Information Security Risk Management

Posted by on in Compliance
Managing information security risks is a key process underpinning the security of every organization. Unfortunately, in many cases, information security risk management is still an area of improvement, with many organizations primarily focusing on the implementation of best practice security control...
Last modified on Continue reading
Hits: 1119 Comments
Rate this blog entry:
0

About Security Metrics

Posted by on in Compliance
Every year organizations around the world spend more and more money in acquiring the latest security technologies and products. Yet, very few organizations manage to get a reassuring feeling about their current risk exposure and the benefits from the investment made. Senior management wants to know ...
Last modified on Continue reading
Hits: 1044 Comments
Rate this blog entry:
0

Improving The Information Security Profession

Posted by on in Training
Many people today call themselves information security professionals but what is an information security professional and what does it take to be one? The Latin root of the word "professional" is profiteri, where pro means "forth" and fateri which means "confess." Taken together, they mean "to annou...
Last modified on Continue reading
Hits: 1201 Comments
Rate this blog entry:
0

Making Sense of Cyber Threat Intelligence

Posted by on in Prevention
The security industry, more than any other industry, feeds on buzzwords to sell. As security breaches make the daily news hitting every industry and organizations of any size, information security managers are continuously looking for the latest silver bullet and solutions to stay ahead of the game....
Last modified on Continue reading
Hits: 1044 Comments
Rate this blog entry:
0

ISO27001 Non-Conformities: Minor or Major?

Posted by on in Compliance
Over the years, I have had the pleasure of delivering tens of ISO27001 Lead Auditor and ISO27001 Lead Implementer training courses across the world and many ISO27001 audits and ISMS implementations. One of the topics that people always find a bit challenging to grasp is the different levels of non-c...
Last modified on Continue reading
Hits: 2091 Comments
Rate this blog entry:
0

Information Security and ISO27001

Posted by on in Compliance
Information Security and ISO27001 Whether we are talking about a bank, a telecommunication company, a government office or even a small shop, information is the most important asset organizations have. Yet very few organizations approach information security the right way and thus continuously exp...
Last modified on Continue reading
Hits: 1912 Comments
Rate this blog entry:
0

Command Execution Vulnerability in Bash

Posted by on in Vulnerabilities
Introduction Over the past weeks there has been a global hype over a number of vulnerabilities affecting the GNU Bash application. These vulnerabilities are classified under CWE-78 (OS Command Injection) which describes vulnerabilities that allow the construction of OS commands using externally con...
Last modified on Continue reading
Hits: 3133 Comments
Rate this blog entry:
0

How to check and fix Bash vulnerability in *NIX

Posted by on in Vulnerabilities
Introduction The blog http://www.silensec.com/blog/entry/vuln/command-execution-vulnerability-in-bash provides an introduction to the "Command Execution Vulnerability in Bash" and also how to test and fix it on a cgi-bin enabled web server using ModSecurity. Here we are going to show how to check i...
Last modified on Continue reading
Hits: 1762 Comments
Rate this blog entry:
0

Silensec Security Quadrant

Posted by on in Compliance
b2ap3_thumbnail_silensec_quadrant.png
Silensec Security Quadrant A good way to illustrate the current level of security achieved by different organizations across different business sectors is to use a Security Quadrant. In this case the Y axis represents the security competence of organizational staff in the area of IT and information...
Last modified on Continue reading
Hits: 2175 Comments
Rate this blog entry:
0

Bypassing Comodo Internet Security

Posted by on in Reverse Engineering
This post discusses the issues that arise from the reliance on user-mode control flow monitoring techniques for the implementation of systems such as Host Based Intrusion Detection Systems, Sandboxes, Function Tracers, etc. It focuses on a single HIPS product offered by Comodo [1], a well respected ...
Last modified on Continue reading
Hits: 1935 Comments
Rate this blog entry:
0

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.