Welcome!

InfoSec Tools, Tips and Thoughts

William McBorrough

Subscribe to William McBorrough: eMailAlertsEmail Alerts
Get William McBorrough via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by William McBorrough

The foundation of any security program should be based on risk. When security is addressed as a theoretical exercise, it is often a self defeating proposition. I have seen both in an academic setting where instructors teach security concepts as absolutes and in a professional setting when that absolutist approach lead to conflict, resentment and backlash. A risk-based approach to security is a practical approach to security. One must first, however, explore two crucial questions: What is risk and risk to what? The answers vary from enterprise to enterprise and each organization must go through the process of determining for itself the answers. In the absence of this, organizations tend to seek out "best practices" and follow them without contemplating their necessity. Risk is an ever changing probability that a vulnerability, weakness, or lack of security control w... (more)

How Steganography Can Be Used to Steal Your Financial Data

Steganography is the means of "hiding" information within a larger file of data. It poses a risk to ecommerce security because it allows data or malicious programming instructions to be hidden in other media. In the case of the former, malicious insiders (i.e. employees, contractors, etc) with access to customers financial data may improperly access that data and use steganography to forward it to their accomplices without being detected. In the case of the latter, hackers can embed malicious code in other files, such as images, audio and video files. These files can be forwarded... (more)

The Values Proposition for Allowing Users Access to Social Networks

What is the values proposition for allowing employees access to web 2.0 resources such as social networks? Every other day, we hear about the risks. Compromised Twitter accounts, phishing via LinkedIN,  malicious Facebook apps were only a sample of an every growing landscape. Most enterprises, appreciating the threats these pose to an environment, simply deny access to social networks from company systems and networks. Even within such organizations, there are user who need to access social networks to perform their job functions. LinkedIn has become a great tool for recruiting... (more)

Will Your Cloud Provider Be Around in Two Years?

I just read that my hosting company, GoDaddy, is on the auction block to be sold to the highest bidder. Naturally, I’m thinking of how this change of ownership could adversely affect the service of my web sites, blogs, and virtual servers.  One never really knows until the new owners take over. Maybe they clean house and things change for the better. Or they may look to cut costs and things could take a downward turn. Migrating to a another service would a pain but I could do it if needed. This brings to mind the current state of the cloud computing market. The mad gold rush of ... (more)

Cyber Security Alliance Helps Small Businesses Address Security Risks

Across all industries, small businesses are increasingly facing new threats related to cyber security. Whereas some have taken minimum steps to address these threats but most have not. New security threats and incidents are reported every day in news reports and a many remain unreported. This underscores the need for cyber security education of small business owners and managers. These threats have potentially serious consequences and could lead to unrecoverable damage to small businesses. What are some consequences of the lack of basic cyber security controls? Loss or stolen cus... (more)