Latest News


A Multilayered Approach to Information Security
A Multilayered Approach to Information Security

Establishing multiple layers of defense is critical to protecting valuable information assets. An effective multilayered defense involves not only defining and defending the system perimeter, but also preempting and deterring attacks, implementing tools that can deflect attacks, and then constantly …

Read more »
25Oct2013


Physical, Procedural, and Technical Controls in Information Security
Physical, Procedural, and Technical Controls in Information Security

In this post, I will briefly discuss the three major types or categories of controls that can be used to defend information systems – namely (1) physical controls, (2) procedural controls, and (3) technical controls. First, physical controls are those controls which seek to prevent an attack through…

Read more »
10Oct2013


Using Multiple Controls or Countermeasures for Information Security
Using Multiple Controls or Countermeasures for Information Security

In this post I would like to talk about using multiple controls or countermeasures for information security purposes. To begin, consider a castle in the Middle Ages. You may have noticed that many castles were built in locations that leveraged natural obstacles in order to protect the castle during …

Read more »
08Oct2013


Defending against Attacks on Information Systems
Defending against Attacks on Information Systems

In broad terms, there are six different approaches that can be used to defend information systems against attacks by malicious parties. The first of these approaches is prevention, and preventing an attack can be accomplished by either blocking the attack, or by entirely closing or eliminating a vul…

Read more »
07Oct2013


Prerequisites for Attacking an Information System
Prerequisites for Attacking an Information System

In order for an attack on an information system to succeed, an attacker must possess three specific things: (1) method, (2) opportunity, and (3) motive. One useful way of remembering these prerequisites is through the acronym MOM (Method, Opportunity, and Motive). In the context of conducting attack…

Read more »
05Oct2013


Harm and the Value of Information Assets
Harm and the Value of Information Assets

Although in an earlier post I discussed the four types of acts that can cause harm to an information system, here I would like to briefly discuss harm itself. Harm refers to the negative consequences that can arise from an actualized threat. That is, if a vulnerability in an information system is ex…

Read more »
03Oct2013


Types of Information System Attackers
Types of Information System Attackers

Who are these people who seek to compromise the confidentiality, integrity, or availability of our information assets? Surprisingly, many attackers are simply amateurs who act opportunistically. As an example, such an amateur might find someone’s lost mobile device or laptop computer and decide to s…

Read more »
02Oct2013
 
Top