Click either image for the SANS link to download your PenTest poster. Enjoy.
via the United States Navy, comes this image created by Mass Communication Specialist 3rd Class Gerald Dudley Reynolds, capturing for perpetuity, a United States Naturalization Ceremony, while aboard the USS Midway Museum, in San Diego, California. Nearly fifty Marines and Sailors from twenty-two countries, as well as many civilians, were sworn in as United States Citizens on July 1st, 2015.
via Wired's Kim Zetter, comes reportage, detailing the proposed ban on bitwise munitions, in this case, the United State's attempts at the utilization of the Wassenaar Arrangement as a foundational source for all things bannable, particularly systems, code, applications, and research in the information security realm...
Evidently, certain interested parties missed that day in law school when the discussion turned to the prohibition of the export of PGP, and the jailing of Phil Zimmermann, including the miniscule effect that effort had on the acquisition of the bits by parties unknown... History - apparently - does offer a repeatable repast.
The Mercatus Assessment Report illustrates the true nature of profound information security issues in both federal information and cybersecurity realms. Via George Mason University's Mercatus Center Eli Dourado (Research Fellow at the Mercatus Center at George Mason University and director of its Technology Policy Program) and Andrea Castillo (Program Manager of the Technology Policy Program for the Mercatus Center at George Mason University) comes this tour de force assesment paper exposing the information security challenges in federal systems architecture. Today's Must Read It And Weep.
We Have Met the Enemy and He is Us Maxim: The insider threat from careless or complacent employees & contractors exceeds the threat from malicious insiders (though the latter is not negligible.)
Comment: This is partially, though not totally, due to the fact that careless or complacent insiders often unintentionally help nefarious outsiders. Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
Insider Risk Maxim: Most organizations will ignore or seriously underestimate the threat from insiders.
Comment: Maybe from a combination of denial that we’ve hired bad people, and a (justifiable) fear of how hard it is to deal with the insider threat? Compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
"Being involved in information security is intimidating. Not just because you are dealing with complex technology with serious implications if you fail, but everyone around you is going to be smarter than you. Even your adversaries. Especially your adversaries. Get used to it." - via Tripwire's Ken Westin