Summer in New York?

Want an excuse to spend a week in New York City this summer? SANS is bringing MGMT512 – Security Leadership Essentials for Managers to New York in the Community format. Find details here.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

SANS 566 Coming to Toronto

After a great time in Nashville (minus all the problems caused by snow the week prior) I’m heading to Toronto to teach another round of 566. If you are looking to implement or audit the 20 Critical Controls, you need to register for this class. The SANS material is excellent and gives you plenty of tools to start the process on your own. The Toronto course runs April 13-17, details here.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Teaching Update

A quick teaching update. SANS MGMT512 in Ottawa/Gatineau was a great group last month, thanks to those of you who attended. If you’re interested in implementing the 20 Critical Controls, I’ll be teaching SANS SEC566 (Implementing and Auditing the 20 Critical Controls)  in Nashville starting March 9. If you’re in Canada, watch for Canadian events coming soon.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

This is a good summary of the Regin surveillance tool.

Securosis Blog | Building an Enterprise Application Security Program: Use Cases

The 5 Biggest Cybersecurity Myths, Debunked | WIRED

What are you doing? – DSEncrypt Malware | FireEye Blog

“Have you ever downloaded and installed a large Android application that had very few actual UI elements or functionality? Recently, FireEye Labs mobile security researchers have discovered a new kind of mobile malware that encrypts an embedded Android application with an attachment in an asset folder – concealing all malicious activities within a seemingly benign application.”

via What are you doing? – DSEncrypt Malware | FireEye Blog.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Is there already a war happening between Russia and Ukraine?

A Windows Authentication Flaw Allows Deleted/Disabled Accounts to Access Corporate Data – Aorato

Understanding Role Based Access Control: Advanced Concepts