What we are up against…
There is much ballyhoo on the importance of information security to an organization. There is significant focus on the threats posed by hackers, intruders, cyber-terrorists, foreign actors, viruses, Trojan horses, spyware. etc. to the information held by a particular organization. Laws have been enacted to ensure that these actors if caught will face significant punishment under the law and organizations spend millions of dollars to ensure that their systems and infrastructure are hardened to protect themselves from this threat. Read more
Symantec Guide to Scary Internet Stuff – Phishing
Notwithstanding the ad to buy their product in the last part of the video, this is a little nice informative video on phishing. YES people still fall for this stuff.
The first in a series of video’s looking at common Internet threats. This one looks at Phishing and how to prevent it.
CISSP Note (Domain 1: Access Control) – Three Things to Consider
Three things to consider
- Threats – potential to cause harm
- Vulnerabilities – weakness that can be exploited
- Risk – potential for harm
Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm.
The likelihood that a threat will use a vulnerability to cause harm creates a risk. When a threat does use a vulnerability to inflict harm, it has an impact. In the context of information security, the impact is a loss of availability, integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of real property). It should be pointed out that it is not possible to identify all risks, nor is it possible to eliminate all risk. The remaining risk is called residual risk.
|
Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW.
All Purchases are securely processed through Paypal. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. |
Join Me On Facebook
Business Tech Press Releases- SAIC Awarded Contract by Office of the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs February 9, 2012
- New York University School of Continuing and Professional Studies Selects Destiny One to Streamline Non-Credit Business, Course Development, Enrollment, and Marketing Operations February 9, 2012
- afterBOT Awarded Fourth Patent for Secondary Selling Using Digital Receipt Links Across Sellers February 9, 2012
- Verne Global Selects Veteran Systems Integrator Opin Kerfi as its IT Service Partner in Iceland February 9, 2012
- Neuland Labs Launches App at Informex Allowing Customers 24/7 Access to GuarD Project Management System for On-Time Production February 9, 2012
- From the National Vulnerability Database
- CVE-2012-1034 (episerver_cms) February 7, 2012Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]nvd@nist.gov
- CVE-2011-5076 (hdwiki) February 6, 2012SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2012-1021 (4images) February 6, 2012Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. […]nvd@nist.gov
- CVE-2012-1031 (episerver_cms) February 6, 2012Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. […]nvd@nist.gov
- CVE-2012-1008 (officesip_server) February 6, 2012OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. […]nvd@nist.gov
- CVE-2012-0992 (openemr) February 6, 2012interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. […]nvd@nist.gov
- CVE-2012-1004 (foswiki) February 6, 2012Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephon […]nvd@nist.gov
- CVE-2012-1019 (xwiki_enterprise) February 6, 2012Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/D […]nvd@nist.gov
- CVE-2012-1002 (openconf) February 6, 2012Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. […]nvd@nist.gov
- CVE-2012-1029 (tube_ace) February 6, 2012SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2012-1034 (episerver_cms) February 7, 2012