Comments for Credit Union InfoSec

Comment on How much power do the bad guys have? by Ferinannnd

Ferinannnd — Mon, 25 May 2009 06:07:33 +0000

Хорошо что удалось отыскать такой замечательный блог, а то последнее время уже начал думать что инет это мусорка сплошная.

Comment on In the eyes of a Phiser by Rimma

Rimma — Thu, 09 Apr 2009 00:36:35 +0000

Extraordinarity: ,

Comment on In the eyes of a Phiser by matt

matt — Thu, 19 Jun 2008 07:54:44 +0000

Of course education about email scams phising and how it is done is the best way to protect people against these scams dont follow links from emails instant messengers etc… bookmark the authentic site if you need to…. and also making clear how illegal it is and unethical to phish somebody because little teenagers will think they can be an ultimate Hax0r and try and get one of there school enemy’s email account because it seems doable for them.

Comment on About by bibomedia

bibomedia — Fri, 29 Feb 2008 05:32:41 +0000

Comment on Web server log review by Devarshi

Devarshi — Wed, 24 Oct 2007 17:42:10 +0000

Hi,
When I open my login page it shows me message in I.E. that server application unavailable,see log entry in web server to review this file.

Comment on BBB Phishing by drapetomaniac

drapetomaniac — Tue, 09 Oct 2007 14:26:30 +0000

BBB is leaking customer data and has known since at least August.
http://drapetomaniacs.com/articles/2007/09/30/bbb-leaks-consumer-and-business-data

Comment on Facebook ID Probe by Trey Reeme

Trey Reeme — Fri, 31 Aug 2007 16:20:46 +0000

I think it’s a prime education opportunity, like you. Obviously not a reason for folks to stay away from social networks but to use common sense – hopefully FIs won’t place a lot of fear into their members (or more likely their parents).

Thanks for sharing this!

Comment on Incident Response (How Prepaired Are We) by Courtney Treadaway

Courtney Treadaway — Tue, 31 Jul 2007 20:57:08 +0000

We just recently posted a discussion on our site about Incident Response plans, too. We spend a great deal of time either auditing and/or consulting with financial institutions, and Incident Response Plans are one of the most overlooked aspects of overall Information Security programs.

Even if a plan exists, it is seems rarely well-implemented. I couldn’t agree more with the guidance you mentioned here, and would encourage any institution that develops a plan to ensure that IT staff are quite familiar with proper procedures.

Comment on The Confusion (RA, VA, & PT) by Kirk

Kirk — Mon, 21 May 2007 16:01:10 +0000

RA – List/Define the risks along with steps taken, if any, to mitigate the risks. For example, giving your developers access to live code isn’t a vulnerability but it is a risk.
VA – Assessment of known system vulnerabilities. For example, an un-patched windows server is likely to have many vulnerabilities that could be exploited.
PT – Simply put, a “hacker” attemps to get into your systems from outside your organization, as a test.