Tuesday, November 10, 2015

Information Security Strategy


In the few encounter I have with C-level executives, I find that most of information security investments (both engineering and its operations) are done with very little strategy.  My attempt here is to target C-level executives with a model and a set of standards with nomenclature to enable strategic decision making.  It is important to note that this strategy will require some fine tuning by project managers, solutions architects and others for each organization.  The focus here is to ensure The CEO, CIO, CISO and CTO can have the right toolkits and an abstract model to drive the information security needed for a mid to large enterprise.

"Strategy a deliberate, conscious set of guidelines that determines decisions into the future".

- adopted from "Patterns in Strategy Formation" Henry Mintzberg 

Saturday, November 7, 2015

Uncovering a code injection attempt via user-agent

After a long time, I took some time to analyze results of monitoring I put in place for my website. The data is collected from an apache module to track user agent string that were scanning for "Wordpress" looking URL's in my webserver..   I just pulled some recent ones to see if code injection is still being attempted! Let's see