All too often you read about security breaches that cost firms millions of dollars or hit individuals with loss of personal data or both. But all this pales in comparison when you consider the implications of a security breach somewhere on the electrical grid.
Plausible scenario #1
Would it not be enough for you to worry about picking up a malware infection via an e-mail, infected program or social media Web site. Now consumers have to worry about every intelligent device they plug into your computer. This is not new news. We have already seen reports of infected digital picture frames, GPS devices, etc. The latest non-techie device to spread malware is a battery recharging unit. Yup, that’s right – battery recharging unit. The Duo Charger, USB-powered battery recharger contains malicious code.
When it comes to testing coverage protection for their network intrusion prevention system (IPS), enterprise end users may use a commercial tool that contains and replays many exploit packet captures.[1]
I hinted in the reply to a comment on one of my earlier postings (Looking to make certified products a proposal requirement?
Well, looks like Andy and I are making news again! I have an opinion piece on a familiar topic just published in Government Security News and Andy is featured in SC Magazine.
Take a look and let us know what you think.
Pick a holiday, any holiday, and get ready for targeted, malicious email.
Today (January 6) we issued a press release (available here www.icsalabs.com/press-release/icsa-labs-offers-tips) with tips on how business and government agencies can use independent product assurance from a third party to simplify the Request for Proposal (RFP) process.
only applicable to consortia or certification programs that are in existence. Not applicable to Security Information Event Management Solutions, MPLS End to End Application Security Products, Telecommunications, Call Data Recording Applications, Telecommunication Firewalls.
Very True, and a good point. There is a full whitepaper in the works which will deal with the topic at hand in more detail. It touches on this and other issues. You can get a glimpse of this in the words I supplied in the table. (paraphrased): If programs exist and map well to your requirements, require products to have gone through them. IF NOT, leverage what you can in terms of existing 3rd party results (ours and others) and favor those with credible 3rd party assurance.
Welcome to the launch of the ICSA Labs Blog. We are excited about the opportunity to use our new blog as a forum for greater interaction with the security community at large, especially those with a vested interest in computing security.
Comments
Post new comment