LulzSec Information Security Case Study Volume 1 – PBS

Eric Vanderburg As promised, here is the first case study regarding the events surrounding the Lulzsec group. If you are reading that and wondering what we mean take a look at our blog entry titled “Awareness Pains: How the LulzSec hacks influence security awareness.” That entry will give you a foundation as to what approach […]

August 3, 2011 |

Awareness Pains: How the LulzSec hacks influence security awareness

Eric Vanderburg Bob set down the phone with a sigh. After six hours, five phone calls, countless emails, and two meetings, it was time to go home. The exploit of a system he had been assured was safe was now front-page news. LulzSec was taking the credit but his company was taking the blame. Maybe […]

July 21, 2011 |

The Social Networking Threat

Eric Vanderburg Social Networking is a godsend and a concern, a help and a hindrance, an amazing feat and a terrible nuisance. While these descriptors apply for the individual, they are exacerbated multiple times for a corporation. A corporation needs to be concerned with everything from profits to people, and social networking websites like Facebook, […]

July 14, 2011 |

Teaching Users to Spot Malicious Programs

We have worked hard to educate users of the need for computer hygiene, using anti-spyware, multiple browsers, data backups, and antivirus programs. Unfortunately, users are getting fooled into installing fake antivirus programs through clever pop-ups that work off the fear users have of viruses. These programs install themselves and trick users into paying for bogus […]

June 1, 2011 |

Mitigating the Threat of Corporate Espionage

Corporate espionage is not just a plot for action movies, it is a real threat to small and large businesses.  Many successful attacks of corporate espionage steal data from companies each year resulting in intellectual property being sold to other companies, often in other countries, or ransomed back to the company.  This, in turn has [...]May 10, 2011 |

Leveraging Vulnerability Scoring in Prioritizing Remediation

The average organization has numerous types of equipment from different vendors. Along with the equipment, businesses also utilize multiple software applications from various developers throughout the organization. This diversity provides many helpful opportunities, but also creates a higher probability for vulnerability. Risk managers are able stay aware of new vulnerabilities through vendor systems or services […]

April 21, 2011 |

Achieving High Availability with Change Management

Eric Vanderburg Change management is a key information security component of maintaining high availability systems. Change management involves requesting, approving, validating, and logging changes to systems. This process can bring significant benefits to an organization. Namely, it can strengthen the decision making ability of an organization by training personnel to fully think on and evaluate […]

February 22, 2011 |

Guidelines for Username and Password Risk Management

Eric Vanderburg Hackers often bypass some of the best security technologies by exploiting one of the oldest tricks in the book, your password.  Not only will attackers quickly gain access to whatever you have access to, audits and security monitoring will detect show that you accessed the documents, not the attacker so you will be […]

February 1, 2011 |

Physical Security for Data in Transit

Eric Vanderburg Briefcase chained to his wrist, the officer cautiously looks for anything out of the ordinary as he makes his way purposefully to a black vehicle with government plates. You would think he might relax with two armed men flanking him and another waiting at the car but his rigorous training keeps him focused. […]

January 25, 2011 |

Fail Secure – The Correct Way to Crash

Eric Vanderburg Do you think there is a right way to crash?  A system crash sounds like a bad thing all around but there are safe ways for a system to crash and dangerous ways.  Systems can crash in a way that allows attackers to exploit the data on them or to install back doors […]

January 5, 2011 |

Request Info

TCDI | Computer Forensics | Cybersecurity | Litigation Technology