Category: Standards

Are You Secure? Ten Signs That Your Security Program is Doing Pretty Well

Security is a process. It’s an evolving process that when mature, has certain qualities about it. Here are ten signs that your security program is at a decent point of maturity. A new critical security advisory is released and you

Posted in Dialogue, Incident Response, Secure Administration, Secure Design, Standards, Systems Hardening

The Immutable Friday Fav Five for September 9, 2011

Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based crime. One of the more interesting projects is a compilation of

Posted in Computer Crime, Dialogue, Incident Response, Intrusion Detection, Log Analysis, Research, Secure Administration, Secure Design, Standards, Systems Hardening Tagged with: ,

Detecting the Apache Range Header DoS Attack with OSSEC

If you run Apache, you may have heard about the DoS vulnerability last week. Apache suffers from a condition where an attacker can remotely cause the web server to consume huge amounts of memory. This causes the system to be

Posted in Computer Crime, Intrusion Detection, Log Analysis, Research, Standards Tagged with: ,

Why Some Merchants Should Not Worry About PCI Part II

Yesterday, I wrote a post saying that the lady who cuts my hair needs to comply with 100% of the PCI standard. This was based on my experience in PCI in corporate environments, some of which do not actually store

Posted in Dialogue, Risk Management, Standards Tagged with:

Why Some Merchants Should Not Worry About PCI

When I had my hair cut today, I got to thinking about what level of responsibility this small business should have to protect my credit card data. This is not some big chain. It’s one lady with a couple of

Posted in Dialogue, Risk Management, Standards Tagged with:

Are Oracle Syslog Logs RFC-Compliant?

I have been studying Oracle logging for the last couple of weeks. Oracle can log to the SYS.AUD$ table within the database, a flat file, XML file, or it can use the OS logging facility (in Windows this is the

Posted in Log Analysis, Standards Tagged with: , ,

Logging in the Cloud: A Primer for Success

It was inevitable. Cloud services are popping up everywhere and it was only a matter of time before log-based services started to appear. But does that mean the cloud is the right place for your logs? What are the key

Posted in Log Analysis, Log Management, Risk Management, Secure Design, Standards Tagged with:

NIST Takes Security to Small Businesses

One of the big problems in information security is how to effectively teach small businesses safe data handling. They’re too small to have dedicated security budgets and they can’t be expected to publish volumes of security policies; yet, they have

Posted in Research, Secure Design, Standards, Systems Hardening Tagged with: