197 Results Found
In a recent post, I gave an overall description of a service portfolio and the key components of a portfolio. Here, I will describe how a cloud services provider might implement an ITIL service portfolio. A cloud services provider will regularly have a set of services under development, a set of service in live operation, and a set of services that are retired.
ITIL describes a service portfolio as a collection of the overall set of services managed by a service provider. A service portfolio describes a service provider’s boundaries and promises across all of the customers and market spaces it serves. I like to think of a service portfolio as describing the past, present, and future collection of services offered by a service provider. The figure below shows a high-level view of a service portfolio.
For several years, most news articles about a computer, network, or Internet-based compromise have mentioned the phrase "zero day exploit" or "zero day attack," but rarely do these articles define what this is. A zero day exploit is any attack that was previously unknown to the target or security experts in general. Many believe that the term refers to attacks that were just released into the wild or developed by hackers in the current calendar day. This is generally not the case. The "zero day" component of the term refers to the lack of prior knowledge about the attack, highlighting the idea that the victim has zero day's notice of an attack. The main feature of a zero day attack is that since it is an unknown attack, there are no specific defenses or filters for it. Thus, a wide number of targets are vulnerable to the exploit.
Hackers are everywhere, and they have a sophisticated array of tools for cracking your passwords. The primary purpose of this white paper is to help you understand that easy-to-remember passwords are no longer considered a secure form of authentication. You should consider any static password that you can remember as vulnerable. Even static passwords that are random are still vulnerable to some extent - It just takes much longer for a password cracking attack to be successful, and the likelihood of that success is inversely proportional to the length of the password. Here are some tips to help you create effective passwords, and how to keep your passwords safe.
As mentioned in last week’s post, interviews that require ITIL Intermediate level knowledge will most likely be targeted to specific process areas and activities. If I interviewed someone for a job that required ITIL Intermediate level knowledge, in addition to other questions about the specific technical responsibilities of the job, I might ask the following questions:
In spite of an organization's best efforts to prevent downtime and avoid compromises, failures will still happen from time to time. “There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again,” (FBI Director Robert Mueller). So what is your organization doing about it? How do you plan for failures and security breaches?
IT departments have multiple opportunities and challenges as a result of the Bring Your Own Device (BYOD) invasion. The most common opportunity is to reinforce enterprise network security from both the inside and the outside. Supporting BYOD also offers more monitoring and tracking of activities that provide a more detailed view of network traffic flow. Alternatively, it will be a challenge for some IT departments to give up control over which devices may access their enterprise network. Another challenge will be to have the users doing configurations for network access, which adds human error to a crucial part of the process. The opportunities and challenges BYOD represents are real. Enterprises must make their network infrastructure BYOD ready to meet the onslaught.
Your business has been hacked, leaving you with a persistent bot; now what? In this hour-long webinar, security expert David Willson will discuss ways you can eliminate the threat in an act of self-defense or defense of property. As new laws are explored, old ones amended, and solutions sought, you'll take a look at thinking outside the box to give the good guys the advantage-or at least a fighting chance.
In this hour-long webinar, security expert and Global Knowledge instructor Phillip D. Shade will provide insight into the emerging network security science of network forensics analysis, a.k.a. security event analysis and reconstruction. Using case studies, you will examine the role of data retention in network forensics analysis, and you will learn about applying forensics analysis techniques to handle application-based attacks, VoIP call interception, and worms, bots, and viruses.
An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment). Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process.