Hardware or Host Based Firewalls

Do organizations need hardware firewalls when the network already has host-based software firewalls? Wouldn’t it add cost and complexity to networks? Wouldnt system protected by host-based software firewalls just as secure as having a hardware firewall if they are implemented appropriately? “Firewalls actually come in two distinct flavors: software applications that run in the background… Continue reading Hardware or Host Based Firewalls

Acknowledging Non-Applicable Threats

Is it important to account for or acknowledge risks that may not apply to an organization or system? What if you identified a risk that you would typically consider for but would not use due because of the context. Say, for example, your organization is not in a floodplain however it is usual to consider… Continue reading Acknowledging Non-Applicable Threats

Cloud Computing and Data Security

We cannot attribute the beginning of cloud computing to a particular person or time. It evolved with the evolution of Internet and enterprise computing. We may be able to trace its roots all the way back when Dr. Larry Roberts developed the ARPANET in 1969. (Whitman & Mattord, 2016) While the evolution of ARPANET, to Ethernet… Continue reading Cloud Computing and Data Security

Reporting Illegal or Unethical Behavior

What should employees do if they discover unethical or illegal behavior? Should they raise concerns without fears of retaliation? Employees are doing a favor for the company and its stakeholder by raising concerns about unethical or illegal behaviors. One day or the other, the act will come to light, and it will cost the company… Continue reading Reporting Illegal or Unethical Behavior

Roles of Management and Technology in InfoSec

Information security is both a management issue and a technology issue. The management of an institution could be the owner or custodian of the data that their information security program is trying to protect. They need to ensure that the systems they employ execute all the functions on the data as they are supposed to… Continue reading Roles of Management and Technology in InfoSec

Who doesn’t need to be concerned about InfoSec?

Would there be any person or group within an organization that does not need to be concerned with information security? The only person who need not worry about information security is the one who has no value bearing data. Unfortunately, in this day and age, every single person who is connected to modern world has… Continue reading Who doesn’t need to be concerned about InfoSec?

Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target — and its covert origins. In a fascinating look inside cyber-forensics, he explains… Continue reading Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon

Intrusion Prevention System To Detect BotNet

The second half of the year 2010 saw stuxnet all over the news. Stuxnet, a cyber worm, is believed to be the world’s first publicly identified known cyber weapon. Such worms are designed to destroy the control system in a factory, refinery or even a nuclear power plant. Computers are infected with such worm through… Continue reading Intrusion Prevention System To Detect BotNet

Face Recognition Systems For Facility Access

Identity card issued by the employer is the typical mechanism to identify an employee. However, verifying each and every card presented by personnel requires a dedicated person or an automated system. Credentials, such as an identity card, are more effectively verified using an automated system. However, most of the verification systems are incapable of verifying… Continue reading Face Recognition Systems For Facility Access