Sans Reading and Article of the Week

Regularly testing your technical shortfalls and security gapes by third-party vendors is always a good start if you are not sure where to start; however fancy it may be, can be daunting at times and many will agree that is expensive. Third-party vendors will give you a head start but how will you maintain the momentum after they long gone and you are back in square one. Additionally, these sorts of assessments only provide a “snapshot in time” of a system security posture. However, organization risk and security profile continuously changes and evolves over time due to a variety of reasons. The best way to stay ahead f the curve is by constantly scanning in-house using both manual vulnerability assessments and scan using automated scanning tools. One such tool is Nessus that can help your organization is a freeware utility designed to identify the vulnerable points of a system and provide the information on how to fix them.

Nessus is widely viewed as a hacker reconnaissance tool, so you have to ensure the “rules of engagement” have been defined and a written permission to use the too has been given before use. You should begin by performing a scan against the host and then the clients. Results should be evaluated by security personnel to ensure accuracy and to provide relative interpretation of the results. The best thing is to concentrate on the critical vulnerabilities on the report; those risks should be mitigated immediately. The results should not be disseminated across the organization to ensure confidentiality, privacy and security.

This weeks interesting security article comes from wired magazine. Ever wondered if you have been spied on by the National intelligence agencies such as NSA, or foreign ones such as British GCHQ…well now you can find out who spied on you. Please use link below for further information.

Wired Magazine Link: http://www.wired.com/2015/09/now-can-find-nsa-gchq-spied