(No Ratings Yet)
Loading ...SecTor 2008 – Security Education Conference - Unique Training Coming to Canada
Ok. You likely noticed that I blog mostly about the latest happenings in security. It fascinates me, and frankly I think it’s very important. Canada has a rather limited number of security events and most of the content we get here is based out of the United States. Guess what? Canada is different. We have a different culture and different laws, but we’re attached to the same Internet as the rest of the globe. That means what we really need is Canadian perspective on new and developing issues.
With this in mind, I’m involved in a group bringing what we feel is a uniquely Canadian yet world class security event to Toronto.
SecTor Training – This is brand new this year. We’ve brought the best of the best from literally around the world. Need depth training on wireless and Bluetooth security? We have Dino coming from Telespace in South Africa. Interested in penetration testing? You’ll need to learn Metasploit, and who better to learn it from than the guy that started it all? HD Moore will be teaching “PowerSploiting” a course no pentester should miss. You think you already know security? You’re probably too technical. Johnny Long, “godfather of google hacking” and the author of “No Tech Hacking” is teaching his course by the same name (he has really interested low-tech techniques). And finally, who better to teach the latest hacking techniques than the SANS Institute? They’re coming to do their “Cutting Edge Hacking Techniques” course.
I’m very excited about the training, perhaps even a little star struck with who’s teaching it.
SecTor Conference – What can I say; it’s going to be amazing. We’re currently buried in speaking proposals, many of which are truly bleeding edge. You’ll have to wait until September to see the final round of speakers. But that’s what makes this conference great – we accept submissions right up til very close to the event so attendees are presented with only the newest and freshest content.
Ps. We’re still accepting speaking submissions til August 31st. So if you know someone with new research, or something you think the Canadian security professional needs to hear about, please send them to the CFP link.
pps. If you want to attend, you’ll save $250 by registering by August 31.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...McAfee coming to an Intel laptop, MID near you
Security vendor McAfee announced yesterday its plans to extend its products to Intel-based laptops and mobile Internet devices (MIDs).
Integrated data encryption and integrated mobile content security will be provided for laptops and MIDs using Intel Atom processor Z5XX series and Moblin-based software.
Intel’s Anti-Theft Technology and Active Management Technology will also be integrated with McAfee security encryption.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Undelete recovers files that Windows misses: Diskeeper
A Burbank, Calif.-based vendor of data protection and recovery technology released a product that it said captures those files commonly missed by the basic Windows recycle bin.
Diskeeper Corp.’s Undelete 2009 replaces that recycle bin with what the company called a “recovery bin”, which it said immediately restores files on desktops and servers, including those overwritten or deleted over a network.
The product runs on Diskeeper’s proprietary InvisiTasking technology.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson’s Security Resources: #14
Risk management – where the rubber hits the road.
Tracking the latest guidance regarding risk management is always productive as the next big event might just happen under your watch. Managing outsourced arrangements is a huge challenge for both IT and IT security, whether its entire services being outsourced or specific project efforts.
Finally, implementing robust change management processes is one of those proactive, stabilizing activities that dramatically improves the reliability and effectiveness of Security and IT, check it out.
Good luck and have another great week.
1. IT Compliance Institute (ITCi) – “IT Audit Checklist for Risk Management”.
Are you prepared for your next risk management audit? Know what to expect.
Note – a brief registration is required (to download the free white paper).
http://www.itcinstitute.com/display.aspx?id=2499
2. Keeping Up Your SOX Compliance and Turning IT into a High Performer by Improving Change Control. Study the extensive benefits of establishing a robust change management and change auditing practices including the latest research by ITPI (IT Process Institute).
http://www.tripwire.com/resources/asset_request.cfm?aid=2184
http://csrc.nist.gov/groups/SMA/fisma/framework.html
Other NIST white papers - csrc.nist.gov/sec-cert/ca-library.html#fisma-white-paper
4. The Risk Management and Governance (RMG) Board develops practical, easy-to-read documents about governance issues. A review of all the publications is regularly conducted to ensure that they remain current and relevant.
http://www.rmgb.ca/index.cfm/ci_id/243/la_id/1.htm
5. Information Technology Outsourcing
This paper presents a perspective on the matters that an organization addresses when considering IT outsourcing as an option. It is intended to provide topics for the consideration of business managers and auditors when they make or examine outsourcing decisions.
6. 20 Questions Directors Should Ask About Information Technology Outsourcing
http://www.rmgb.ca/index.cfm/ci_id/3083/la_id/1.htm
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Virtual Appliances: Has Everyone Lost Their Mind??
The media is buzzing about virtual appliances (VA’s) as company after company issues a press release about some fancy new virtual appliance that will protect your virtual machines from each other.
Personally I think its geneous. Now I can sell you an “appliance” and because its an “appliance” you’ll inherently assume it’s a good thing, and as a seller I have close to zero cost of goods. I just give you a VMDK file and you’ll start it up and feel all warm and safe.
Perhaps someone can enlighten me on what exactly we’re protecting against. Read the rest of this entry »
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...McAfee partners with ArcSight
McAfee Inc. has signed ArcSight Inc. to be part of its McAfee Security Innovation Alliance.
As a result of the partnership, ArcSight will integration its SIEM Platform with McAfee’s ePolicy Orchestrator (ePO). The Santa Clara, Calif.-based security vendor said that its customers will benefit from ArcSight’s ability to monitor, filter and send critical security events to McAfee’s ePO platform. For example, McAfee said, a worm attack observed by the ArcSight SIEM Platform could be updated with new anti-virus signatures, software or policies.
“The ArcSight event management and log management offerings are very complementary to the McAfee portfolio, but more importantly, we believe that the way that we are tightly integrating them with ePO will help our joint customers reduce their total cost of security and compliance operations,” Joe Gottlieb, vice-president of corporate strategy and technology alliances for McAfee, said in a release.
The agreement will also combine the compliance auditing of McAfee Policy Auditor with the compliance event archiving, alerting, and reporting of ArcSight Logger.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(1 votes, average: 10 out of 10) Loading ...BitDefender launches 2009 security suite
Antivirus software and data security provider BitDefender released the latest version of its security software suite, BitDefender Total Security 2009, earlier today.
New enhancements to the 2009 package include an online backup service for preserving sensitive information and instant messaging encryption to protect Yahoo! Messenger and MSN Messengers users from eavesdroppers.
A new “Laptop mode” feature automatically detects when a laptop moves to battery power and postpones regularly scheduled scans, backups and tune-ups to prevent unnecessary battery drain.
Other changes include a locally stored File Vault, proactive security for online activities, increased home network management control and an improved Gamer mode.
BitDefender differs from the other security software suites that focus on pre-existing virus lists by using “proactive B-HAVE technology that identifies and blocks new and zero-day threats,” states the company release. According to BitDefender, Total Security 2009 will also keep PCs running “at optimal speed and protected from data loss.”
A yearly subscription is available for USD $69.95. The 3-PC license is priced at $79.95.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(2 votes, average: 6.5 out of 10) Loading ...BlackHat USA 2008 - Day 2 Review
Today was the second and final day of the BlackHat USA Briefings. A lot of great content was presented today. Much like yesterday we’ve included some highlevel comments on the various presentations that Tadd and I attended. We will be attending Defcon over the weekend and tying that into one final posting next week. What follows is our summary.
Read the rest of this entry »
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson’s Security Resources: #13
This posting is about learning from best practice guidance and leading papers and studies that have been published by a diverse group of organizations.
1. The GAO web site is one of my favorite places to visit for IT and IT Security guidance although their research effort is much much broader than just these two activities.
2. The IIA is funding a long term effort to develop a series of global technology audit guides which are useful to both auditors and IT practitioners. The GTAGs are published only after an extensive review process is completed.
3. Finally, while people either are very for or very against Wikipedia as a source of good information visiting this repository periodically can be useful. This week I highlight its efforts regarding information technology governance.
Good luck and have another great week.
Dan Swanson
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(2 votes, average: 10 out of 10) Loading ...BlackHat USA 2008 - Day 1 Review
Welcome to our first Security Insider posting from the BlackHat conference here in Las Vegas. My colleague Tadd Axon and I will be doing our best over the next few days to post some highlights of the conference. For those of you not familiar with the event, BlackHat takes a deep look at emerging threats and security research. If you want a good close look into the future, this is the place to be.
For the purpose of these posts in the next few days, we’ll post some high-level summaries of the talks we attend. This isn’t anything close to a full list of everything that’s going on here, just what we’ve personally attended. For a more complete wrap up of both the BlackHat and Defcon events, be sure to attend this month’s TASK event. At the TASK event, all the various TASK members here in Vegas this week will be sharing highlights in more detail. As always TASK is free, check it out. You will also be able to catch some of these speakers when they come to SecTor this year.
So today represents the first day of the conference, and therefore the day that it’s easiest to wake up early for. Tonight many vendors will host many parties making tomorrow a much more difficult day to focus. Here is what we attended.
Read the rest of this entry »
