How to Develop Security Policies and Standards in Five Steps

Business People In Meeting

By Alan Kowlowitz, NYSTEC Information Security Consultant

If you are an information security professional, at one point you will probably be expected to write security policies and standards for your company or agency. You already know why such documentation is important: failure to produce sound policies and standards could lead to a lack of compliance or security awareness—leaving your data vulnerable to security breaches.

Many excellent guidelines, models, and resources are available, making it relatively easy for you to develop sound policies. However, it remains difficult to write policies and standards that can be readily implemented and actually improve your organization’s security posture. Continue reading

Link: The Year of Online Extortion

catena d'oroAccording to one security expert, “2016 is proving to be the year of online extortion.” Attackers, he says, are no longer interested in just your credit cards: they want your personal information so they can hold it for ransom — or even sell it to the highest bidder. Continue reading

Network Forensics 101

elektronischer FingerabdruckBy John Mounteer, NYSTEC Information Security Consultant

A cybercriminal has just wiped all traces of an attack from your server. Now you’ll never know the source of the attack or the extent of the damage, right?

Not if you have a network forensic investigator on the trail.

The ability to interpret the data in log and capture files and recognize malicious activity in the data is a special skill that requires in-depth knowledge of network and application protocols. This article provides a short introduction to network-based forensic investigations of suspected criminal activity related to information technology systems.

Continue reading

The Internet of Everything: What Are the Risks?

The Internet of things market connected smart devices tag cloudBy Paul Romeo, NYSTEC Information Security Consultant

I recently attended a training class where, during the break, one of the instructors told me how excited he was about the new refrigerator he’d just bought, which was going to be part of the Internet of Everything (IoE). From his smart phone, he said, he would be able to inventory the items in his refrigerator and know when he ran low on key items such as milk, eggs, and, of course, beer.

I said he might want to rethink putting beer in the new refrigerator, because he might not be the only one with deep insight into his dietary purchases. His health insurance company could have access and observe his sugar, fat, and sodium intake by monitoring his purchases—and even potentially raise his health insurance rates based on that data.

The instructor replied, “I never thought about that. I’ll have to keep my old refrigerator for my beer and junk food.”

What is the IoE? Is it something great, or should we be worried? The answer is likely a little of both. Continue reading