Information Security

This category contains 632 posts

The New and Improved macOS Backdoor from OceanLotus

Introduction Recently, we discovered a new version of the OceanLotus backdoor in our WildFire cloud analysis platform which may be one of the more advanced backdoors we have seen on macOS to date. This iteration is targeted towards victims in Vietnam and still maintains extremely low AV detection almost a year after it was first discovered. Despite … Continue reading

How Can We Make the Cybersecurity Profession Agile?

Two of the most pressing cybersecurity tasks of our time are the need to dramatically grow the size of the workforce, and to create one that is agile enough to keep up with the shifting sands of today’s business landscape. Infosec Europe’s keynote panel session “Building an Agile Security Team for the Future,” chaired by … Continue reading

Digital Forensics Professionals Encountering New Challenges

When I began performing digital forensics more than 10 years ago, things were relatively simple. At that time, the complexity of digital forensics revolved around ensuring each artifact of relevance was identified, and the proper tools to analyze them were available to leverage against computers used by the suspect. The computer(s) of the suspect were … Continue reading

In Era of Digital Disruption, ISACA is Ready to Rise to the Occasion

Much of what I learned about being a professional – and being part of a professional community – came through my association with ISACA. As the first person in my family to graduate from college, I entered the workforce hungry for the educational resources, networking and professional growth opportunities to make an impact. ISACA provided … Continue reading

Building Skills and Capacity in the Banking System: A Case Study From India

Indian banks have deployed IT-based solutions to cater to increasing demands in the banking industry required for a growing economy. Adoption of technology has necessitated improving IT-related skills of experienced bankers. Considering the unavailability of internal IT skills, most banks resort to outsourcing IT activities. This has resulted in over-relying on third-party vendors and slackened … Continue reading

Faces of ISACA: Gerard A. Joseph, CISA, CISSP, CSAM, Ph.D., Independent Consultant

Editor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Australia-based consultant Gerard A. Joseph. Australia resident and ISACA member Gerard Joseph has traveled extensively throughout the United States, as … Continue reading

Cloud Security Alliance Announces “Grand Opening” of Its New Third-Party Global Consultancy Program

SEATTLE, WA – June 5, 2017 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the launch and immediate availability of the CSA Global Consultancy Program (CSA-GCP). The new professional services program, developed and managed by the … Continue reading

How to Improve Communication Within Your Technology Team

Few things can stunt the growth of an organization more than a lack of healthy communication. This is especially true in IT departments, where open lines of communication and transparency are paramount to efficiency and output. With that being said, have you considered the topic of internal communications and how you can improve in this … Continue reading

How to Properly Review and Act Upon SOC Reports

There continues to be a great deal of confusion over the new service organization reporting structure and which reports are the best to obtain. The basic intentions of the reports are as follows: SOC 1 – Related to Internal Control over Financial Reporting SOC 2 – Related to testing over the Trust Services Principles of … Continue reading

What We Learned From This Month’s European GISWS Report

What is the GISWS? Since its first release in 2004, the biennial (ISC)²® Global Information Security Workforce Study (GISWS) has been gauging the opinions of information security professionals; and in turn, providing detailed insights into the important trends and opportunities within this increasingly crucial profession. This year, the study conducted its largest-ever global survey of … Continue reading

Web Stats

  • 113,186 hits


@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,953 other followers

Twitter Updates


June 2017
« May