Author Archives: Mary Rose Maguire

About Mary Rose Maguire

Mary Rose Maguire was the Marketing Communication Specialist for MicroSolved, Inc. and the content curator for the State of Security blog, MSI's website, and social media.

MSI Announces The Ohio SCADA Security Symposium

Posted on by
Reply

The need for the latest information about SCADA/ICS is extended to Ohio businesses and utility companies and supports security for Ohio. We’d like to invite all Ohio SCADA/ICS professionals to attend this free event!

The Ohio SCADA Security Symposium, to be held on November 1, 2011 in Columbus, Ohio, is designed to serve as a level set for teams and organizations who are actively managing production SCADA and Industrial Control System (ICS) environments in Ohio.

A full one day session will include best practices advice, incident response, detection techniques and a current threat briefing focused on SCADA/ICS providers. Presenters will cover a variety of topics about what is working and what is not, in terms of information security, network protection and trust management.

Takeaways from this event will include peer networking, insights into emerging threats, action items for actively improving the availability, integrity and confidentiality of control systems, utility networks, manufacturing lines and other SCADA/ICS concerns.

Topics include: How the State Is Here to Help You, Physical Security, Assessment of SCADA/ICS Environments, Cyber Security, Honey Pots in SCADA/ICS Environments, and The FBI Viewpoint. Key participation will feature NiSource, American Electric Power, American Municipal Power, Greater Cincinnati Water Works, Ohio PUCO, the Department of Homeland Security, and the FBI.

The event runs from 8:30 AM to 6:00 PM. Registration opens at 8:00 AM and is free. Those who work with SCADA/ICS are invited to attend. RSVP’s can be sent to mmaguire@microsolved.com. Please include your contact information. Seating is limited and available ONLY to those individuals actively working in Ohio with SCADA/ICS components.

MSI looks forward to providing an excellent event that will help organizations secure their SCADA/ICS systems and discuss best practices and industry standards at the event!

MSI Strategy & Tactics Talk Ep. 12: Managing Mobile Security Part II

Posted on by
Reply

“Enterprises are starting to move toward mobile device management services. This could be in-house or off-site. It allows remote provisioning and configuration. It really helps an organization with policy issues.”  – Adam Hostetler, Network Engineer and Security Analyst, MicroSolved, Inc.

Samsung Galaxy, Google Android, Apple iPad — mobile devices are a hot item and consumers are bringing them to their workplaces. We wrap up our discussion from Episode 9 on Mobile Security by discussing what you can do to choose your mobile devices wisely and create an action plan for your organization. Discussion questions include:

  • Does it matter which mobile device you use?
  • How can an organization create a plan that is focused on attack prevention?
Panelists:
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Apple’s iOS5 and the iCloud: Great Ideas, Huge Security Impact

Posted on by
Reply

Wondering how Apple’s iOS5 and the iCloud will affect your life? Check our recent slide deck that tackles some potential challenges as Apple gets ready to roll out their newest creation. In this deck, you’ll learn:

  • What is key
  • iOS5  idealism and reality
  • The good news and bad news
  • What do do and not do

As always, we’re here for discussion. Follow Brent Huston on Twitter to engage even more!

Chaos, Insecurity, and Crime

Posted on by
Reply

We recently presented the attached slide deck at an OWASP meeting and it was well-received. In it, you’ll learn:

  • What are the new targets for hackers?
  • The new crimeware model
  • What we’re seeing and what we’re not
  • Thoughts on controls

Feel free to contact us with questions. Follow Brent Huston on Twitter and engage him. He’s more than happy to talk security!

MicroSolved Winner of First Americas Information Security Leadership Award

Posted on by
Reply

 

 

We’re thrilled to announce that MSI has received an award from (ISC)2, the world’s largest information security professional body and administrators of the CISSP®!

MicroSolved, Inc. has worked hard over the years to provide information security awareness to our community. We’ve been involved in everything from volunteering at local community colleges for security events to providing insights and advice to WordPress. Quite simply, MSI wants to make the world’s data safer.

Congratulations to Brent Huston, Founder, CEO, and Security Evangelist of MSI for his commitment and vision. At MSI, we will continue our mission toward bringing security awareness wherever we can. View the press release here.

MSI Strategy & Tactics Talk Ep. 11: Managing Mobile Security

Posted on by
Reply

“We’re not seeing good reporting processes yet. Many organizations… do not know who has these mobile devices or where they are located and what they’re being used for.”  – Brent Huston, CEO, MicroSolved, Inc.

Samsung Galaxy, Google Android, Apple iPad — mobile devices are a hot item and consumers are bringing them to their workplaces. Along with the popularity are malware developers who would like nothing better than to steal sensitive information from them. How can you protect your organization’s data from mobile device usage? Discussion questions include:

  • Who is managing mobile devices?
  • There needs to be some reporting – who does this and who should be involved?
  • Who are the groups that should be included when talking about mobile security? How should an organization start their strategy?
  • Regarding the data layer: what controls can we wrap around the data itself?
Panelists:
Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Smartphones and Banking Applications

Posted on by
Reply

Mobile banking users are predicted to reach 400 million by 2013, according to a study by Juniper Research.

The report author, Howard Wilcox, says that transactional or “push” mobile banking is being offered increasingly by banks via downloadable applications or the mobile web, complementing existing SMS messaging services for balance and simple information enquiries.

“For the user it’s about three things: convenience, convenience and convenience,” Mr. Wilcox said. “The mobile device is almost always with you, and if you organize your life with your mobile, then why not your finances too?

“For example, people can receive account alerts and reminders straight away and take action immediately if necessary – say to top up an account or pay a bill,” he said. “With apps, the whole process is made so much simpler too.”

We know consumers want to make their lives easier — and using applications on their mobile phones seems to promise that, but how can you secure those applications?
Here are some of the steps you can take to start making your mobile applications secure:

  • Security controls: One of the main issues with smartphone applications is access control. These apps are usually used in the most vulnerable locations: public settings such as airports, restaurants, and lobbies. All mobile devices must have a protective mechanism that allows it to be accessed by authorized persons only. A few ways to monitor control would be: install anti-virus software, file encryption, session encryption, device registration, and password complexity rules.
  • User authentication: Access privileges are limited to those who use the smartphone device. Personal identification numbers are generally an acceptable means of authentication because they reside on the device only and are never transmitted.
  • Data Encryption: A powerful defense tool, encryption prevents anyone but the most savvy attacker to access important information. Ensure that the process is automatic and transparent to the user and protects all stored data. Systems that require user involvement to encrypt specific files in specific places cannot provide the “provable” security regime needed by organizations. Encryption is effective only if authorized people control the decryption key, so there needs to be a connection between encryption and user authentication. Access control, user authentication and encryption are the three elements that comprise virtual physical-access control.
  • Security administration: This needs to be in place for customers who have questions or need help. Policy enforcement, deployment, updates, help desk, key recovery and system logging are all vital components of an enterprise system that provides “provable” security to comply with data privacy regulations and to repel litigation.

Many phones use RSA encryption for authentication. While most of the big antivirus vendors provide security solutions for smartphones, few have the “silver bullet” for all platforms. As device manufacturers continue to add processing power and storage capacity; and platform vendors provide more applications for generating and consuming data, security will become a greater concern as attackers look upon it as their new playground.

MSI Strategy & Tactics Talk Ep. 10: Security For Windows Consumers & Their Home System

Posted on by
Reply

“You can be doing all the right things and still get your home machine compromised. It becomes less about prevention and more about what we do when our machines become compromised.”  – Brent Huston, CEO, MicroSolved, Inc.

Are you “the computer guy” for your family? Listen in as our tech team discusses common problems of Windows users and steps they can take to help protect their data. Discussion questions include:

  • How do Windows users stay safe in a world of modern malware and online crime?
  • What do Windows users do when their box gets infected?
  • What do you do to secure the Windows boxes of your family members?
  • What tools does every Windows box need and how should windows security settings be configured?
  • What about the browser?
Panelists:
Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Marketing Communication Specialist and moderator

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

MSI Strategy & Tactics Talk Ep. 9: PHP, Attackers & YOU

Posted on by
Reply

“What makes PHP so amazing is the growth rate it has experienced back from 2000. It just exploded between 2000 and 2007 and has exponentially continued until today.”  – Brent Huston, CEO, MicroSolved, Inc.

What is going on with PHP? Listen in as our tech team discusses PHP malware and more. Discussion questions include:

  • PHP’s growth, why it is so popular and using it for modern web development
  • How are attackers abusing PHP?
  • What is PHP malware?
  • How common are PHP scans, probes, attacks and compromises?
  • What can organizations do to protect their PHP developed sites and applications?
  • Where can organizations go for more information about PHP development, PHP attacks and PHP application testing?
Resources mentioned:
HoneyPoint Twitter Feed (#HITME – HoneyPoint Internet Threat Monitoring Environment)
Panelists:
Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer

Click the embedded player to listen. Or click this link to access downloads. Stay safe!