Skip to main content

Home/ NBISE Institute/ Group items tagged consultant

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
dhtobey Tobey

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

NBISE security scanning firewall software

shared by dhtobey Tobey on 29 Jan 11 - No Cached
  • "Years ago when we started writing checks, we might have been tackling five to 10 a day," says Paul Wood, a senior analyst with Symantec Hosted Services. "It's now well over 10,000 a day and growing." According to McAfee's 2010 Q2 Threat Report, the company identified 10 million pieces of malware in the first half of this year and is tracking close to 45 million in its malware database.
  • Vulnerability assessment products are also behind the curve, as Greg Ose and Patrick Toomey, both Neohapsis application security consultants, found when they recently set out to measure the relative effectiveness of various vulnerability scanners. "It's a question frequently raised by our customers," Toomey says. "They know the tools aren't going to catch all of the problems, but can they count on them to catch, say, 80% of the bad ones?" What Ose and Toomey discovered was far worse than even they had anticipated. Out of the 1,404 vulnerabilities accounted for by the Common Vulnerabilities and Exposures project during the sample period, there were only 371 signatures. In the best cases, the tools were in the 20% to 30% effectiveness range.
  • Toomey's observations are in line with those of security researcher Larry Suto, who earlier this year reported that Web application vulnerability scanners missed almost half (49%) of the vulnerabilities present during his tests.
  • ...5 more annotations...
  • But there's also a new twist to consider: With an increased number of attackers targeting and hijacking the credentials of IT personnel, the outsider can become the insider, at least from the perspective of our technology controls. Forward-thinking companies will move now to address this scenario. Think about how you'll detect large, anomalous query spikes against key tables in sensitive databases. Ensure you can spot large-scale document downloads from file shares and internal document management systems. If a hijacked credential is used to log into a large number of machines during a short time frame, you should have the ability to spot that activity.
    • dhtobey Tobey
      dhtobey Tobey on 29 Jan 11
       
      Investing in workforce development and professionalizatino of the infosec workforce may do more.. combat ingenuity with ingenuity, not automation.
  • investing even a small percentage of your security budget in only a few specialized systems to help here will go further than throwing good money at yesterday's outdated controls.
  • Stop rewarding ineffectiveness and start rewarding innovation. Maybe right now you're struggling with a scary realization: "The millions I'm spending on firewalls and antivirus technology is relatively worthless if my adversary is skilled."
  • Greg Shipley is an InformationWeek contributor and a former CTO
dhtobey Tobey

SkillsNET - 1 views

www.skillsnet.com/about

job.task.analysis skillsnet competency-model consultant

shared by dhtobey Tobey on 03 Mar 11 - No Cached
  • We worked with a company called SkillsNET® because its algorithm is linked to the Department of Labor statistics and standards. When you are done doing the Job Task Analysis (JTA), you take that data and apply it to the algorithm and out comes a series of SkillObjects. SkillObjects are simply a way of bundling knowledge, skills, abilities and training into small, manageable, chunks of human resource data… Because of the SkillObjects we know what skills they [sailors] will need… and since we are more effectively utilizing our manpower, we can then optimally man our units.” Commander, Naval Education and Training Command, Vice Adm. J. Kevin Moran at the FORCEnet Engineering Conference briefing the Sea Warrior vision
  • “The SkillsNET approach gives the United States Navy flexibility in defining the skills necessary for particular positions and providing training and career development opportunities tailored to individual service members.” Spokesperson, Naval Air Warfare Center “The company’s software helps employers compare what skills their employees need to what skills they actually have, and then devises a plan for bridging any gaps.” Dallas Business Journal
  • dhtobey Tobey on 03 Mar 11
     
    Could these SkillObjects be converted into SCORM definitions for TestLets, CourseLets, and SimLets?
  • Steve King on 03 Mar 11
     
    Wow.. this reads like something you wrote almost.. !! "manageable chunks of HR data" .. I'll look into this and see if they share their schema / data model.. SK PS I'm guessing you have a google alert set for JTA :)
1 - 2 of 2
Showing 20 items per page