Category: Infosec

April 26th, 2017 by John

Major General Brett I. Williams discusses the distinction between cyberwarfare and information warfare. The distinction can be important!

Posted in Blog, Infosec, Nation State

April 25th, 2017 by John

Solomon Smith and I presented at the Spring ISACA meeting in Iowa City, IA today on cyber education. 

http://alignedsecurity.com/index.php/2017/04/25/illowa-isaca-cyber-education-presentation/

Posted in Blog, Community, Events, Infosec

April 20th, 2017 by John

Home | The Security Cards: A Security Threat Brainstorming Kit

The University of Washington has developed a set of 42 playing cards for modeling security and privacy threats. The cards encourage you to brainstorm about potential threats along 4 dimensions:

  • HUMAN IMPACT
  • ADVERSARY’S MOTIVATIONS
  • ADVERSARY’S RESOURCES
  • ADVERSARY’S METHODS

You may print the cards yourself or request them from the university.

Posted in Cool-Stuff, Exploits & Attacks, Infosec

April 19th, 2017 by John

This article has some very good insights regarding what board members say they want and what they are getting from CISOs. They still tend to be skeptical of risk presented as loss predictions in dollars. Storytelling still has an important role to play.

Posted in Infosec, Risk Management

April 19th, 2017 by John

Elad Yoran writes a SC Magazine blog relating what’s in the news to your privacy and personal devices.

Posted in Infosec

April 14th, 2017 by John

U.S. charges DuPont employee with trade secrets theft | April 11, 2017 Issue – Vol. 95 Issue 16 | Chemical & Engineering News

This is an interesting case where a DuPont employee stole trade secrets prior to retirement. It is often the young, brash employee who is the scapegoat. I speak from personal experience, that in the Midwest, large, old corporations distrust vendors, contractors and new employees, and tend to overlook the risk that comes from the long-time “trusted and loyal” employee. There is even a stigma if you have been at a company a long time, and leave before retirement. However, until recently, many companies continued to provide email and corporate services, and even let retirees keep their laptop, because of their retiree status. Shows that good feelings don’t amount to much, when competitors are willing to pay big bucks for your secrets. Everyone is a potential leak.

Read More

Posted in Blog, Criminal, Infosec