Information Security Management in the Wild Wide Web

January 19, 2011 · Posted in Information Security, Information Systems, Information Technology · Comment 

Back in 2004, I prefaced a thesis that I wrote back then by  stating at how our global connectivity has drastically changed the way we live and do business. The technology advances, I noted, particularly the improvement in personal computing had been so profound that it has revolutionized our culture, education, commerce and the global economy opening all of us to new horizons and new opportunities. Because of these advancements, useful data that can make or break a business transaction or data that can significantly save lives now travels widely and quickly. We have all become very dependent on technology and the convenience that it provides to all of us.

I then added that the gift of interconnectivity does not come for free, it has opened all of us to threats to our privacy, identity, intellectual property and other confidential information that our society never have to face before. Read more

Tags: , , , , , , , ,

Simple Math: Maybe the Difference in your Cert Exam Pass/Fail Chances

January 13, 2011 · Posted in Information Security, Information Systems, Information Technology, Project Management · 1 Comment 

Picture this. You locked yourself up in a room for two months or so with no social interaction. You’ve excommunicated your family for that time period. You even missed the Super Bowl and the birth of your first child (okay maybe a little too dramatic, I know you would not dare miss the Super Bowl). In any case, you did all this because you have a goal. You wanted to be certified. You studied and studied. You read the book cover-to-cover. You paid top money for a class. You joined study groups. You took countless of practice exams and even bought several brain dump resources for good measure. You studied ’til the cows came home.

On the day of the exam you were as confident as a porcupine with extended twills (imagine that ;-) …). You know in your heart you’ve done what you could. You are anxious. You are ready. Then here comes the first question. You think to yourself, “WTF is this? I don’t remember reading about this.” Then the next question was so vague you wondered if it was actually written in English. The third question, seemed like there are two answers instead of one. The fourth was no easier. By the fifth question, all that confidence went down the toilet and by the sixth you are in a near panic. Read more

Tags: , , , , , ,

IT from Cost Center to Revenue Generator

January 11, 2011 · Posted in Information Systems · Comment 

I have been schooled in the paradigm that IT is more of a necessary cost-center for the organization. The generally-accepted idea in essence is that we bought a computer for the same reason we bought the computer desk and chair. They are a necessity to do business, but they are an expense and do not directly affect the outcome of my revenue. This is still the common view today. That is why there is the so-called computer upgrade lifecycle and IT expenditures are one of the first take a hit when the organization faces tough times.

There is an alternative view to this generally-accepted idea. The alternative is not an easy sell and it does not have a manual or boiler-plate procedures, however if done right via a well-defined strategic vision and proper execution can transform the IT department from a necessary cost-center, into a valuable resource for revenue generation. Read more

Tags: , , , , , ,

IT / InfoSec Management through the A.R.M. Framework (no arm twisting necessary)

January 10, 2011 · Posted in Information Security, Information Systems, Information Technology · Comment 

I will post a more detailed entry on this framework at a later date. A.R.M. stands for Assess-Resolve-Manage. It was a little simplified concept that I put together back in 2004 as part of my MBA thesis on Information Security for Small Businesses. The framework is actually adaptive enough that it can be implemented for effective IT management or any other form of management for that matter. Read more

Tags: , , , , , , , ,

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    January 2011
    M T W T F S S
    « Dec   Feb »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  

  • RSS From the National Vulnerability Database

    • CVE-2012-0291 (pcanywhere, altiris_client_management_suite_pcanywhere_solution, altiris_deployme...) February 21, 2012
      Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (applic […]
      nvd@nist.gov
    • CVE-2012-0315 (alftp) February 21, 2012
      Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. […]
      nvd@nist.gov
    • CVE-2012-0223 (termis) February 21, 2012
      Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. […]
      nvd@nist.gov
    • CVE-2012-1256 (easyvista) February 21, 2012
      The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. […]
      nvd@nist.gov
    • CVE-2011-4185 (iprint) February 20, 2012
      The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436. […]
      nvd@nist.gov
    • CVE-2012-1218 (freelancerkit) February 20, 2012
      Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. […]
      nvd@nist.gov
    • CVE-2011-4521 (advantech_webaccess) February 20, 2012
      SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. […]
      nvd@nist.gov
    • CVE-2012-1222 (r2/extreme) February 20, 2012
      Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. […]
      nvd@nist.gov
    • CVE-2012-1235 (advantech_webaccess) February 20, 2012
      Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. […]
      nvd@nist.gov
    • CVE-2012-0865 (cubecart) February 20, 2012
      Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes