Top IT Security Bloggers

  • Who’s Really Attacking Your ICS Devices?

    TrendLabs - Malware Blog
    Industrial Control System (ICS)/SCADA systems have been the talk of the security community for the last three or more years due to Stuxnet, Duqu, and other similar noteworthy attacks. While the importance and lack of security around ICS systems are well documented and widely known, I’ve been researching Internet-facing ICS/SCADA systems, who’s really attacking them, [...]

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    Who’s Really Attacking Your ICS Devices?

  • Sophos CEO suffers from a watery end for #ComicRelief

    Sophos - Naked Security
    Raising money for Comic Relief's "Red Nose Day", Sophos CEO Kris Hagerman receives a dunking.
  • #FFSec, March 15: Five infosec pros who stand out

    CSO Online
    Follow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste)
  • RSA Conference 2013: What’s Hot and What’s Not, Talk By Talk

    TrendLabs - Malware Blog
    In my previous blog post, I discussed some key takeaways that I got from the talks I attended in the recently concluded RSA 2013 in San Francisco, California. This time around, I want to share in length, some of these noteworthy sessions. Innovation Sandbox Innovation Sandbox was a packed session that Hugh Thompson ran quite [...]

    Post from: Trendlabs Security Intelligence Blog - by Trend Micro

    RSA Conference 2013: What’s Hot and What’s Not, Talk By Talk

  • Video: David Navetta on cyber insurance, risk management

    CSO Online
    David Navetta, lawyer at the Information Law Group, talks about how security has become a risk management task -- making cyber insurance all the more important.
  • Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too

    Sophos - Naked Security
    Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.

    There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
  • NIST, US government's vulnerability database, brought down by ironic malware

    Sophos - Naked Security
    The US's national vulnerability database has been offline for days thanks to multi-server infection inflicted by hacker(s) who really know how to hurt a infosec guy or gal.
  • BYOD: have you managed the change?

    Clearswift Blog


    For those of you that read our blog regularly, you will know that in December we referenced how ‘bring your own device’ (BYOD) would continue to be one of the dominating security themes in 2013. Research released last week from the ICO and YouGov reflected this trend. Overall, the poll of over 2,000 British adults found that employers appear to have a laissez faire attitude about allowing their staff to use their personal laptops, tablet computers and smartphones for work. 


    Looking at the figures in more depth, the survey shows that whilst 47 per cent of all UK adults now use their personal laptop or smart device for work purposes, less than three in ten are given guidance on how to do so securely. The YouGov survey also shows that email is the most common work activity carried out on a personal device, accounting for half (55%) of people who use their own devices for work purposes. This was followed by 37 per cent who used a personal device to edit work documents and 36 per cent to store work documents — many of these activities are likely to involve the processing of confidential or sensitive information. 


    The survey comes as the ICO publishes a free guide to help CIOs address some of the main issues around properly protecting customer, patient or personal data in a BYOD context. 


    To some extent, the culture of BYOD has developed as a direct result of companies saving money by not purchasing dedicated corporate devices for their staff. The problem comes when they cut corners on securing these devices within the corporate network. We know that, essentially, people use their own devices to suit their needs and ultimately to be more productive, which is commendable. 


    Many organisations have policies in place regarding the use of such devices, but the proliferation of smart devices means that another level of protection must be added as once that device holds company data; it needs to be covered by the company’s security policy. These devices are not just an entry point into the corporate network; they are also an exit point. Businesses need to consider what happens to the data stored on these devices when the individual leaves the company. There needs to be a policy and a process to ensure that corporate information has been appropriately removed as part of the leaving process. From a more mundane perspective, the company also needs to ensure there is a policy relating to when the device breaks or is lost to ensure that the productivity of the individual is not compromised.


    Any organisation that does not take BYOD seriously is simply setting itself up for a data breach which will ultimately be more costly to the organisation (in terms of revenue and reputation) than dedicating some time to updating and enforcing the appropriate security policies.





    Permalink

    | Leave a comment  »

  • Do you read Naked Security via Google Reader?

    Sophos - Naked Security
    If you follow Naked Security's RSS feed via Google Reader, and want to carry on reading the latest security news, you're going to have to start thinking about what you should do when Google shuts Reader down for good.

    Why not sign-up for our email newsletter instead?