Showing posts with label Ben Rothke. Show all posts
Showing posts with label Ben Rothke. Show all posts

Friday, January 19, 2018

Book Review: The Woman Who Smashed Codes

One of the challenges of working for the NSA, is that employees don’t have the freedom to share what they do with the professional community at large. Whether it is blogging, writing articles, participating in industry meetings or the like, NSA employees simply can’t do that. It’s not just the NSA, it pretty much every security agency of most countries. While many people think that public-key cryptography was created by Rivest, Shamir and Adleman (RSA), it was actually created a few years earlier by James Ellis, Clifford Cocks and Malcolm Williamson of the GCHQ, the UK equivalent of the NSA. …

The post Book Review: The Woman Who Smashed Codes appeared first on Security Boulevard.



from Book Review: The Woman Who Smashed Codes
Posted by at No comments:
Labels:

Wednesday, December 13, 2017

Book review: Serious Cryptography: A Practical Introduction to Modern Encryption

Philosopher Alfred North Whitehead noted that modern philosophy is simply a series of footnotes to Plato. When it comes to cryptography, much of it is simply footnotes to Bruce Schneier’s classic work Applied Cryptography: Protocols, Algorithms and Source Code in C. In Serious Cryptography: A Practical Introduction to Modern Encryption (No Starch Press 978-1593278267), Jean-Philippe Aumasson has written not just some good footnotes to Schneier, but a valuable work on modern encryption and cryptography. A lot has changed since Applied Cryptography came out over 22 years ago and Aumasson does a…

The post Book review: Serious Cryptography: A Practical Introduction to Modern Encryption appeared first on Security Boulevard.



from Book review: Serious Cryptography: A Practical Introduction to Modern Encryption
Posted by at No comments:
Labels:

Thursday, November 30, 2017

Ben’s Book of the Month: Review of “How Healthcare Data Privacy Is Almost Dead … and What Can Be Done to Revive It!”

This month’s theme is security strategy & operations. Some questions include: what makes a good cybersecurity strategy? What policies and procedures should you have in place to ensure your employees, customers and sensitive data remain safe? If you believe John Trinckes in How Healthcare Data Privacy Is Almost Dead ... and What Can Be Done to Revive It! (Auerbach Publications 978-1498783958), the healthcare industry is running on the information security equivalent of life support. Perhaps no other industry has so much highly personal data than the healthcare sector. And it’s likely that no…

The post Ben’s Book of the Month: Review of “How Healthcare Data Privacy Is Almost Dead … and What Can Be Done to Revive It!” appeared first on Security Boulevard.



from Ben’s Book of the Month: Review of “How Healthcare Data Privacy Is Almost Dead … and What Can Be Done to Revive It!”
Posted by at No comments:
Labels:

Thursday, August 17, 2017

Book Review: Understanding the Digital World: What You Need to Know about Computers, the Internet, Privacy, and Security

Anyone who has taken a computer science or programming class will likely know of Brian Kernighan. He had significant contributions to the development of Unix, and also wrote the AWK and AMPL programming languages. For the last 20 years, he’s been a professor of computer at Princeton University. He is the author of many technical books. When I got his latest book Understanding the Digital World: What You Need to Know about Computers, the Internet, Privacy, and Security (Princeton University Press 978-0691176543), I did a double-take at first, as this is more of an introductory text. …

from Book Review: Understanding the Digital World: What You Need to Know about Computers, the Internet, Privacy, and Security
Posted by at No comments:
Labels:

Friday, June 30, 2017

Ben’s Book of the Month: Review of “Information Security Policies Made Easy”

This month’s theme is policy & government. As information security becomes even more important in government, business and life, information security policies are being developed to combat the emerging threats and regulate industry. The importance of effective information security policies cannot be overemphasized, as they are the foundation toward implementing information security and ensuring the security of the people, systems, and networks within an organization. If an organization lacks security policies, they cannot inform employees and users of their specific security responsibilities. …

from Ben’s Book of the Month: Review of “Information Security Policies Made Easy”
Posted by at No comments:
Labels:

Wednesday, May 31, 2017

Ben’s Book of the Month: Review of “CISO Desk Reference Guide: A Practical Guide for CISOs”

While the classic prepare 3 envelopes joke revolves around a CEO, it’s quite appropriate for a CISO. For many CISO, their career path is a slow and steady one where they deliberately progress into that role. For others, they often quickly obtain the role due to a major security breach that requires that envelope #3 be opened. In the CISO Desk Reference Guide: A Practical Guide for CISOs (CISO DRG 978-0997744118), authors Bill Bonney, Gary Hayslip and Matt Stamper have written a tactical guide that can help the soon to be or new CISO get up and running. Each of the three have been in the…

from Ben’s Book of the Month: Review of “CISO Desk Reference Guide: A Practical Guide for CISOs”
Posted by at No comments:
Labels:

Tuesday, February 21, 2017

Audio Content Security: Attack Analysis on Audio Watermarking

Watermarking is a covert marker meant to identify ownership. It has long been used in various forms to protect physical and digital products. For digital media, it’s used to protect copyright, intellectual property, content and more. If that watermark is attacked and compromised, the underlying security will be of no use. In Audio Content Security: Attack Analysis on Audio Watermarking (Syngress 0128113839), authors Sogand Ghorbani and Iraj Sadegh Amiri attempt to show that watermarks on different genres of music can have different levels of effectiveness. They also discuss some attacks that…

from Audio Content Security: Attack Analysis on Audio Watermarking
Posted by at No comments:
Labels:

Sunday, February 5, 2017

The Security Reading Room: The Best Information Security Books of 2016

There were a lot of good information security books that came out in 2016, and many that were not worth reading. With that, here’s my list of the information security books stand out as the best, listed in no particular order: The Car Hacker's Handbook: A Guide for the Penetration Tester - plus ça change, plus c’est la même chose. Lots of features combined with poor security make cars the next big avenue for hacking. Craig Smith shows everything the car manufacturers have done wrong, and what they need to do to make it right. But is Detroit listening? Pinpoint: How GPS Is Changing Technology, …

from The Security Reading Room: The Best Information Security Books of 2016
Posted by at No comments:
Labels:

Thursday, December 29, 2016

Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies

Advanced persistent threats (APT) have gotten significant amounts of press over the last few years. When I first scanned the title of this book, I assumed it was on that topic. While Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies (Syngress 978-0128093160) does details APT, that’s not the main focus. The books notion of advanced persistent security means ensuring that security is built into every aspect of a system. This goes from endpoint to server, and covers everything in between. In the book, authors…

from Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies
Posted by at No comments:
Labels:

Sunday, December 18, 2016

Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis

In chapter 2 of Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis (Syngress ISBN 978-0128033401), authors Brett Shavers and John Bair discuss the Tor browser and how it can offer tremendous levels of security and privacy. Their goal in the book is to help security professionals and investigators use investigative techniques against those employing such tools for nefarious purposes. A perfect example is from 2013 where a Harvard student used Tor and other privacy tools to send in a false bomb threat. Investigators noted that while the student used Tor, it…

from Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis
Posted by at No comments:
Labels:

Wednesday, November 30, 2016

Secure Data Deletion

The law of conservation of energy is that energy remains constant; it can be neither created or destroyed. It simply transforms from one form to another. While not a perfect analogy, data on a hard drive or other physical media is quite difficult to completely transform to the state of fully erased. While many have lost files and been unsuccessful in retrieving them; for an information security professional, the goal is often to ensure that the data is eliminated (sanitized is the official term) without the possibility of retrieval. Secure data deletion is the process of deleting data such…

from Secure Data Deletion
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)