Information Security Blogs

by: Jeremy Johnson, CISSP

Penetration Test vs Vulnerability Assessment

Some say Potato, some say Tomato. The term Penetration Test has been thrown around a lot in the Information Security industry. Some vendors and institutions use the term Penetration Test interchangeably with Vulnerability Scan or Assessment, when in fact, the two define very different scopes, methodologies, and deliverables. The recently updated FFIEC ...Read More...



by: Stan Skwarlo, CISA, CISSP

Cyber Security Baselines and Anomaly Detection

Baselining and anomaly detection are security concepts that have been around for quite a while, however, recently both have received renewed interest. This new attention stems from increased regulatory focus on incident response and that in today's cybersecurity world it's no longer a question of "if" but "when." Cyber-attacks have evolved to the point where they can pass through technical defenses, blend into an environment and remain undetected as long as...Read More...



by: Jim Baird, CBCP

Incident Response!

Incident Response Plans (IRP) have been expected by banking regulators for years. But with the ever-increasing threats of cybercrime, malware, breaches, ransomware, etc. the expectations have morphed into having a far more robust, comprehensive, cyber-ready, and tested IRP. Further, the FFIEC Cybersecurity Assessment Tool devotes an entire Domain to the topic (Domain 5: Cyber Incident Management and Resilience). Consider the following next time you .....Read More...




by: Jeremy Johnson CISSP

Sometimes, the Patch is Only the Beginning

Not all patches work out of the gate. Anyone who has been responsible for patch management knows that it is a never ending cycle of download, test, patch and repeat. What is often overlooked, unfortunately, is that sometimes, even when a patch is applied, the vulnerability it is supposed to fix isn't always fixed…not right away at least.....Read More...




by: David Matt CEH

Recommended Audit Policy Settings

The following recommended settings are based on Microsoft and industry best practices. Note that these settings are ....Read More...




by: Scott Burkhart GCIA, GCFA

Detecting PowerShell Attacks
with the On-Point Forensics Platform

The information technology website "ComputerWeekly.com" recently published an article stating that Windows PowerShell has been tied to more than a third of cyber-attacks. 2015 was certainly the year that penetration testers and attackers alike fully embraced the power that....Read More...



by: David Matt CEH

Eliminating Local Administrative
User Access Requirements in Your Environment

Back in the Windows 95/98 days, Windows had no file system security, and users always had full control of their systems. With the advent of Windows NT/XP, granular access controls and limited....Read More...



by: Bill Brock

IT Security Assessment Bids
The Good, The Bad and the Ugly

Tips, tricks and shortcuts for evaluating vendors of independent IT security assessment. This information will help you better understand the bid in front of you and some possible outcomes as you work to shorten the stack of vendors.....Read More...



by: Phil VanMeerhaeghe CISSP

Finding Weakness in Todays Networks

Evaluating the security of an internal network environment can be accomplished several ways. We routinely field a number of questions about internal network security assessments. A few of the most common questions.....Read More...



by: David Matt CEH

EMET, the security tool you haven’t heard about.

Microsoft’s Enhanced Mitigation Experience Toolkit, or EMET, is a free security tool that has been around for some time, but outside of a few circles, it hasn’t received the attention.....Read More...



by: Jeremy Johnson, CISSP, MCSA

Exposed Management Consoles - A look at Microsoft Exchange

In most organizations where we find Microsoft Exchange, we find Outlook Web Access (OWA) open to the internet. Generally, external access to OWA and ActiveSync is allowed when mobile users are accessing Exchange email. This is all hosted using Microsoft's Internet Information Services (IIS). What many administrators may not realize .....Read More...



by: Greg Peterson, CCSE, CEH

Going Next Level (Firewalls)

The shape of the internet as we know it is constantly changing and evolving to meet the growing demands of business and entertainment. This constant growth however has added levels of complexity to Information and Network Security which can lead to complex and mismanaged network environments. One of the newer products to hit the Security scene that is hoping to help reduce those .....Read More...



by: Scott Burkhart, GCFA, GCIA, MCSE

Memory Acquisition Tools

Combating today’s advanced malware requires skill and an advanced toolset. The most common incident response procedure that we see in smaller organizations is to identify infected machines and simply run malware scanners (Malwarebytes, Spybot, etc...) until the scan comes back clean. This “scan until clean” mindset often results in repeated infections and gives the organization a false sense of security. Malware scanners suffer from .....Read More...