few insights.
Both penetration tests and automated vulnerability scans are useful tools for managing vulnerabilities. While these are different testing methods, they are complementary and both should be performed.
Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised, a security incident. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a […]
I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in the first place, […]
Dear Antivirus Vendors, On more and more incident response investigations, my clients (victims) have been asking the question “Why didn’t our Antivirus software detect the malware when we always keep it up to date?” I respond by telling them that they had targeted malware on their system. Their follow up question usually is whether antivirus […]