Insecurity Matters Blog |

If you’ve never heard of malvertising or need a better understanding, then you should read the article on malvertising first. If you’re familiar with malvertising and have run into issues with blocking advertisements, then I might have a solution for you. I recently ran into problems with blocking ads because non-ad images weren’t loading due to being served from an ad network which is ideal from a content delivery aspect, but terrible from a security…

Information Security Education Resources

Security Onion Set Up Part 1: Planning UPDATE

By Ryan Miller | June 14, 2018June 14, 2018 by Ryan Miller

The guidance in the article “Security Onion Set Up Part 1: Planning” no longer applies if you’re using the new Security Onion image because it uses Elastic Stack instead of ELSA. Elastic Stack might be a resource hog, but the workflow is superior compared to ELSA in the way you can visualize data in the dashboard and pick from pre-configured searches that touch on almost everything you would need to look at out-of-the-box.

Information Security Education Resources

What’s New With TLS 1.3

By Ethan_Eff | June 14, 2018 by Ethan_Eff

TLS 1.3 is the newest version of Transport Layer Security which is a cryptic protocol that allows for your web page traffic to be secured. It works to secure the communications between client and server to include passwords, and other crucial information sent from client to the server, and server to the client. As a result, TLS makes it extremely difficult to gain access to the information sent while it’s traveling to and from the…

Best Practices

When do IT security investments matter?

By Ryan Miller | June 6, 2018June 6, 2018 by Ryan Miller

MIS Quarterly presented a study that looked at the difference in moderating effect between substantive and symbolic IT security solution adoption in the healthcare sector. Part of the paper consists of a meta-study of past research and goes on to propose a new concept on how to view IT security investment – IT value point.

Opinion

Get it right or get out of the way

By Ryan Miller | June 4, 2018June 8, 2018 by Ryan Miller

When a company has a break down in its processes blame is assigned based on whom the process owner is and the individual(s) responsible for completing the missed or an improperly executed task. When a low-level process is broken such as the case was with Experian and the missing Apache Struts patch that allowed an attacker to gain a foothold in their information system and steal 152 million records, I see little reason to start chopping off the…

Do you need to block advertisement shenanigans without blocking the advertisements?

Security Onion Set Up Part 1: Planning UPDATE

What’s New With TLS 1.3

When do IT security investments matter?

Get it right or get out of the way