I Am Security

Tag: risk management

  • Defense through Offense, and how APT fits there

    I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…

  • Defining Penetration Testing

    I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating a solid definition of what a penetration testing is. It has been a topic that has been abused, cannibalized, and lowered to a level where we (as in…

  • Information Security Intelligence Report for 2010 and Predictions for 2011

    Looking back at 2010 shows a widening gap between cybercrime and law enforcement capabilities, in conjunction to nations that have started the cyber-race to develop defensive and offensive capabilities. Most of the attacks analyzed in 2010 depict organizations that fall behind in their defensive strategies as attackers take advantage of a hybrid approach that merges…

  • the art of not thinking about elephants

    Approaching risk management should be done in the most holistic manner, this means that EVERY aspect of information flow should be taken into account. This article describes how a red-team test managed to exfiltrate data out of a closed/non-connected network using innovative thinking.

  • Learning from stux, and connecting more dots in infosec

    Learning from stuxnet on how we are exposed to similar attacks. Connecting the dots between technology, society, and the human factor when talking about cyberwarfare.