risk3sixty Successfully Completes Peer Review

At risk3sixty, we pride ourselves on craftsmanship. It is one of our core values. As a result, every engagement follows a rigorous quality standard and multiple levels of internal quality assurance review. It’s just one way we try to make sure everything we produce meets a set of minimum quality standards. In addition to our[…]

Security Researchers Identify Critical Vulnerabilities in AMD Chips: Chimera, Ryzenfall, Masterkey and Fallout

Critical Vulnerabilities in AMD Chips Security researchers at CTS-Labs, based out of Israel, disclosed 13 critical vulnerabilities and backdoors in certain AMD chips used in workstations, laptops and servers. Successful exploitation of these vulnerabilities could grant deep system access to attackers from which they could launch malware attacks undetected. The vulnerabilities are four in name:[…]

Advice for Studying and Passing the CISSP Exam

This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I felt I should take time to document my experience and study approach similar to when I sat for the CISA exam last year. What is[…]

Tracking Data Breaches & Staying Informed

The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation. Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781[…]

I am an OPM Data Breach Victim- Next Steps

Nearly six months after the fact, I received a letter from the Office of Personnel Management notifying me that my information had officially been lost in the June 2015 breach. To add insult to injury, I was never actually a federal government employee. A few years ago, I consulted on a few enterprise systems migrations[…]

Target 2013 Breach: Understanding the Need for Secure Network Segmentation

A recent post from Cyber Security Investigative Reporter, Brian Krebs, does a great job of reminding IT and Information Security professionals everywhere why proper Network Segmentation is so important. The post, “Inside Target Corp., Days after 2013 Breach” goes into detail about how once criminals infiltrated Target’s corporate network, they were able to run free[…]

Items of Interest Week of 7/20/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. Hacked: Drones could be the malware delivery system of the future Threat Post: Car hacking gets the attention of Detroit and Washington Krebs on Security: Online Cheating Site Ashley Madison Hacked Business Insider:[…]

Items of Interest Week of 7/13/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. MIT: “CSAIL report: Giving government special access to data poses major security risks” Georgia Tech: “GT Professor testifies before U.S. senators about the balance of privacy & public safety.” Al[…]

Items of Interest Week of 6/22/2015

Here are some quick reads compiled by Shane and Christian for the week of June 22, 2015. If you have interesting links of your own share them in the comments.  NSA Tracking: NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users Norman Marks on Risk Analysis: Popular GRC expert shares a few thoughts[…]