The Data Protection Act (DPA) passed in 1998 by the Parliament of the United Kingdom. It’s basically an update to how the data of living people is to be legally handled and utilized in the United Kingdom. The act was a direct response to the growth of the Internet and is intended to prevent […]
https://peoplesec.org/files/2017/01/IT_Ops.jpg6671000patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-04-11 15:17:532017-04-10 15:19:34What is the Data Protection Act (DPA)?
The General Data Protection Regulation (GDPR) is a European Union regulation to protect the security of citizens. Specifically in respect to personal data processing and the free movement of all relevant personal data. Labeled ‘Regulation (EU) 2016/679’, the European Commission. The European Parliament, and the European Council seek to strengthen and centralize data and privacy […]
https://peoplesec.org/files/2017/02/vuln-black-and-white.jpg416416patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-04-05 14:29:012017-12-04 13:13:36General Data Protection Regulation-GDPR
The phone number and web address keep getting taken down and new ones keep popping up. But there is a Microsoft support scam going on requesting personal information. Do Not give them any information. Here are a couple screen shots from a few different people encountering this scam. Vigilante hackers have done some research and […]
https://peoplesec.org/files/2017/04/Microsoft-support-scam-phishing.png6181216patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-04-01 16:08:022017-05-08 18:39:05Microsoft Support Scam
The PCI DSS (Payment Card Industry Data Security Standard) is an industry-wide data security benchmark for firms that deal with payment cards issued by the biggest payment card gateway organizations. The guidelines increase the security of cardholder data as well as minimize the risk of credit card fraud. Developed by the PCI Security Standards Council […]
https://peoplesec.org/files/2017/03/data-protection-PCI.jpg40006000patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-03-31 10:03:142017-05-09 18:39:21PCI DSS – what you need to know in order to stay compliant
Social engineering has become the new standard in both cyber-attacks as well as physical security. Many organizations are fighting back and are quickly making education a priority. First off let’s enumerate a few of the most common types of social engineering attacks and then let’s go over ways to address these threats. Email Phishing […]
Introduction The Sarbanes-Oxley Act is the law as of 2002. You may remember the infamous corporations that were the driving force behind the Act, such as WorldCom and Enron. SOX accordingly expanded and defined new requirements for all public companies as well as management accounting firms. In addition, boards of public organizations in the United States hold […]
https://peoplesec.org/files/2016/08/shutterstock_146680019.jpeg29854752patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-03-20 13:10:512017-03-21 23:50:44Sox Compliance Requirements a Basic Outline
What Is NIST Special Publication 800 53? NIST Special Publication 800 53, developed by the National Institute of Standards and Technology, provides Federal organizations with a dossier of security controls for the information systems under the purview of the concerned agency. This catalog is not applicable to information systems that are related to national security. […]
https://peoplesec.org/files/2017/01/shutterstock_1398560.jpg626940patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-03-13 15:52:482017-03-10 16:19:57NIST Special Publication 800 53
An introduction to FISMA The Federal Information Security Management Act (FISMA) is a landmark piece of federal legislation that was enacted by the United States in 2002 under the E-Government Act of 2002. The federal government enacted the law in order to acknowledge the growing importance of information security to the political, economic, military, and […]
https://peoplesec.org/files/2017/02/network.jpg464696patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-03-07 21:37:512018-04-09 07:37:57The Federal Information Security Management Act (FISMA) and Compliance Requirements
Does your organization take security awareness seriously? Would your employees be able to defend against social engineering attacks? Is the effectiveness of your organizational security frequently tested? You should be answering a resounding “Yes” to all of these questions. If you answer “no” or “I don’t know” this may be a sign that your organization has serious security vulnerabilities. The following is […]
https://peoplesec.org/files/2016/12/Home-page-1.jpg24413500patrickhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngpatrick2017-02-22 14:45:362017-02-22 21:21:23Security Awareness Training & Education Program, Crucial Elements to Incorporate
While the linked post may be stretching a correlation, the points are accurate, entertaining, and what Information Security loving expert doesn’t want to buy that onesie. The top tip, Putting in only 45 minutes a year is bad, PeopleSec is in full agreement. A single 45-minute training a year is not a good practice. Information Security Experts need […]
https://peoplesec.org/files/2016/09/iStock_phishing.jpg18102716Alexhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngAlex2017-02-16 14:37:182017-02-16 14:37:18Information Security Awareness Tips from a Newborn
Recently on one of my personal sites, I received the below phishing attempt: I see a ton of phishing examples as part of PeopleSec’s Security Awareness Training and Education (SATE) program. It is not often a phish in the wild catches my eye and looks like anything other than spam. This email is an excellent […]
https://peoplesec.org/files/2016/09/thinking-grumpy.jpg7411024Alexhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngAlex2017-02-10 16:15:442017-02-22 16:30:00Phishing with emotion and stress results in bad choices
CEO fraud attacks succeed due to untested, unjustified confidence in employee readiness. Enterprises must take them more seriously. The scam’s tactics and techniques are hardly indefensible. Employees simply are not prepared. Quick confession: I once thought such confidence was warranted. However, numerous real-life examples changed my mind. We need others to change their mind too. CEO Fraud Problem Pervasiveness […]
https://peoplesec.org/files/2017/01/fake_ceo.jpeg9581389eirikhttps://storage.pardot.com/189082/1668175372UeLz7nOr/peoplesec_pentesting_Logo_300x138.pngeirik2017-01-31 18:17:382017-02-22 15:59:04“CEO Fraud Attack” Readiness is Only Assumed
What is the Data Protection Act (DPA)?
/0 Comments/in Uncategorized /by patrickThe Data Protection Act (DPA) passed in 1998 by the Parliament of the United Kingdom. It’s basically an update to how the data of living people is to be legally handled and utilized in the United Kingdom. The act was a direct response to the growth of the Internet and is intended to prevent […]
General Data Protection Regulation-GDPR
/0 Comments/in Uncategorized /by patrickThe General Data Protection Regulation (GDPR) is a European Union regulation to protect the security of citizens. Specifically in respect to personal data processing and the free movement of all relevant personal data. Labeled ‘Regulation (EU) 2016/679’, the European Commission. The European Parliament, and the European Council seek to strengthen and centralize data and privacy […]
Microsoft Support Scam
/0 Comments/in Threat-Alert, Uncategorized /by patrickThe phone number and web address keep getting taken down and new ones keep popping up. But there is a Microsoft support scam going on requesting personal information. Do Not give them any information. Here are a couple screen shots from a few different people encountering this scam. Vigilante hackers have done some research and […]
PCI DSS – what you need to know in order to stay compliant
/0 Comments/in Uncategorized /by patrickThe PCI DSS (Payment Card Industry Data Security Standard) is an industry-wide data security benchmark for firms that deal with payment cards issued by the biggest payment card gateway organizations. The guidelines increase the security of cardholder data as well as minimize the risk of credit card fraud. Developed by the PCI Security Standards Council […]
Social Engineering & Cybersecurity
/0 Comments/in Phishing, Social Engineering /by patrickSocial engineering has become the new standard in both cyber-attacks as well as physical security. Many organizations are fighting back and are quickly making education a priority. First off let’s enumerate a few of the most common types of social engineering attacks and then let’s go over ways to address these threats. Email Phishing […]
Sox Compliance Requirements a Basic Outline
/0 Comments/in Uncategorized /by patrickIntroduction The Sarbanes-Oxley Act is the law as of 2002. You may remember the infamous corporations that were the driving force behind the Act, such as WorldCom and Enron. SOX accordingly expanded and defined new requirements for all public companies as well as management accounting firms. In addition, boards of public organizations in the United States hold […]
NIST Special Publication 800 53
/0 Comments/in Uncategorized /by patrickWhat Is NIST Special Publication 800 53? NIST Special Publication 800 53, developed by the National Institute of Standards and Technology, provides Federal organizations with a dossier of security controls for the information systems under the purview of the concerned agency. This catalog is not applicable to information systems that are related to national security. […]
The Federal Information Security Management Act (FISMA) and Compliance Requirements
/0 Comments/in Uncategorized /by patrickAn introduction to FISMA The Federal Information Security Management Act (FISMA) is a landmark piece of federal legislation that was enacted by the United States in 2002 under the E-Government Act of 2002. The federal government enacted the law in order to acknowledge the growing importance of information security to the political, economic, military, and […]
Security Awareness Training & Education Program, Crucial Elements to Incorporate
/0 Comments/in Security Awareness Training and Education (SATE) /by patrickDoes your organization take security awareness seriously? Would your employees be able to defend against social engineering attacks? Is the effectiveness of your organizational security frequently tested? You should be answering a resounding “Yes” to all of these questions. If you answer “no” or “I don’t know” this may be a sign that your organization has serious security vulnerabilities. The following is […]
Information Security Awareness Tips from a Newborn
/0 Comments/in Security Awareness Training and Education (SATE), Security Tips /by AlexWhile the linked post may be stretching a correlation, the points are accurate, entertaining, and what Information Security loving expert doesn’t want to buy that onesie. The top tip, Putting in only 45 minutes a year is bad, PeopleSec is in full agreement. A single 45-minute training a year is not a good practice. Information Security Experts need […]
Phishing with emotion and stress results in bad choices
/1 Comment/in Phishing, Security Awareness Training and Education (SATE), Security Tips, Social Engineering /by AlexRecently on one of my personal sites, I received the below phishing attempt: I see a ton of phishing examples as part of PeopleSec’s Security Awareness Training and Education (SATE) program. It is not often a phish in the wild catches my eye and looks like anything other than spam. This email is an excellent […]
“CEO Fraud Attack” Readiness is Only Assumed
/0 Comments/in Social Engineering /by eirikCEO fraud attacks succeed due to untested, unjustified confidence in employee readiness. Enterprises must take them more seriously. The scam’s tactics and techniques are hardly indefensible. Employees simply are not prepared. Quick confession: I once thought such confidence was warranted. However, numerous real-life examples changed my mind. We need others to change their mind too. CEO Fraud Problem Pervasiveness […]