background preloader

Information Security

Facebook Twitter

Kali Linux | Rebirth of BackTrack, the Penetration Testing Distribution. Blog Archive » Book review: Securing the Cloud. The cloud is everywhere. It is all over us. But everybody knows that. I have been interested in could security for quite a while, so I decided to read a book to see how it is defined from A to Z today. After reading some reviews I chose the Securing The Cloud; Cloud computer security techniques and tactics written by Vic (J.R.) Winkler.

One important aspect why I chose this book is that one review had said that it is a little bit too technical. IT management: the management of a company who is considering to move it’s infrastructure to the could can get a good overview about the whole cloud technology, it’s advantages, how they can benefit from the cloud and what are it’s potential risks.IT operations engineer: these people will be needed to make the cloud related decisions. So basically I say that it is worth for everybody to read this book and here is why. I always like to clarify the NO-GOALs in projects just to make sure what shouldn’t be expected. Cloud Controls Matrix (CCM)

Download the Cloud Controls Matrix About the CSA Cloud Controls Matrix The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.

The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers. The Cloud Controls Matrix is part of the CSA GRC Stack. Cloud Controls Matrix Leadership J.R.

Do your Cloud suppliers disclaim responsibility for security? Cloud computing contracts often contain significant business risks for end user organisations, according to independent research by UK academics. Some contracts even have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use, which is potentially important if they are used for occasional backup or disaster recovery purposes, according to the Cloud Legal Project at Queen Mary, University of London.

Other contracts can be revoked for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all, the academics found. The Cloud Legal Project surveyed 31 Cloud computing contracts from 27 different providers and found that many included clauses that could have a significant impact, often negative, on the rights and interests of customers.

Even that might not be enough. The research was funded by a donation from Microsoft, but was academically independent Now read: Top Threats to Cloud Computing. Introduction to Top Threats to Cloud Computing The purpose of this document, Top Threats to Cloud Computing, is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. In essence, this threat research document should be seen as a companion to Security Guidance for Critical Areas in Cloud Computing. As the first deliverable in the CSA’s Cloud Threat Initiative, the “Top Threats” document will be updated regularly to reflect expert consensus on the probable threats which customers should be concerned about. Top Threats to Cloud Computing Leadership Rafel Los, HP Don Gray, Solutionary Dave Shackleford, Voodoo Security Bryan Sullivan, Microsoft Downloads.

Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. Download (Registration Required, 217K) Download (French; Registration Required, 205K) Download (Portuguese; Registration Required, 206K) Download (Spanish; Registration Required, 202K) Provide feedback on this document Visit the Cloud Computing Knowledge Center community View News Release Cloud computing is an emerging technology that may help enterprises meet the increased requirements of lower total cost of ownership (TCO), higher return on investment (ROI), increased efficiency, dynamic provisioning and utility-like pay-as-you-go services. Office of Information Security Shares 5 Tips to Safely Using Social Media | Newsroom | Georgia Southern University. Photo courtesy of fbi.gov October is National Cyber Awareness Month (NCSAM) and according to staysafeonline.org, NCASM was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

The Georgia Southern University Information Security Office is celebrating this month by sharing cyber information and tips each week. Chief Information Security Officer Mike Wise says the Office of Information Security promotes a secure environment for the University to meet its mission of academic distinction in teaching, scholarships, research and service. “Cyber Security is a constant factor in our lives. In today’s world, we are dependent on our online presence for everything from banking to watching our favorite shows.

With this convenience comes the increased risk of cyber-crime,” said Wise. In honor of the observance, Wise shared 5 tips from SafeWise.com to safely using social media. Boosting Security for Employees’ Personal Information. BUworks’ new two-step log-in can be done via a smartphone app, an automated phone call, or a text message. Photo by Jackie Riccardi To protect against Internet scammers, BU is mandating a two-step authentication process for employees seeking online access to their direct deposit bank information and other data in BUworks. Faculty and student employees of the University must perform the two-step process beginning today. Other employees were enrolled in recent months. The process, using the online security tool Duo Security, requires employees to log in to BUworks through its Central Portal with their usernames and Kerberos passwords as in the past.

Employees will be guided by prompts to sign up for Duo Security when they try to log in to BUworks. BU has been working on the system in the months since phishers—Internet scammers who con victims for their passwords and private information—rerouted paychecks from several University employees’ bank accounts. Information Security - Business Information - Information Management. A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection. What if there was a model that would help security professionals address the complexity of security while encouraging a balance between protection and the business? There is.

The Business Model for Information Security (BMIS) challenges conventional thinking and enables you to creatively re-evaluate your information security investment. The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective. Explore various media, including journal articles, webcasts and podcasts, to delve into the Business Model for Information Security and to learn more about how to have success in the IS field in today's market.

Do you face the following challenges? If so, you are not alone. Questions? What Is Information Security? (with pictures) Information security is the process of protecting the availability, privacy, and integrity of data. While the term often describes measures and methods of increasing computer security, it also refers to the protection of any type of important data, such as personal diaries or the classified plot details of an upcoming book. No security system is foolproof, but taking basic and practical steps to protect data is critical for good information security. Password Protection Using passwords is one of the most basic methods of improving information security. This measure reduces the number of people who have easy access to the information, since only those with approved codes can reach it.

Unfortunately, passwords are not foolproof, and hacking programs can run through millions of possible codes in just seconds. Antivirus and Malware Protection One way that hackers gain access to secure information is through malware, which includes computer viruses, spyware, worms, and other programs. SANS Institute: Information Security Resources. Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. Wikipedia says, "Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably.

These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Paid SANS Information Security Resources SEC401: Security Essentials Bootcamp Style Additional Resources. Infosecurity - the online magazine dedicated to the strategy and technique of information security.