{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Cyber Security Warning System

by Ed Adams on March 15, 2011

Information SharingRecently, Ellen Messmer wrote a story on a Cyber Security early warning system in the state of Washington, USA. One of the most promising pieces of this system is the process and information sharing that’s being folded into it. Washington University, Starbucks, City of Seattle, Amazon.com, Port of Tacoma, and other groups are setting up an information sharing system that will help one learn from the other. For example, if Amazon.com experiences a botnet attack, it will share that profile and info about that attack with the city of Seattle so it can learn, prepare, and hopefully defend itself against a similar (or the very same) attack. The system, called PRISEM (Public Regional Information Security Event Management) is designed to offer an online early warning to all it members. This system has several security analogies in place today:

  • The tsunami early warning system put in place after the disastrous Indian Ocean tsunami in December 2004  
  • The Las Vegas cheater profiling system which shares behavior, personal, and photographic info of known scammers amongst numerous casinos
  • The information sharing strategy of ODNI (Office of the Director of National Intelligence) in America, which began operations in April, 2005 after the need to share information between the intel communities became painfully clear in the aftermath of the 9/11 attacks.

So praises all around for PRISEM and the Washington organizations committed to sharing security information. Unfortunately, the system they’re putting in place will not detect or prevent the most nasty and common attacks that occur – those at the software application layer. PRISEM talks about the importance of protecting SCADA system and other critical infrastructure; I couldn’t agree more. However, standing up a Security Information Event Monitoring (SIEM) and information sharing system isn’t enough.  The majority of application layer attacks will still be successful … and this will be the case until those software systems are either updated to modern secure coding standards, or protected with application layer defenses (similar to web application firewalls for web apps.) As an industry, we’ve still got some innovation to create in the form of self-defending application system. The concepts are in place and this approach would be a lot less expensive than re-architecting and re-coding the thousands of legacy applications that support our critical infrastructure.

We’ll get there… one step at a time.

Topics: application risk & compliance

Most Recent

What's Trending

Featured Resource