Active Risk Management
1.0K views | +0 today
Follow
Active Risk Management
IT Risk Management brought into action
Curated by Jens Hoffmann
Your new post is loading...
Your new post is loading...
Scooped by Jens Hoffmann
Scoop.it!

Total internet failure: are you prepared?

Total internet failure: are you prepared? | Active Risk Management | Scoop.it
A total internet failure could stop any business in its tracks, yet few are preparing for this possibility, KPMG has warned
Jens Hoffmann's insight:

A 2-3 day global & total internet breakdown should be inlcuded in every business continuity plan.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

True White-Knuckled Stories of Metrics in Action: Sylvan | SecurityWeek.Com

True White-Knuckled Stories of Metrics in Action: Sylvan | SecurityWeek.Com | Active Risk Management | Scoop.it
It's fine to do a root cause analysis and understand the problem, but communicating that understanding effectively is crucial to bringing about a desired change.
Jens Hoffmann's insight:

How to motivate a necessary change by communicating it effectively with the right metrics.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others.

How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others. | Active Risk Management | Scoop.it
I remember fondly two years ago, when 2-Factor-Authentication (2FA) became popular and well used across major web applications (Google, Facebook, Yahoo and others).
Jens Hoffmann's insight:
Protect you mobile voicemail. It could be used to bypass your otherwise secure 2-Factor Authentication on Google, FB and others.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Now is the Time to Address Security in the Internet of Things

Now is the Time to Address Security in the Internet of Things | Active Risk Management | Scoop.it
Researchers have demonstrated that routers, set-top boxes, security cameras, TVs, and even fridges can be hijacked and abused by cybercriminals for various purposes, including sending spam, mining for crypto-currencies, and spreading malware. Medical devices can also be hijacked, and the consequences can be deadly.
Jens Hoffmann's insight:
Developers should introduce secure design and coding practices into their cutting edge "Internet of things" projects. The major reason is that their well-intented systems could create springboards to attack more valueable targets.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Twitter makes password reset easier, account hijacking harder

Twitter makes password reset easier, account hijacking harder | Active Risk Management | Scoop.it
Twitter has announced two changes aimed at helping protect user accounts and restore access to them. The company said that they are aware that many people reuse the same passwords across multiple s...
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

What the Doctor Ordered: Data-Driven Compliance

Over the past decade or so, corporate compliance initiatives have received a considerable amount of attention and as a result have matured considerably.
Jens Hoffmann's insight:
Data-Driven compliance initiatives will provide an accurate evaluation of their effectiveness.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

US-Einzelhandelskonzern: Target-Chef tritt nach Daten-Skandal ab - SPIEGEL ONLINE

US-Einzelhandelskonzern: Target-Chef tritt nach Daten-Skandal ab - SPIEGEL ONLINE | Active Risk Management | Scoop.it
35 Jahren arbeitete Gregg Steinhafel bei Target, sechs davon als Vorstandschef. Jetzt muss er seinen Posten räumen. Unter Steinhafels Führung waren Target Millionen von Kundendaten gestohlen worden. 
Jens Hoffmann's insight:

Der Rücktritt des Target CEO ist ein Zeichen, dass Informationssicherheit nicht mehr länger auf die leichte Schulter genommen werden kann. Die finanziellen Schäden und der Imageverlust nach einem schweren Sicherheitsvorfall können Dimensionen annehmen, die Kunden und Investoren nicht kalt lassen. 

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

99% mobiler Schadcodes werden für Android gefunden

99% mobiler Schadcodes werden für Android gefunden | Active Risk Management | Scoop.it
Description
Jens Hoffmann's insight:
Besonder kritisch zu sehen ist das Auftauchen fortgeschrittener Malware-Arten.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

How to Create Awareness of the Insider Threat

How to Create Awareness of the Insider Threat | Active Risk Management | Scoop.it
One of the legacies of Edward Snowden's treason is that companies are now concerned about the insider threat more than they ever were before. He demonstrates that a single person inside an organization can devastate the organization.
Jens Hoffmann's insight:

So much, for "We trust our people and we don't need a 4-eyes principle control".

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

UPDATE: Encrypt the Web Report: Who's Doing What

UPDATE: Encrypt the Web Report: Who's Doing What | Active Risk Management | Scoop.it
We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four five six seven eight companies—Dropbox, Facebook, Google, Microsoft, Sonic.net, SpiderOak, Twitter, and Yahoo—are implementing five out of five of our best practices for encryption.
Jens Hoffmann's insight:

Great news! More and more cloud service providers are now implementing five out of five of the EFF best practices for encryption: Dropbox, Facebook, Google, Microsoft,Sonic.net, SpiderOak, Twitter, and Yahoo

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Why Risk Management is Impossible

It is impossible to identify all critical assets. It is impossible to determine value of IT assets. It is impossible to manage vulnerabilities. Impossible^3 = I
Jens Hoffmann's insight:

It is impossible to identify all critical assets. It is impossible to determine value of IT assets. It is impossible to manage vulnerabilities. Impossible^3 = Impossible. 

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

How the NSA snoop-proofs its Macs

How the NSA snoop-proofs its Macs | Active Risk Management | Scoop.it
It's the NSA's job to snoop on all of us, but it doesn't want to be snooped on itself. So it has guidelines for securing all the Macs in its service. Here's how the spooks keep their Macs safe.
Jens Hoffmann's insight:

Practical advice to secure your Mac. Do it today!

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

How the Latest Smartphones Could Turn Us All Into Activity Trackers | Wired Opinion | Wired.com

How the Latest Smartphones Could Turn Us All Into Activity Trackers | Wired Opinion | Wired.com | Active Risk Management | Scoop.it
The separate M7 coprocessor makes constant activity tracking more power-efficient, which means we’ll start to see more Quantified Self (QS) apps without a noticeable drain on the battery.
Jens Hoffmann's insight:

We need a higher sensitivity when our mobile phone tracks every single of our activities. It will tranform us from the quantified self into the quantified society.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

NSA-created Digital Security Gaps Frustrate Tech Experts

NSA-created Digital Security Gaps Frustrate Tech Experts | Active Risk Management | Scoop.it

Software Security Holes Used by the National Security Agency to Conduct Broad Surveillance Can Expose Consumers to Attacks from Hackers, Technology Experts Say.

Jens Hoffmann's insight:

It is time to re-think your purchasing strategy for IT equipment. A big chance to non-US tech companies.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Security Metrics: What is a "Metric"? | SecurityWeek.Com

Security Metrics: What is a "Metric"? | SecurityWeek.Com | Active Risk Management | Scoop.it
For the sake of this discussion, the definition of “metrics” is some data and an algorithm for reducing and presenting it to tell a story. There are many important and useful tools related to metrics; this takes a look at some and how they fit together.
Jens Hoffmann's insight:

A metric is some data and an algorithm for reducing and presenting it to tell a story.

A good rule of thumb, or heuristic, to use for your own metrics program is that if you're going to share your results outside your organization, you need to start thinking about normalization, heuristics and benchmarks. If not – if your metrics process is entirely internally-focused – then you can just worry about whether a critical number goes up and down over time. 

Those are the three questions you should be able to defend against if you're presenting a metric:

• Define your notion of what you are measuring

• Understand the reliability of your counts: are you relying on automatic collection or subjective self-reporting

• Understand the population of your study and control group

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Microsoft Security Report Shows Most Malware Infects by Deception

Microsoft Security Report Shows Most Malware Infects by Deception | Active Risk Management | Scoop.it
While exploit kits increasingly focus on using Java to infect computers, most attacks rely on deceiving the user, Microsoft says in its semi-annual Security Intelligence Report.
Jens Hoffmann's insight:

While exploit kits increasingly focus on using Java to infect computers, most attacks rely on deceiving the user, Microsoft said in its semi-annual Security Intelligence Report.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

On “Defender’s Advantage”

On “Defender’s Advantage” | Active Risk Management | Scoop.it
"The attacker can exploit just one vulnerability to get in, while the defender needs to protect all ways in.” This line of thinking has long been used to sow depression and lower the morale of aspiring security professionals, tasked with protecting the enterprise IT environments and information.
Jens Hoffmann's insight:
It's a common statement in Infosec circles: "The attacker can exploit just one vulnerability to get in, while the defender needs to protect all ways in." But the entire 5000+ year history of warfare, teaches us about the unambiguous defender’s advantage. It is time to rethink InfoSec and start to ask the right questions.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

The linchpin between Corporate Governance and IT Governance

This presentation focuses on how a synergistic approach between Corporate Governance, IT Governance, and Enterprise Architecture can increase an organisation’s value while reducing cost.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

IT Governance is Killing Innovation

IT Governance is Killing Innovation | Active Risk Management | Scoop.it
Traditional project-centric approaches to IT are outdated.
Jens Hoffmann's insight:
CIOs are being asked to arm employees with the capabilities required for success in a new, much more integrated and interdependent work environment. But to do that requires more than capital: it requires a different approach to making decisions and, specifically, rethinking traditional IT project-centric approaches to identifying and funding capital investment opportunities.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Cost of Data Breaches Rises Globally: Report

Cost of Data Breaches Rises Globally: Report | Active Risk Management | Scoop.it

According to the Ponemon Institute's ninth annual global study on data breach costs, the average total price tag of a breach increased 15 percent to $3.5 million.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Stanford’s password policy shuns one-size-fits-all security

Stanford’s password policy shuns one-size-fits-all security | Active Risk Management | Scoop.it
Stanford University network engineers have unveiled a refreshingly enlightened password policy.
Jens Hoffmann's insight:
Easier Security: By allowing extremely long passcodes and relaxing character complexity requirements as length increases, the new standards may make it easier to choose passwords that resist the most common types of cracking attacks.
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

How Heartbleed transformed HTTPS security into the stuff of absurdist theater

How Heartbleed transformed HTTPS security into the stuff of absurdist theater | Active Risk Management | Scoop.it
Certificate revocation checking in browsers is "useless," crypto guru warns.
Jens Hoffmann's insight:

TLS/SSL Security is hopelesly broken. Foremost, because the certificate revocation mechanism isn't working. It just needed the Heartbleed Bug to demonstrate this.

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

American Judge Claims Jurisdiction Over Data Stored In Other Countries

Jens Hoffmann's insight:
Data stored in European Data Center is safe? Wrong! The US Jurisdiction claims, that it has full access!
more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

Encrypt the Web Report: Who's Doing What

Encrypt the Web Report: Who's Doing What | Active Risk Management | Scoop.it
We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications.
Jens Hoffmann's insight:

Google & Dropbox have worked hard to protect their users against warrantless surveillance. Microsoft & Amazon are lacking motivation.  

more...
No comment yet.
Scooped by Jens Hoffmann
Scoop.it!

LinkedIn 'Intro'duces Insecurity - Bishop Fox

LinkedIn 'Intro'duces Insecurity - Bishop Fox | Active Risk Management | Scoop.it
LinkedIn released a new product today called Intro. They call it “doing the impossible”, but some might call it “hijacking email”.
Jens Hoffmann's insight:
As a matter of fact, Linkedin Intro creates a man-in-the-middle-attack. It redirects your e-mail through Linkedin servers for analysis. Don't install it on your devices!
more...
No comment yet.