Security awareness messages must target the right persons. But they need to target them using the right words! Be sure to adapt your messages to keep them understandable by all your audience.
Category: Security
CERT-in-a-Box
Computer Emergency Response Teams (or “CERTs”) are organizations that handle security incidents related to computers and networks. A CERT can be deployed to support private networks (example: in a multi-national company or an organization like NATO which operates its NCIRC) or organized by federal authorities in regions or countries. CERTs
Sea, Sun, Holidays and… Logs
I’m writing this post in my garden, 22:15 still 23°. Yes, it’s summer time! Soon, a lot of admins and security professionals will leave their office to go to the beach. Here are some tips for enjoying a safe comeback: 1. If you configure an auto-responder (classic behavior in big
Example of Security Awareness
This picture has been taken in an industrial environment but could fully match in IT security too! For those who don’t speak French nor Dutch, it says: “Your principal safety responsible is in front of you“. Stickers are placed on mirrors in the toilets. Let’s imagine the same security awareness
Monitoring is (Also) a Process!
A well-know Bruce Schneier’s citation is “Security is a process, not a product“. Monitoring your infrastructure is fully part of your security policy. You don’t have only to deploy security blocks (applications, servers, appliances, …) to build your security perimeter(s), you also need to take care of them via monitoring
RSA Software Token for iPhone
Since the 6th of June, a great application is available (for free) in the AppStore. RSA released an iPhone version of its software token! I already spoke about strong authentication on this blog. To resume, strong authentication is achieved by mixing at least two different types of authentication methods from
Do You Trust Your Framework?
Frameworks are developer’s best friends. Frameworks are sets of libraries, scripts or piece of code reusable by developers. To make things more simple, why re-invent the wheel? There exist frameworks for all development platforms like .Net for Microsoft IIS or Zend for PHP. ZionSecurity, a Belgian security firm, released a
Unix OS Security Audit/Assurance Program
I’m just back from the last ISACA Belgian Chapter meeting. Topic of today was about the UNIX OS security audit process. A very large topic! The speaker was Sanjay Vaid. For years now, Linux is deployed in business environment. Linux systems can take several forms: applications servers (print, files, web,
Follow Several Security Threat Levels via Twitter
Twitter, the micro blogging platform, attracts a larger audience days after days. According to recent studies, lot of accounts stay un-updated for long periods of time. On the other side, there are more and more huge communities of active users who tweet on specific topics: The IT security is represented
Security Incidents Classification by TaoSecurity
Richard, the owner of TaoSecurity posted an interesting article about the classification of security incidents. The exercise was to translate security incidents into something easily rank-able like numbers and colors) to a security incident (read: oriented to management). (Link from picassa) Read the blog article here. Take time to read