Who doesn't love free software?Infosec professionals are fortunate to have many good free tools for a range of tasks. The following list of two dozen tools include everything from password crackers to vulnerability management systems to networks analyzers. Whatever your security role is, you'll find something useful here.MaltegoPaterva develops this forensics and open-source intelligence app, designed to deliver a clear threat picture for the user's environment. It will demonstrate the complexity and severity of single points of failure as well as trust relationships that exist within the scope of one's infrastructure. It pulls in information posted all over the Internet, whether it's the current configuration of a router on the edge of the company network or the current whereabouts of your company's vice president. The commercial license does have a price tag, but the community edition is free with some restrictions.OWASP Zed Attack Proxy (ZAP)The Zed Attack Proxy (ZAP) is a … [Read more...] about 24 best free security tools
source Getty Kanye West tweeted out videos of himself on his computer on Monday. If you look closely, one of the videos shows his MacBook – and what appears to be black tape covering the laptop’s camera. This is Kanye West, a world famous musician and fashion designer. Lately, he’s been stirring up some controversy by posting videos of himself watching Scott Adams, the former cartoonist and current right-wing provocateur. There’s a lot to notice in the short videos, and Kanye may just be stoking the fires of controversy for the fun of it. But wait a minute… pic.twitter.com/ZAWui0eXDI — KANYE WEST (@kanyewest) April 23, 2018 Let’s zoom in: source Kanye West/Business Insider On the laptop Kanye is watching, it definitely looks like he’s placed tape over the MacBook’s camera. It’s a fairly paranoid move – but for someone of Kanye’s stature, it may … [Read more...] about Kanye West covers his laptop camera with tape
As my long-time readers know, I’m dedicating the rest of my professional career to promoting a data-driven computer security defense. In a nutshell, it’s about using a company’s local data from its own experiences to create a more efficient and effective computer security defense.I’ve been strongly pushing a data-driven defense for nearly a decade, including a whitepaper, book, and multiple presentations including this one. Companies not using their own data to construct better defenses is behind the rash of easy hacking these days. It leads to inefficient and ineffective defenses, which almost certainly allow more hackers and malware to get into a company.Despite the benefits of a data-driven defense, changing a company’s culture to adopt it is hard. The lessons I’ve learned can help ease the effort.Expect pushbackI have been surprised by the amount of pushback I’ve received for saying that we, as an industry, should be better using our own … [Read more...] about Is your defensive security data-driven?
The Securities and Exchange Commission (SEC) issued new guidance in February, urging senior executives and board members to pay closer attention to cybersecurity. However, the recommendations, while more stringent than what was in place before, don't go far enough, critics say, and, more importantly, lack teeth.No consequences for failureIn a set of recommendations about disclosures of cybersecurity risks back in 2011, the SEC said that companies need to "disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky."The agency clarified that this did not require businesses to talk about specific technical details of those risks. As a result, the disclosures that companies did make were not particularly useful, according to a 2014 study by PricewaterhouseCoopers and the Investor Responsibility Research Center Institute. Instead, the disclosures "rarely provide differentiated or actionable … [Read more...] about SEC’s new cybersecurity guidance falls short
The European Union’s General Data Protection Regulation (GDPR) goes into effect in May 2018, which means that any organization doing business in or with the EU has six months from this writing to comply with the strict new privacy law. The GDPR applies to any organization holding or processing personal data of E.U. citizens, and the penalties for noncompliance can be stiff: up to €20 million (about $24 million) or 4 percent of annual global turnover, whichever is greater. Organizations must be able to identify, protect, and manage all personally identifiable information (PII) of EU residents even if those organizations are not based in the EU.Some vendors are offering tools to help you prepare for and comply with the GDPR. What follows is a representative sample of tools to assess what you need to do for compliance, implement measures to meet requirements, and maintain compliance once you reach it.GDPR assessment toolsSnow Software GDPR Risk Assessment identifies more than … [Read more...] about 14 top tools to assess, implement, and maintain GDPR compliance