Skip to main content

Home/ Groups/ NBISE Institute
Rss Feed
Sort By: Most Recent | Popular Filter: All | Bookmarks | Topics Simple Middle
dhtobey Tobey

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

NBISE security scanning firewall software

shared by dhtobey Tobey on 29 Jan 11 - No Cached
  • "Years ago when we started writing checks, we might have been tackling five to 10 a day," says Paul Wood, a senior analyst with Symantec Hosted Services. "It's now well over 10,000 a day and growing." According to McAfee's 2010 Q2 Threat Report, the company identified 10 million pieces of malware in the first half of this year and is tracking close to 45 million in its malware database.
  • Vulnerability assessment products are also behind the curve, as Greg Ose and Patrick Toomey, both Neohapsis application security consultants, found when they recently set out to measure the relative effectiveness of various vulnerability scanners. "It's a question frequently raised by our customers," Toomey says. "They know the tools aren't going to catch all of the problems, but can they count on them to catch, say, 80% of the bad ones?" What Ose and Toomey discovered was far worse than even they had anticipated. Out of the 1,404 vulnerabilities accounted for by the Common Vulnerabilities and Exposures project during the sample period, there were only 371 signatures. In the best cases, the tools were in the 20% to 30% effectiveness range.
  • Toomey's observations are in line with those of security researcher Larry Suto, who earlier this year reported that Web application vulnerability scanners missed almost half (49%) of the vulnerabilities present during his tests.
  • ...5 more annotations...
  • But there's also a new twist to consider: With an increased number of attackers targeting and hijacking the credentials of IT personnel, the outsider can become the insider, at least from the perspective of our technology controls. Forward-thinking companies will move now to address this scenario. Think about how you'll detect large, anomalous query spikes against key tables in sensitive databases. Ensure you can spot large-scale document downloads from file shares and internal document management systems. If a hijacked credential is used to log into a large number of machines during a short time frame, you should have the ability to spot that activity.
    • dhtobey Tobey
      dhtobey Tobey on 29 Jan 11
       
      Investing in workforce development and professionalizatino of the infosec workforce may do more.. combat ingenuity with ingenuity, not automation.
  • investing even a small percentage of your security budget in only a few specialized systems to help here will go further than throwing good money at yesterday's outdated controls.
  • Stop rewarding ineffectiveness and start rewarding innovation. Maybe right now you're struggling with a scary realization: "The millions I'm spending on firewalls and antivirus technology is relatively worthless if my adversary is skilled."
  • Greg Shipley is an InformationWeek contributor and a former CTO
dhtobey Tobey

Home - Performance Testing Council - 0 views

www.performancetest.org

NBISE performance certification

shared by dhtobey Tobey on 29 Jan 11 - Cached
  • The Performance Testing Council is your gateway to freely exchange experiences, knowledge, and yes, passion with others in the practice of performance testing. Membership will help you refine your evaluation program as you learn from experts, share best practices, help define research, expand your marketplace and help establish common delivery standards.
  • dhtobey Tobey on 29 Jan 11
     
    Community of interest group for performance testing
dhtobey Tobey

European e-Competence Framework - Home - 0 views

www.ecompetences.eu

skill competency-model e-CF european

shared by dhtobey Tobey on 29 Jan 11 - Cached
  • The European e-Competence Framework (e-CF) is a reference framework of 36 ICT competences that can be used and understood by ICT user and supply companies, the public sector, educational and social partners across Europe.
  • European e-Competence Framework 2.0 for download
  • European e-Competence Framework 2.0 - downloadUser guidelines for the application of the European e-Competence Framework 2.0 - downloadBuilding the e-CF - a combination of sound methodology and expert contribution - downloadEuropean e-Competence Framework 2.0 - Executive overview - download
  • ...2 more annotations...
  • European e-Competence Framework 2.0 - downloadUser guidelines for the application of the European e-Competence Framework 2.0 - downloadBuilding the e-CF - a combination of sound methodology and expert contribution - downloadEuropean e-Competence Framework 2.0 - Executive overview - download
    • dhtobey Tobey
      dhtobey Tobey on 29 Jan 11
       
      This is an example of how we might publish our Competency Model for Operational Security Testing.
dhtobey Tobey

2011 DHS S&T CSRD BAA - Federal Business Opportunities: Opportunities - 0 views

www.fbo.gov/index

grant DHS

shared by dhtobey Tobey on 03 Feb 11 - No Cached
  • The Department of Homeland Security (DHS) Science and Technology (S&T) Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Division's (CSD) announce a Broad Agency Announcement (BAA) for Fiscal Year 2011 to improve the security in both Federal networks and the larger Internet. This Broad Agency Announcement (BAA) seeks ideas and proposals for Research and Development (R&D) in 14 Technical Topic Areas (TTAs) related to CSD.
dhtobey Tobey

Competency Data For Training Automation.pdf - 0 views

www.ostyn.com/...yDataForTrainingAutomation.pdf

competency-model research SCORM

shared by dhtobey Tobey on 03 Feb 11 - Cached
  • dhtobey Tobey on 03 Feb 11
     
    Great white paper from which we borrowed the SCORM graphic.
Michael Assante

App security testing - 0 views

www.infosecisland.com/...ication-Security-Mistakes.html

Security Testing

shared by Michael Assante on 03 Feb 11 - No Cached
  • Michael Assante on 03 Feb 11
     
    About application security testing
dhtobey Tobey

Emulab.Net - Emulab - Network Emulation Testbed Home - 0 views

www.emulab.net

simulation emulab computer research

shared by dhtobey Tobey on 26 Feb 11 - Cached
  • Emulab is a network testbed, giving researchers a wide range of environments in which to develop, debug, and evaluate their systems. The name Emulab refers both to a facility and to a software system. The primary Emulab installation is run by the Flux Group, part of the School of Computing at the University of Utah. There are also installations of the Emulab software at more than two dozen sites around the world, ranging from testbeds with a handful of nodes up to testbeds with hundreds of nodes.
  • dhtobey Tobey on 26 Feb 11
     
    "Emulab is a network testbed, giving researchers a wide range of environments in which to develop, debug, and evaluate their systems. The name Emulab refers both to a facility and to a software system. The primary Emulab installation is run by the Flux Group, part of the School of Computing at the University of Utah. There are also installations of the Emulab software at more than two dozen sites around the world, ranging from testbeds with a handful of nodes up to testbeds with hundreds of nodes."
  • dhtobey Tobey on 26 Feb 11
     
    Possible testbed for developing performance-based exams and simulated learning platforms. Emulab underlies DHS' DETER testbed for research and development.
Steve King

Services | SkillsNET - 0 views

www.skillsnet.com/services

knowledge-sharing KnowledgeManagement semantic-web ontology

shared by Steve King on 03 Mar 11 - No Cached
  • Steve King on 03 Mar 11
     
    Here at SkillsNET, we offer a fully implemented, semantically indexed, knowledge management system, used to facilitate research collaboration, information access, and interoperability amongst workers. Utilizing our Semantic Workforce Analysis methods, organizations can realize the benefits of identifying domain ontologies, and can significantly improve their knowledge management systems (KMS) strategy internally and among distributed web communities. Using Latent Semantic Analysis (LSA), electronic artifacts and explicit Knowledge data are analyzed, decomposed, and meta-tagged for later retrieval during a problem solving scenario. Your workers will have the ability to access explicit knowledge sources and use tacit Knowledge in collaboration with team members to identify the optimum technical solution to current problems
dhtobey Tobey

Beyond Camping, Canoeing, Boy Scouts Add Robotics : NPR - 0 views

www.npr.org/...story.php

STEM Boy.Scouts robotics

shared by dhtobey Tobey on 09 Apr 11 - No Cached
  • The Boy Scouts of America, which offers more than 120 badges ranging from archery to wilderness survival, next week will unveil a robotics merit badge meant to promote science, technology, engineering and math, fields collectively known as STEM. In doing so, the 101-year-old Texas-based organization is trying to remain relevant and better reflect boys' interests, said Matt Myers, who oversees the Boy Scouts' STEM initiative.
  • Officials expect at least 10,000 of the nation's 2.7 million Boy Scouts to earn the new badge in the next year, compared with the roughly 500,000 who earn the most popular badge — first aid — each year.
  • Developing the robotics badge requirements took 14 months and involved help from more than 150 scouts, their leaders and industry professionals. Ken Berry, who led the effort, said the badge is a bit overdue given that hundreds of thousands of children and teens already are participating in robotics competitions around the country. "We're promoting stretching of the mind like athletics promotes stretching of the body," said Berry, assistant director of the Science and Engineering Education Center at the University of Texas at Dallas.
  • ...1 more annotation...
  • "One of the biggest problems we have for high school kids and Boy Scouts included, is that there aren't a lot of opportunities to tinker and experience what it's like to be an engineer, so when they get to the college level, students are often ill prepared to do an engineering degree," he said. NASA, which allowed its Mars rover to be depicted on the badge, also agreed to take 100 patches into space on the Endeavour shuttle mission. Those badges will be distributed through an online contest.
  • dhtobey Tobey on 09 Apr 11
     
    Possible avenue to extend NBISE certifications to K-12 groups in collaboration with the US Cyber Challenge?
dhtobey Tobey

Designing GTD Contexts - 0 views

www.keenerliving.com/designing-gtd-contexts

productivity GTD goals methodology

shared by dhtobey Tobey on 10 Apr 11 - No Cached
  • David’s list is certainly a good one. Almost everyone can organize their tasks by contexts such as @Computer, @Errands, @Home, @Office, @Calls, and so on. But, the problem is that sometimes some of these context listings contain so many items that our eyes and our brains do not process the lists well.
  • I made use of this principle long ago in designing my GTD contexts. I noticed that my @Home listing was large (15 to 20 items typically), and I noted that I would only do some of them when setting on my couch. So, I created an @Couch context. About half of my @Home items wound up there. I also created an !Focus context. I wanted a way to blend the Covey style of addressing the “big rocks” with the GTD contexts. Basically, I knew there were some items that were “big rocks” for me, ones I wanted to ensure I accomplished during the week, irrespective of what context they might fall into. So, the !Focus context evolved from that.
  • dhtobey Tobey on 10 Apr 11
     
    Good advice for setting up contexts in a task management system. Based on this I created the following contexts: !Focus, @Desk, @Errands, @Home, @Hotel, @iPad, @Mobile, @Phone. Note how the iPad is becoming a "location" for me already.. wow, Apple could quickly take over the highest cap position among public companies!
dhtobey Tobey

Cyber security certification program launches | ISA - 0 views

www.isa.org/InTechTemplate.cfm

certification training cybersecurity MITRE CTEF K-12 ISC(2)

shared by dhtobey Tobey on 11 Aug 11 - No Cached
  • Sypris Electronics, LLC, a subsidiary of Sypris Solutions, Inc. partnered with Career Technical Education Foundation, Inc. (CTEF) and The MITRE Corporation to develop, establish, and host a cyber security curriculum for local and national high school students. The curriculum was co-developed by Sypris, MITRE, and CTEF, and it is under evaluation by (ISC)².
  • Students who successfully pass the program, along with a Systems Security Certified Practitioner (SSCP) certification exam, will become an Associate of (ISC)² toward the SSCP certification, an opportunity not currently available to any other high school students in the nation.
  • There is no other cyber security curriculum available for secondary education anywhere in the country, and we are the first to make it available,” said Paul Wahnish, president of CTEF
‹ Previous 21 - 31
Showing 20 items per page