Most Recent Webinars
Captive Portal Demonstration (Man in the Middle Attack) @ RichSEC
Nick Popovich demonstrates how easy it is for a someone to setup a captive portal for the purposes of performing a man in the middle attack with the capability of acquiring a unauthorized session on a victim.
Available on YouTube HERE or embedded below.
Attaining Compliance Genuine Security…
Link to recorded webinar will be posted soon. The slide deck is available here.
[13 July 2010] Synopsis: Are you more interested in securing your infrastructure and systems or getting a good PCI/FISMA/HIPAA/ETC compliance score? These two aren’t always mutually exclusive, but they can be more often than not. The number one, fundamental flaw with compliance, is that the focus is primarily on whether or not you have a control in place – instead of the effectiveness of that control. Because of the focus on do you have it? instead of how well does it work?, it’s not very difficult to manipulate the compliance process for a solid grade of A or B, but doing so provides a false sense of security, and makes organizations working towards compliance unnecessarily vulnerable. If organizations choose to look a level deeper and perform assessments geared toward evaluating effectiveness, almost certainly, their compliance scores will suffer. This incentivizes organizations to review their systems and enclaves according to the letter of the compliance law and focus on what they have instead of how well what they have works.
In this talk, we’ll cover several other issues with compliance and outline a new unofficial compliance vertical that is grounded in performance-based metrics that organizations can use to get started on securing their enterprise. This new consolidated baseline set of critical security controls are not intended exclusively for those that are just beginning their compliance efforts. In fact, they are equally as important for organizations that already have compliance programs in place – especially if those programs are not performance-based.
