[ISN] Bad Decisions Made Faster: How Qualitative Security Risk Assessments Are Making Things Worse

https://blogs.rsa.com/bad-decisions-made-faster-qualitative-security-risk-assessments-making-things-worse/?utm_source=rss&utm_medium=rss&utm_campaign=bad-decisions-made-faster-qualitative-security-risk-assessments-making-things-worse By Derek Brink blogs.rsa.com March 19, 2014 Once there was a leadership team that was exceedingly fond of using risk assessments to make business decisions about information security. The team cared little for detailed discussions about threats, vulnerabilities, technical exploits, or a host of potential security controls. They wanted their subject matter experts on information security to explain clearly how their recommended investments in security controls would actually reduce the company’s risk, and they ultimately wanted to make decisions based on the amount of risk the company was willing to accept. Many security professionals, as well as many security vendors, tried but failed to communicate in this way and fell back into their old bad habits, frustrating everyone. But one day some pretenders came along, who let it be known that that they could conduct qualitative (and even “semi-quantitative”) security risk assessments that could be easily understood by the leadership team. Their security risk assessments were presented using bright colors, and had the property of being understood by virtually everyone. The pretenders were supported by a third-party advisor and highly trusted by the leadership team, who vouched publicly for their approach. Does any of this fractured fairy tale sound familiar? It’s based, of course, on Hans Christian Andersen’s classic story, The Emperor’s New Clothes. You can write the end of the story yourself. In spite of their misgivings, everyone goes along with the charade




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sources: Credit Card Breach at California DMV

http://krebsonsecurity.com/2014/03/sources-credit-card-breach-at-california-dmv/ By Brian Krebs krebsonsecurity.com March 22, 2014 The California Department of Motor Vehicles appears to have suffered a wide-ranging credit card data breach involving online payments for DMV-related services, according to banks in California and elsewhere that received alerts this week about compromised cards that all had been previously used online at the California DMV. The alert, sent privately by MasterCard to financial institutions this week, did not name the breached entity but said the organization in question experienced a “card-not-present” breach


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [Call for Presenters] Security BSides Las Vegas

Forwarded from: BSidesLV Info Security BSides Las Vegas, Inc. is pleased to announce that our Round 1 CFP is currently open and will remain so until 15May. Our second and final round will open on 1Jun and close on 30Jun. http://goo.gl/5S4Mdq You can also access the CFP from the Welcome page of our website at bsideslv(dot)org BSidesLV consists of the following tracks: Breaking Ground – Ground Breaking Information Security research and conversations on the “Next Big Thing”. Interactively discussing your research with our participants and getting feedback, input and opinion. No preaching from the podium at passive attendees. Common Ground – Other topics of interest to the security community. e.g., Lock-picking, hardware hacking, mental health, Burnout, Law, Privacy, Regulations, Risk, Crypto, Activism, etc. Be prepared to engage your audience – and have them engage you. Underground – OTR talks on subjects best discussed AFK. No press, no recording, no streaming, no names. Just you and your peers, behind closed doors. Think about it. Training Ground – Workshops and classes to give your students hands-on experience learning the latest and greatest. We accept proposals for 1/2 day, full-day and 2-day workshops. Proving Ground – Speaker Development Program. 30-minute presentations from up-and-coming first-time national speakers, teamed with one of our experienced volunteer mentors. Proving Ground is our flagship educational program and is a special track. For more information, please take a look at our invitation. BSidesLV is committed to selecting our speakers based on merit of current research and the abstract submitted. To ensure this, we have instituted a double-blind CFP vetting process. Names and Bios will be stripped from the abstract before it is submitted to our 7 member CFP team and no member of the team (with the exception of the Chair) will see another member’s vote or comments. This should assist in maintaining a fair and equal vetting process for all that submit. For clarification purposes, please understand that BSides’ events, including Las Vegas, are free labors of love and education, for the community, by the community, and all events – including workshops – are free to attend for all participants. No remuneration of any kind is offered to presenters*. We do provide breakfast and lunch both days of the conference, a t-shirt, a badge for you and a +1 for a friend, and a Speaker Thank You reception. If you are looking for a conference that can reimburse or off-set your travel and lodging, and offer you a stipend, please consider one of the bigger, paid admission conferences. *We are offering a travel & lodging scholarship pilot program for accepted Proving Ground speakers that qualify. Directions to apply are in the CFP. BSides Las Vegas will be held at the Tuscany Suites and Casino, Las Vegas, Nevada, on August 5th and 6th, 2014. Thank you for your interest and we hope to see you in Vegas! Security BSides Las Vegas, Inc. A 501(c)(3) Non-Profit Educational and Charitable Corporation http://bsideslv.org info (at) bsideslv.org https://twitter.com/bsideslv


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Documentary to be filmed on the life of the last original Navajo Code Talkers, Chester Nez

http://www.infosecnews.org/documentary-to-be-filmed-on-the-life-of-the-last-original-navajo-code-talkers-chester-nez/ By William Knowles Senior Editor InfoSec News March 24, 2013 Chester Nez, the last surviving member of the original 29 Navajo Code Talkers, will be the subject of filmmaker David DeJonge’s upcoming 30-minute documentary. “Chester is the last link from the Navajo people who forged a secret code that helped win the Second World War. Their code led to the training of 400+ additional Navajo code talkers. To record his story in first hand is critical to American and military history.” DeJonge said. DeJonge who is well known for his work with the last WWI veteran Frank Buckles, and also his documentary “Pershing’s Last Patriot”, began producing the documentary on Nez after a visit to Gallup, New Mexico. Nez served with the United States Marines in the Pacific and helped defeat the Japanese by creating a code, using the Navajo language, that was never broken. Sent to a boarding school as a child, Nez and other Navajo children were discouraged from speaking their native language and instructed to only use English, but that didn’t stop them from whispering Navajo to each other in secret. In 1942, Navajo were recruited from boarding schools to join the Marines and use their unique skills to develop an unbreakable code to pass messages. The film will tell Nez’s story from childhood through today. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Poland’s military strikes new deal to bolster cybersecurity, starting with cryptography

http://www.zdnet.com/polands-military-strikes-new-deal-to-bolster-cybersecurity-starting-with-cryptography-7000027567/ By Michiel van Blommestein Central European Processing ZDNet News March 21, 2014 With the turmoil in neighbouring Ukraine, the timing of a new deal between the Polish ministry of defence and three of the country’s universities to boost cybersecurity seems hardly likely to be a coincidence. After an earlier deal under with the Polish defence ministry which saw new cybersecurity courses scheduled for the next academic year at the Military University of Technology, the Polish military on Thursday signed a new agreement with three regular universities. The agreement will bring in research collaborations in the areas of mathematical and information technology with the University of Warsaw, the Technical University of Warsaw, and the Technical University of Wroclaw. The military is especially keen on bolstering the numbers of the country’s


Facebooktwittergoogle_plusredditpinterestlinkedinmail