Posted By Chris | August 23rd, 2010
Management style is an area of operations that has more impact on an organization’s security posture than most would assume. There are a lot of policy level decisions with legal ramifications that management is faced with on a daily basis as part of their overarching responsibilities. Driving standards and approved operating procedure from the management level can exude some fantastic benefits if approached in a suitable manner. Creating and adhering to well-developed processes takes a lot of the guess work out of daily activities of employees, and moreover, provides a solid foundation to ensure that all requirements are being met and that all employees know the rules of the game. Continue reading
Tags: Information Assurance, Information Security, Management, philosophy, Security, security training
Filed In: Business Practices, Management Practices
Posted By Chris | August 18th, 2010
As part of the IATAC SME (Subject Matter Expert) Program, we are occasionally forwarded questions and asked for our input. The most recent request for information was interesting, so I thought I’d share my response here. Due to Federal Information Security Management Act (FISMA) Certification and Accreditation (C&A) requirements, the government and military operate using … Continue reading
Tags: Approved IA Products List, Approved Product List, C&A, CoN, DIACAP, IATAC, SME
Filed In: Business Practices, IATAC SME Program, IT Infrastructure Security, Software and Automation
Posted By Chris | August 17th, 2010
“The new malicious program penetrates smartphones running Android in the guise of a harmless media player application. Users are prompted to install a file of just over 13 KB with the standard Android extension *.APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the … Continue reading
Tags: Android, malware, mobile, Trojan-SMS
Filed In: Malware, Mobile
Posted By News | August 16th, 2010
Proso CEO, Chris Merritt, to have another article published in the IATAC Newsletter in their Fall 2010 issue. This free quarterly publication features timely articles from the IA community. These articles are solicited from such organizations as OSD/Joint Staff, the Combatant Commands, Services, Systems Commands, Government R&D Labs and Academia. Each issue also features regular … Continue reading
Tags: IATAC, News, Published Works
Filed In: News & Events, Press Releases
Posted By Nick | August 12th, 2010
Malware analysis is not a skill that every IT security professional has. It comes with a heavy amount of programming experience, an understanding of assembly, computer memory, debuggers and decompilers. Malware analysis can take a lot of time and skill, and is usually not done by organizations’ security staff. The staff leaves it to AV … Continue reading
Tags: analysis, joebox.org, malware
Filed In: IT Infrastructure Security, Security Testing
Posted By Nick | August 10th, 2010
I recently had an opportunity to do some research into a large volume of Snort IDS rules that had begun to fire (to the tune of millions of alerts a day) for an organization. At first glance these alerts appeared to be false positives, but they smelled like a lazy application DDoS attempt from some … Continue reading
Tags: False Positive, Snort
Filed In: IT Infrastructure Security, Security Testing
Posted By Chris | August 9th, 2010
With the launch of an updated version of proGD (1.0.0.19), a software we developed to automate the manual process of scanning with DISA Gold Disk, a DoD MS Windows scanner, I thought it made sense to publish a brief post about how automation can really lighten the load of information security professionals in any organization. … Continue reading
Tags: automation, proGD, software
Filed In: Software and Automation