One Third of Industrial Control Systems Breached →

July 09, 2015 by Marc Handelman in Information Security, Vulnerabilities

via DarkMatters at Norse Corporation, and written by Anthony Freed, comes this troubling post detailing the true scope of Industrial Control Systems (ICS) security fails in the previous twelve month period... Astounding.

"Of the reported attacks, 32% targeted the Energy Sector, with attacks against Critical Manufacturing systems following up at a close second place at 27%, Healthcare with 6%, Water supply systems and Communications each with 6%, and Government Facilities at just over 5%." - via DarkMatters writer Anthony Freed

Infographica, SANS ICS

July 08, 2015 by Marc Handelman in All is Information, ICS/SCADA, ICS, Information Security

National Cybersecurity Center of Excellence →

July 08, 2015 by Marc Handelman in All is Information, NIST NCCoE, NIST, Information Security

News, from the National Cybersecurity Center of Excellence (NCCOE) at the National Institute of Standards and Technology (NIST), detailing updates in a wide range of sectors.

Of interest is the Center's Building Block Updates. Comprised of DNS-Based Secured Email and Derived PIV Credentials, the NCCOE is certainly moving forward (as opposed to executing a flawed mandate laterally, as many Agencies appear to be orchestrating as of this writing...) as we had hoped for at the inception of the Center of Excellence. Outstanding!

NIST Revises Random Number Recommended Methods →

July 07, 2015 by Marc Handelman in All is Information, Information Security, NIST

In a surprise (but welcomed) action, the National Institute of Standards and Technology (NIST) has officially modified the Institutes' recommended methodology targeting the generation of random numbers.

SANS Spring 2015 PenTest Poster →

July 07, 2015 by Marc Handelman in All is Information, Education, Information Security

Click either image for the SANS link to download your PenTest poster. Enjoy.

Johnathan Simon, "How I Found Google's Security Vulnerabilities" →

July 06, 2015 by Marc Handelman in All is Information, Information Security

Tempus, Cifíxus Præcisione Introrsum →

July 06, 2015 by Marc Handelman in All is Information, Computation, Compute Infrastructure, Computer Science, Information Security, Time

In which, the quest to construct a better atomic clock is presented with excruciating precision.

Outstanding →

July 04, 2015 by Marc Handelman in US Navy, US Marine Corps, US Armed Forces, United States of America, Citizenship

via the United States Navy, comes this image created by Mass Communication Specialist 3rd Class Gerald Dudley Reynolds, capturing for perpetuity, a United States Naturalization Ceremony, while aboard the USS Midway Museum, in San Diego, California. Nearly fifty Marines and Sailors from twenty-two countries, as well as many civilians, were sworn in as United States Citizens on July 1st, 2015.

United States of America, Independence Day 2015 →

July 04, 2015 by Marc Handelman in All is Information, Government, Holidays, National Holidays, National Security, Physical Security, Security, Freedom

via the Library of Congress, United States of America

Irari Report, Cybersecurity Guidance with Howard Schmidt

July 03, 2015 by Marc Handelman in All is Information, Cybersecurity, Information Security, Infosec Competence

Mother's Security

July 03, 2015 by Marc Handelman in All is Information, Education, Security Education

via Norse Security's Glen Norman (also from Hacker High School), comes this interesting opinion piece on the difficulty of security implementations at the desktop... Today's Must Read!

Drexel University Cybersecurity Institute Symposium, Innovating Securely →

July 02, 2015 by Marc Handelman in All is Information, Cybersecurity, Information Security, Security Innovation

Wassenaar, The Arrangement →

July 02, 2015 by Marc Handelman in All is Information, Encryption, Intelligence, Information Security

via Wired's Kim Zetter, comes reportage, detailing the proposed ban on bitwise munitions, in this case, the United State's attempts at the utilization of the Wassenaar Arrangement as a foundational source for all things bannable, particularly systems, code, applications, and research in the information security realm...

Evidently, certain interested parties missed that day in law school when the discussion turned to the prohibition of the export of PGP, and the jailing of Phil Zimmermann, including the miniscule effect that effort had on the acquisition of the bits by parties unknown... History - apparently - does offer a repeatable repast.

Canada Day 2015 / La Fête du Canada 2015 →

July 01, 2015 by Marc Handelman in America's Allies, Canada, National Holidays, Canadian Forces

RSA & ISACA, State of Cybersecurity →

June 30, 2015 by Marc Handelman in ISACA, RSA, All is Information, Cybersecurity Economics, Cybersecurity Competence, Cybersecurity

AgitProp de la Journée: PRC PLA Focuses on Cyberwar →

June 30, 2015 by Marc Handelman in All is Information, Propaganda, FUD

Apparently, The Hill's Cory Bennett possesses a strong belief the PRC PLA are putting a 'new' focus on their cyber-this-or-that.

Infographic, IoT →

June 29, 2015 by Marc Handelman in All is Information, IoT, ISACA

Mercatus Assessment Report Opens Federal Can o' Worms

June 29, 2015 by Marc Handelman in Cybersecurity, Information Security, Read It And Weep

The Mercatus Assessment Report illustrates the true nature of profound information security issues in both federal information and cybersecurity realms. Via George Mason University's Mercatus Center Eli Dourado (Research Fellow at the Mercatus Center at George Mason University and director of its Technology Policy Program) and Andrea Castillo (Program Manager of the Technology Policy Program for the Mercatus Center at George Mason University) comes this tour de force assesment paper exposing the information security challenges in federal systems architecture. Today's Must Read It And Weep.

Sunday Security Maxim

June 28, 2015 by Marc Handelman in Security Maxim

We Have Met the Enemy and He is Us Maxim: The insider threat from careless or complacent employees & contractors exceeds the threat from malicious insiders (though the latter is not negligible.)

Comment: This is partially, though not totally, due to the fact that careless or complacent insiders often unintentionally help nefarious outsiders. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory