background preloader

Information Security

Facebook Twitter

Rebirth of BackTrack, the Penetration Testing Distribution. Blog Archive » Book review: Securing the Cloud. The cloud is everywhere.

Blog Archive » Book review: Securing the Cloud

It is all over us. But everybody knows that. I have been interested in could security for quite a while, so I decided to read a book to see how it is defined from A to Z today. After reading some reviews I chose the Securing The Cloud; Cloud computer security techniques and tactics written by Vic (J.R.) Winkler. One important aspect why I chose this book is that one review had said that it is a little bit too technical. IT management: the management of a company who is considering to move it’s infrastructure to the could can get a good overview about the whole cloud technology, it’s advantages, how they can benefit from the cloud and what are it’s potential risks.IT operations engineer: these people will be needed to make the cloud related decisions.

So basically I say that it is worth for everybody to read this book and here is why. I always like to clarify the NO-GOALs in projects just to make sure what shouldn’t be expected. Cloud Controls Matrix (CCM) Download the Cloud Controls Matrix About the CSA Cloud Controls Matrix The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.

Cloud Controls Matrix (CCM)

The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. Do your Cloud suppliers disclaim responsibility for security? Cloud computing contracts often contain significant business risks for end user organisations, according to independent research by UK academics.

Do your Cloud suppliers disclaim responsibility for security?

Some contracts even have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use, which is potentially important if they are used for occasional backup or disaster recovery purposes, according to the Cloud Legal Project at Queen Mary, University of London. Other contracts can be revoked for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all, the academics found. Top Threats to Cloud Computing. Introduction to Top Threats to Cloud Computing The purpose of this document, Top Threats to Cloud Computing, is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.

Top Threats to Cloud Computing

In essence, this threat research document should be seen as a companion to Security Guidance for Critical Areas in Cloud Computing. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. Download (Registration Required, 217K) Download (French; Registration Required, 205K) Download (Portuguese; Registration Required, 206K) Download (Spanish; Registration Required, 202K) Provide feedback on this document Visit the Cloud Computing Knowledge Center community View News Release Cloud computing is an emerging technology that may help enterprises meet the increased requirements of lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency, dynamic provisioning and utility-like pay-as-you-go services.

Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives

Office of Information Security Shares 5 Tips to Safely Using Social Media. Photo courtesy of October is National Cyber Awareness Month (NCSAM) and according to, NCASM was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

Office of Information Security Shares 5 Tips to Safely Using Social Media

The Georgia Southern University Information Security Office is celebrating this month by sharing cyber information and tips each week. Chief Information Security Officer Mike Wise says the Office of Information Security promotes a secure environment for the University to meet its mission of academic distinction in teaching, scholarships, research and service. “Cyber Security is a constant factor in our lives. In today’s world, we are dependent on our online presence for everything from banking to watching our favorite shows.

In honor of the observance, Wise shared 5 tips from to safely using social media. Have a strong password - The stronger your password, the harder it is to guess. Boosting Security for Employees’ Personal Information. BUworks’ new two-step log-in can be done via a smartphone app, an automated phone call, or a text message.

Boosting Security for Employees’ Personal Information

Photo by Jackie Riccardi To protect against Internet scammers, BU is mandating a two-step authentication process for employees seeking online access to their direct deposit bank information and other data in BUworks. Faculty and student employees of the University must perform the two-step process beginning today. Other employees were enrolled in recent months. The process, using the online security tool Duo Security, requires employees to log in to BUworks through its Central Portal with their usernames and Kerberos passwords as in the past. Information Security - Business Information - Information Management. A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection.

Information Security - Business Information - Information Management

What if there was a model that would help security professionals address the complexity of security while encouraging a balance between protection and the business? There is. The Business Model for Information Security (BMIS) challenges conventional thinking and enables you to creatively re-evaluate your information security investment. The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective.

Explore various media, including journal articles, webcasts and podcasts, to delve into the Business Model for Information Security and to learn more about how to have success in the IS field in today's market. Do you face the following challenges? If so, you are not alone. What Is Information Security? (with pictures) Information security is the process of protecting the availability, privacy, and integrity of data.

What Is Information Security? (with pictures)

While the term often describes measures and methods of increasing computer security, it also refers to the protection of any type of important data, such as personal diaries or the classified plot details of an upcoming book. No security system is foolproof, but taking basic and practical steps to protect data is critical for good information security.

Password Protection Using passwords is one of the most basic methods of improving information security. This measure reduces the number of people who have easy access to the information, since only those with approved codes can reach it. To make access as secure as possible, users should create passwords that use a mix of upper and lowercase letters, numbers, and symbols, and avoid easily guessed combinations such as birthdays or family names. SANS Institute: Information Security Resources. Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.

SANS Institute: Information Security Resources

Infosecurity - the online magazine dedicated to the strategy and technique of information security.