Archive for November, 2014


What is Denial of Service (DoS)?

Author: Martin Voelk
November 30, 2014

Share

How to hack a bank account?

Author: Martin Voelk
November 30, 2014

Share

What is Digital Theft?

Author: Martin Voelk
November 30, 2014

Share

What is Phishing?

Author: Martin Voelk
November 30, 2014

Share

Physical Security Checklist

Author: Martin Voelk
November 30, 2014

Visible Security

  • Is the facility visible from the street during both the day and night so that roving patrols can conduct external security checks?
  • Are all entrances and exits visible from a distance and well-lit in the evening? Such visibility provides a deterrent to crime and assists employees in the event of an evacuation.
  • Are shrubs cut to mid-point of window or lower?
    Low shrubbery discourages crime and provides a safer work environment.
  • Are tree limbs cut at least six feet from ground level?
    This policy increases visibility and helps deter crime.
  • If the property incorporates fences into to its security, are they in good condition?
  • Have you installed motion-activated lights around entrances and exits?
    This type of lighting has been shown to deter criminal activity.
  • Are all pathways and parking areas well-lit?
  • Are pathways and parking lots patrolled?
  • Are pathways and parking lots equipped with emergency communication equipment that links to a centrally-monitored or police system?

Location Security

  • Are details on the business’ location listed on an outside directory?
  • Does the organization’s website provide detailed information on the building’s location?
  • Does the organization’s website provide detailed information on the location of the management team?

Lockdown Security

  • Are all doorways and exits easily accessible and clear of blockage?
  • Do all doors and windows close completely?
  • Do all doors and windows have working locks?
  • Are doors and windows alarmed and monitored?
  • Do all sliding windows have anti-slide locks?
  • Are curtains, blinds or other privacy providing covers installed on all windows?

Access Security

  • Is outgoing mail accessible only to the Postal Service or other designated carriers?
  • Are all deliveries and delivery personnel monitored when inside the facility?
  • Are all incoming deliveries inspected before being delivered to the designated recipient?
  • Are all visitors asked to sign in on any visit to the facility?
  • Are visitors assigned a temporary security badge?
  • Are employees instructed to visibly display security badges?
  • Are employees instructed to challenge anyone not wearing a security or visitors badge?
  • Can windows, heating-ventilating air conditioning (HVAC) equipment, and doors be secured in the event of the release of hazardous material?
Share

November 30, 2014

From December 2014 on, we will conduct 1 – 2 free Webinars per month. We will cap WebEx attendance to 50 delegates, so it’s first come first serve basis. Topics will include a broad spectrum around various aspects of IT Security.

In addition we will give away 1 free Consulting hour per month with one of our senior security experts to one of the Webinar attendees. The draw will be through a randomised computer program and the monthly winner will be notified by email at the month end.

Stay tuned for updates.

Share

PCI DSS v3 Penetration Testing

Author: Martin Voelk
November 30, 2014

PCI DSS v3 now requires Penetration Testing and standard Vulnerability Assessments by automated tools are no longer sufficient.

11.3
Implement a methodology for penetration testing that includes the following:

  • Is based on industry accepted penetration testing approaches (for example NIST SP800-115)
  • Includes coverage for the entire CDE perimeter and critical systems
  • Includes testing from both inside and outside the network
  • Includes testing to validate any segmentation and scope-reduction controls
  • Defines application-layer penetration tests to include, at a minimum, the vulnerabilities listed in Requirement 6.5
  • Defines network-layer penetration tests to include components that support network functions as well as operating systems
  • Includes review and consideration of threats and vulnerabilities experienced in the last 12 months
  • Specifies retention of penetration testing results and remediation activities results.

11.3.4
If segmentation is used to isolate the CDE from other networks, perform penetration tests at least annually and after any changes to segmentation controls/methods to verify that the segmentation methods are operational and effective, and isolate all out-of-scope systems from in-scope systems.

Share

November 30, 2014

November 30, 2014

Share

November 30, 2014

Share