Written by Guest Poster Wade Woolwine The Chief Information (Security) Officer* is a top level executive who is responsible for defining and executing a plan for identifying, cataloging, and protecting information assets throughout a company or government agency. Seems like a pretty important job, right? So why is it that so many public and private...
Read more »

Two semi-recent articles about medical data being stolen caught my attention because they seemed out of place next to the headlines that decried PowerPoint and Kylin. The articles outline the massive amounts of medical data and patient records that were stolen from UC Berkeley and the Virginia Department of Health Professions last month. Though both...
Read more »

DarkReading recently published an interesting article entitled “BT Study: Most Enterprises Expect to Get Hacked This Year.” I’d say that that’s a safe assumption, since in the case of most large organizations, their electronic footprint is everywhere.  When you pair that with unmanaged parts of an organization setting up servers and machines, accounting for all...
Read more »

Somewhere, the creators of Adobe Reader are weeping. And if they’re not, it won’t be long until they do; with all of the recent vulnerabilities swirling around Adobe Reader, things are going from bad to worse. But just how bad is bad? According to CNET, at the RSA security conference earlier this month, F-Secure Chief Research Officer...
Read more »

A recent article by The Register almost makes you feel bad for social networking sites. In addition to their existing reputation for wasting time and ruining the grammatical aptitude of teenagers everywhere, social networking sites are now being accused of creating serious security threats for organizations in the form of spam, phishing, and malware...
Read more »

In the past few days I’ve come across of two articles that, according to their titles, seem to imply that the problem of software security is practically solved. In the article ”Software security: Software Security Comes of Age,” Gary McGraw discusses the numbers and stats behind general software security, the increased use of code scanning...
Read more »

This week was awash with new studies that generated a great deal of buzz about what’s right, and what’s not so right, about current security practices. For those of you who haven’t seen the reports yet (or don’t have the desire to read through 90-page documents), here’s a quick breakdown.  Releasing its annual Data Breach...
Read more »

Addressing the problem of companies not taking insider threats seriously, the “Many Enterprises Still Don’t Recognize Insider Threat, Studies Say” article on DarkReading made some much-needed points about intranets not being the secure entities that many companies believe them to be. While the article’s primary focus is on traditional insider threats—with employees knowingly or...
Read more »

Have you been wanting to support NovaInfosecPortal, but don’t have money to spare? The good news is that we have partnered with SANS to make it easier for you to support the site by purchasing your SANS training through NovaInfosecPortal. You don’t have to do anything special—just be sure to visit our Help Us Help You...
Read more »

So, is the latest study put out by Microsoft correct? Well, that depends. While at first glance it may appear that Microsoft was looking for a way to extol their awesomeness to anyone who may question it, their most recent study was backed up by independent security notification firm Secunia. Before any of you go on...
Read more »