Collaborate Disseminate
Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…
The post The Three Step Security Strategy appeared first on TrustedSec.
So, this post is inspired by some very interesting research done by @mubix that you can read about here, as well as this amazing post by Tim Medin here. After reading Mubix’s post, I was whipped into a frenzy and purchased several domains. I realize that these posts are both several years old, but this idea has…
The post Buying Internal Domain Access Again appeared first on TrustedSec.
This week I attended the PCI North American Community Meeting. If you are in the payment security space and haven’t been to a community meeting, I would recommend that you put this on your conference schedule. It’s great to connect with like-minded individuals, including card brands, banks, large customers, vendors, and yes, assessors – both internal (ISAs)…
The post Big Changes in Store for PCI DSS v4.0, and More! appeared first on TrustedSec.
Continue reading Big Changes in Store for PCI DSS v4.0, and More!
To commemorate the final DerbyCon, TrustedSec did something a little special on our challenge coin. Along the outer edge of the coin was a code, and anyone who could figure it out by DerbyCon’s final day at noon got a prize. I was lucky enough to design the code and was asked by many people…
The post Cracking the DerbyCon Code appeared first on TrustedSec.
Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…
The post Attacks on the Rise Through Office 365 appeared first on TrustedSec.
Having completed several PCI-DSS (Payment Card Industry – Data Security Standard) Reports on Compliance (RoCs) over the past couple of years, I have noticed a consistent pattern on the items needed for the 12 requirements. I have found that there are three basic components to most if not all PCI requirements: Documentation (Policies, Standards, and…
The post PCI Requirements 101 appeared first on TrustedSec.
When it comes to physical security, the most common things we see are hardware vulnerabilities or human error (through social engineering attacks, failure to follow security guidelines, or no knowledge of security protocols). We have successfully broken into everything from locally run neighborhood shops to banks, power plants, hospitals, factories, law firms, and everything in…
The post Three Most Common Security Flaws (and How to Fix Them) appeared first on TrustedSec.
Continue reading Three Most Common Security Flaws (and How to Fix Them)
The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to…
The post Top 10 MITRE ATT&CK™ Techniques appeared first on TrustedSec.
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Hans Lakhan, Alex Hamerstone and David Boyd Title: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the HackersURL: https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/ Author: Renee Dudley and Jeff…
The post TrustedSec Podcast Episode 3.16 – Pay the Ransoms appeared first on TrustedSec.
Continue reading TrustedSec Podcast Episode 3.16 – Pay the Ransoms
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Rob Simon, Justin Bollinger, and Alex Hammerstone Title: Yahoo to pay $50M, Other Coasts for Massive Security Breach URL: https://abcnews.go.com/Technology/wireStory/yahoo-pay-50m-costs-massive-security-breach-58693643 Author: Michael Liedtke Title:…
The post TrustedSec Podcast Episode 3.4 – Yahoo! Siri “helpful” as Ever, and Vigilante Networking! appeared first on TrustedSec.