The Insecurity Matters Blog

When do IT security investments matter?

MIS Quarterly presented a study that looked at the difference in moderating effect between substantive and symbolic IT security solution adoption in the healthcare sector. Part of the paper consists of a meta-study of past research and goes on to propose a new concept on how to view IT security investment – IT value point.

Get it right or get out of the way

When a company has a break down in its processes blame is assigned based on whom the process owner is and the individual(s) responsible for completing the missed or an improperly executed task. When a low-level process is broken such as the case was with Experian and the missing Apache Struts patch that allowed an attacker to gain... Continue reading

5 Additional Hardening Steps When Creating a Secure Linux Pentesting Environment

So, you have decided to install a pentesting distro to enjoy functionality that would be unavailable on a live usb. The very first question that needs to be asked is “How do I keep myself secure?” In addition to some of the more obvious features of most pentesting distributions, such as full disk encryption, macchanger... Continue reading

Do the right thing – configure your HTTP headers

This article is six pages in Word and because of the length, WordPress isn’t playing nice. The document below contains the entire article.

Security Onion Set Up Part 3: Configuration of Version 14.04

Before we begin configuring Security Onion, it’s a good idea to get an Oinkcode from snort.org if you’re going to use Snort. Snort can also use the Emerging Threat rulesets. There are three options available to obtain an Oinkcode. Community Edition – the rules are updated every 30 days, no support – FREE Personal – the... Continue reading