Realistically, how likely it is to have a computer compromised from browsing random websites?

Another question inspired by a recent discussion in the ‘The DMZ’ chatroom.
Long story short: IT guys are worried that accountants’ workstations may become compromised because accountants watch cat meme websites. Proposed solution: Lock do… Continue reading Realistically, how likely it is to have a computer compromised from browsing random websites?

Realistically, how likely it is to have a computer compromised from browsing random websites?

Another question inspired by a recent discussion in the ‘The DMZ’ chatroom.
Long story short: IT guys are worried that accountants’ workstations may become compromised because accountants watch cat meme websites. Proposed solution: Lock do… Continue reading Realistically, how likely it is to have a computer compromised from browsing random websites?

Why would device manufacturer refuse to publish root CA that signs devices but provides the CA via support ticket attachment

Background:
We got a few new model SIP phones. Each phone has built-in unique certificate issued by the manufacturer.
Previous models had certs issued by a different CA and that CA cert was published, so I could verify the phone’s identity… Continue reading Why would device manufacturer refuse to publish root CA that signs devices but provides the CA via support ticket attachment

what tolerance level/parameters/targets should be considered while framing cyber security readiness system? [closed]

I think the title itself defines my question. Can anyone help me with identifying tolerance level/parameters/targets that should be considered while framing security readiness system?

Continue reading what tolerance level/parameters/targets should be considered while framing cyber security readiness system? [closed]

What are the differences between "identifying threats and vulnerabilities" and "risk management"?

I am struggling to appreciate the differences between the 7 steps of the NIST Framework for Improving Critical Infrastructure, which should help an organisation implement it.

Step 1: Prioritize and Scope. The organization identifies its
b… Continue reading What are the differences between "identifying threats and vulnerabilities" and "risk management"?

The trade-off between user-agent risk and client server risk in Oauth 2.0 / 2.1 security framework

Generally speaking we can specify the potential risk into 2 categories: user-agent risk and client server risk.
As for the 3 client types mentioned in section 2.1 of the Oauth 2.1 draft (https://tools.ietf.org/html/draft-parecki-oauth-v2-1… Continue reading The trade-off between user-agent risk and client server risk in Oauth 2.0 / 2.1 security framework