DISC InfoSec blog

Howard Schmidt
U.S. Cybersecurity Coordinator
In a keynote address at RSA, national cybersecurity coordinator Howard Schmidt announced that the White House was releasing an unclassified version of its plan for securing government and private industry networks which is called Comprehensive National Cybersecurity Initiative, and now available for download from the White House Website (PDF).
Among Schmidt’s [...]

Image by Laughing Squid via Flickr
By Jordan Robertson, AP
The recent hacking attack that prompted Google’s threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Because no fix was available, the linchpin in the attack was [...]

by Ashlee Vance, NYTimes
Back at the dawn of the Web, the most popular account password was “12345.”
Today, it’s one digit longer but hardly safer: “123456.”
Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.
According to a [...]

An Easy-to-Use, All-in-One Suite
Symantec™ Protection Suite Small Business Edition is an easy-to-use, all-in-one suite that protects critical business assets by securing them against today’s complex malware and spam threats, and rapidly recovering computer systems. By upgrading, you will receive multiple layers of protection through award-winning technologies from the market-leading endpoint security, messaging security, and backup [...]

The long awaited international standard on scoping a Service Management System, ISO/IEC TR 20000-3, is now available.
It’s a must have -
Buy the hard copy here:
or the download here:
It may seem a little backwards buying part 3 of the ISO 20000 series ahead of parts 1 and 2 but this makes perfect sense, let me explain…
This [...]

Image by Valerie Reneé via Flickr
By Andreo Calonzo
The system that will be used in the May 2010 automated elections is not hack-proof, but adequate safeguards are in place to protect the results from hackers, the Commission on Elections (Comelec) assured Wednesday.
“I am not saying that the system cannot be hacked. No system is 100-percent hack-proof. [...]

Year in review for online security attacks – 2009 is going to be known as a year of change in tactics of exploitation, rather than creating more new tools in hacker’s community. They are utilizing social media as a tool to exploit and using built-in trust in social media to their advantage. That’s why stealing [...]

Image by Adam Melancon via Flickr
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
A good RAF organizes and presents information in a way that both technical [...]

Cloud Security and Privacy
Because of financial incentive, malicious software threats are real and attackers are using the web to gain access to corporate data. Targeted malicious software’s are utilized to steal intellectual property and other confidential data, which is sold in the black market for financial gain. With use of social media in corporate arena, [...]

Principles of Information Security
For security controls to be effective apply the pillars of information security
–Principle of least privilege
–Separation of duties
–Economy of mechanism
–Complete mediation
–Open design
Least Privilege
• “Need to Know”
• Default deny – essentially , don’t permit any more to occur than is required to meet business or functional objectives
• Anything extra introduces risk
Separation of Duties
• The [...]