Boris's Latest activity
Boris Sverdlik added a new blog Attackers Love Your Organization's HR Department
Companies use every available resource in their recruiting. They hire third party recruiters, post job listings on LinkedIn, Dice, Monster and numerous other places. While this will bring in a plethora of qualified candidates, it also provides attackers a wealth of information......3 days ago ·Comment
JT Edwards And I just thought my resume was trash! I guess the issue is these measures help prevent you from being a target of opportunity. They may make an attacker’s job harder, but if you have been singled out as a target it is a moot point. I look forward to your Linkedin article. One point I have been wondering about is former employees. I list company X on my profile or resume and state that I worked with technology Y or implemented Z. I have provided similar information as the HR department just did for the job opening (maybe the job I just left). I wonder legally how far you can go with an NDA to prevent some of that. Totally different ball game if you work in the classified world, so just pondering this from a corporate standpoint.3 days ago
Terry Perkins I, too, look forward to the LinkedIn article.3 days agoBoris Sverdlik added a new blog Fake Security Firms Will Be Exposed
Joe Black has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT......3 days ago ·Boris Sverdlik Elyssa, will probably be going away... http://jadedsecurity.net/2011/06/20/who-is-elyssa-durant/3 days ago
Krypt3ia Excellent.3 days agoBoris Sverdlik updated blog You Can't Buy DLP
To implement a data loss solution, you must take a holistic approach to identify the problem, threat vectors and vulnerabilities. You must understand where your sensitive data lives within your organization. This can’t be done with a tool, regardless of how good they claim it is......4 days ago ·
Johnny Wong You rightly mention DLP is a PROGRAM, not a solution. A program's outcomes/objectives can be met by one or many solutions. I think Data Classification itself should be classified as a program; because this is something that should not be taken lightly. And I think enterprises should start small, take baby steps. Identify a business unit that handle sensitive data, for example, HR. Start from there and determine the kind of data it handles, what classification, the "in use, in store, in transit" data states, understand the end-to-end flow of data, consider areas or choke points where data seems the most vulnerable... and so on. It is good we have like-minded folks here :)1 week agoBoris Sverdlik Thanks for reading guys..4 days ago
Boris Sverdlik aka @jadedexposure "Elyssa, will probably be going away... http://jadedsecurity.net/2011/06/20/who-is-elyssa-durant/
No comments:
Post a Comment