Category Archives: Security Training, Awareness and Reports
Public Key Infrastructure
Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates (from wikipedia). Usage Example Encryption Authentication Signatures There are several tutorial videos available. Cryptography tutorial … Continue reading
Posted in Security Training, Awareness and Reports
Comments Off on Public Key Infrastructure
Example Analysis of Spear-phishing email
There is a good example of a detailed investigation of a malware, available on SANS reading room. It is good for learning, not only about spear phishing threats, but also about investigation techniques. Case highlights: Spear-phishing email with attachement The … Continue reading
Posted in Forensics, Security Threats, Security Training, Awareness and Reports
Comments Off on Example Analysis of Spear-phishing email
Another Security Vocabulary bt IETF
There exist another vocabulary called “Internet Security Glossary, Version 2”. It is IETF RFC 4949 from 2007. IETF=Internet Engineering Task Force Note, in RFC 4949 the definitions might differ from the ITU and ISO definitions. For example, “information security” is … Continue reading
Posted in ICT Terminology, Security Terminology, Security Training, Awareness and Reports
Comments Off on Another Security Vocabulary bt IETF
ITU Terms and Definitions
ITU (International Telecommunication Union, intro) has online database for terms and definitions for 6 languages. Currently there are more than 100000 terms. For the term “information security” it can find a match in ITU-T. Term : information security Definition … Continue reading
Posted in ICT Terminology, ITU-T, Security Terminology, Security Training, Awareness and Reports, Telecom Security
Comments Off on ITU Terms and Definitions
ISO Standards, Risk Management and Information Security Vocabularies
There are different vocabularies for Information Security. One good reference Risk Management is the ISO Guide 73 from 2009. For Information Security, one should look ISO 27000 from 2009. Unfortunately these standards are not free. For free vocabulary, it is … Continue reading
Posted in ICT Terminology, ISO, Risk Management, Security Terminology, Security Training, Awareness and Reports
Comments Off on ISO Standards, Risk Management and Information Security Vocabularies
Security Challenges and Competitions
There exist some security related competitions, which might be interesting for some people. Have a look at Cyber Security Challenge UK web page. One of the links are to Digital Forensics Challenge 2011 by DC3 (DoD Cyber Crime center). It … Continue reading
Posted in Cybersecurity, Security Training, Awareness and Reports
Comments Off on Security Challenges and Competitions
2011 Data Breach Investigations Report by Verizon
DBIR is a must to view for anyone working with the information security. 2011 report is available here.
Posted in Risk Management, Security Management, Security Training, Awareness and Reports
Comments Off on 2011 Data Breach Investigations Report by Verizon