Insider Threat – Clear Text Data in Use, More

By |July 28th, 2016|Insider threat, KSE|

KSE Insider Threat Toolbox   Encryption is the usual prescription to generally protect data in transit and in storage. Authorized personnel have access to sensitive data in a decrypted state while performing tasks and activities in accordance with assigned roles and duties. In terms of the insider threat, a major challenge is how to protect clear text

Joker Poker

By |July 21st, 2016|KSE|

Joker Poker – Infosec Version! Imagine if infosec was a poker game, instead of the usual whack-a-mole. Would that be a better or worse, than the reactive game we are playing now? Apparently, there’s a version of poker known as Joker Poker, where the joker card is a wild card that can be played as

When defense is sexier than offense – Part 1

By |July 13th, 2016|KSE|

Problem is, defenders just don't get to experience it.   One of the repeated discussions in infosec regards whether defense can be as sexy as offence, or at least perceived as sexy enough to attract more people to become defenders. Maybe not sexy as in a suave and debonair secret agent like James Bond, but

When Authentication Fails, Is There a Backup?

By |July 10th, 2016|Insider threat, KSE|

When Authentication Fails Recent episodes of two security podcasts I listen to regularly discussed one of infosec's dead horses - password fail, but in a new light.  Many breaches result from the use of stolen credentials obtained by various means. Increasingly though, as both podcasts discussed, attackers are just using credentials or passwords that are used multiple times