CISO Security ‘Portfolios’ Vs. Reporting Structures
8/23/2016Organizational structure is a tool for driving action. Worrying about your boss’s title won’t help you as much as a better communication framework.
Post a Comment
Author
Profile of Adam Shostack
Founder, Stealth Startup News & Commentary Posts: 10Adam is an entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently building his fifth startup, focused on improving security effectiveness, and mentors startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege"
game. Adam is the author of "Threat Modeling: Designing for Security," and the co-author of "The New School of Information Security."
Articles by Adam Shostack
Organizational structure is a tool for driving action. Worrying about your boss’s title won’t help you as much as a better communication framework.
Post a Comment
Security Portfolios: A Different Approach To Leadership
8/11/2016How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
Post a Comment
Security Lessons from My Financial Planner
6/24/2016Security investments can be viewed as a portfolio. If we think in portfolio terms, we realize that ROI is a backwards-looking measure. What else can we learn from financial planners?
Post a Comment
Revealing Lessons About Vulnerability Research
6/10/2016It’s not clear why a dozen FBI agents showed up at a security researcher’s door last month but as cyber becomes more a factor in product safety, our judicial system needs to get a better grasp on who the real criminals are.
Post a Comment
Security Lessons from C-3PO, Former CSO of the Millennium Falcon
4/21/2016The business will take risks. When and how to speak up.
Post a Comment
CAs Need To Force Rules Around Trust
4/4/2016Google Symantec flap reveals worrisome weakness in the CA system.
Post a Comment
Security Lessons From My Stock Broker
3/17/2016Or, how to lie with metrics.
Post a Comment
Security Lessons From “The Gluten Lie”
3/10/2016How faith healers and security vendors have learned what lies work.
Post a Comment
Security Lessons From My Doctor
2/25/2016Why it’s hard to change risky habits like weak passwords and heavy smoking, even when advice is clear.
Post a Comment
Security Lessons From My Car Mechanic
2/18/2016What an unlocked oil pan taught me about me about the power of two-way communication between security pros and the organizations they serve.
Post a Comment
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Search Cybersecuruty and you will get unicorn.
Latest Comment: Search Cybersecuruty and you will get unicorn.
Current Issue
Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2017 UBM, All rights reserved
Tweet This