DNS Security Threats The Domain Name System (DNS) is a service used on both the Internet and private networks to translate Internet Protocol (IP) addresses to Fully Qualified Domain Names. Example, this service allows someone to type a FQDN like www.zymitry.com to reach the Zymitry web site instead of having to type in the domains IP address. Regarding… Read More »
Basic Principles of Security Awareness. Security experts consider system users the weakest link in information security. User skill levels and experience can greatly vary, and unlike automated controls, human users can be subject to fatigue, or be distracted, which can lead to mistakes resulting in vulnerabilities. Security awareness training is often a user’s first experience with information security.… Read More »
Threats from within an organization. Insider security threats are the most significant threat to today’s information systems. Insiders often have elevated access within an organizations information systems which often gives them a level of authorized access that can cause a lot of damage if misused intentionally, or unintentionally. In the SANS Reading Room article; Insider Threat Mitigation Guidance,… Read More »
ISC2 CISSP Certification Requirements ISC2 CISSP provides the following requirements and recommendations to earn and maintain a Certified Information Systems Security Professional (CISSP) certification. Candidates must have a minimum of 5 years cumulative paid full-time work experience in two or more of the 8 domains of the (ISC)2 CISSP CBK. Candidates may receive a one year experience waiver… Read More »
Information System Incident Response Effective information system Incident response requires proper planning and good management. Since organizations are diverse and vary in size, organizations must design their incident response plans based on a detailed assessment of their information system and business requirements. Constructing a proficient Incident Response Team (IRT) is a critical component of any effective Incident Response Plan.… Read More »
Incident Response Teams Computer Incident Response Teams (CIRTs or IRTs) are key components in information security incident response. Effective incident response doesn’t just happen; it takes careful planning and practice. An effective Incident Response Policy should have a plan documenting steps that must be followed and should contain key tasks or milestones with details, processes, and procedures,… Read More »
Guidelines for Media and Data Sanitizing When information systems are taken offline and retired, great care must be taken to ensure media that stored the data in the system remains protected through the retirement process. If media used is going to be removed and discarded, or re-purposed, organizations must ensure data that was stored on the media is… Read More »
Developing an Effective Red Team Penetration testing (pen-testing) is characterized as a method of evaluating internal and external technical security controls through a methodically planned simulated attack that imitates threats from malicious outsiders and malicious insiders to understand the security weaknesses in a system and/or network. When properly executed, pen-testing is a critical tool in assessing and improving … Read More »
Securing the Administrator Account in Microsoft Windows Systems The Administrator account is a default account used in all versions of the Windows operating system. The Administrator account is used by system administrators for tasks that require administrative credentials. The Administrator account cannot be deleted or locked out, but the account can be renamed or disabled. The Administrator account… Read More »
The Importance of Patch Management The threat of malicious virus and worm attacks on Microsoft based systems has been increasing which is forcing businesses to reevaluate their organizations security needs to better protect their systems. Microsoft produces security patches for their system vulnerabilities and makes them available to users. Research has shown that the most efficient way to… Read More »