Read Like an InfoSec Pro

By Anne Oikarinen (en)

Summer holidays are coming and we asked our security specialists and consultants what is on their reading lists. For the pros out there, the list we got is no surprise as it is full of modern classics of penetration testing and related topics, ranging from iOS hacking to risk assessments. In the newer end we have Kevin Mitnick's new Art of Invisibility that delves into details of operational security. For those with unlimited data plans, there's also a couple of interesting e-books and e-learning material available.

Read more

GDPR - What happens after May 25th 2018?

By Annika Biberg

Is your organization overwhelmed with completing GDPR project activities? Nixu meets many organizations where all focus is on the project and how to reach the project goals. But what happens after 25 May 2018? How will the business benefits of GDPR be secured over time?

It is early in the project that maintenance should be considered and planned for. That is because compliance with GDPR takes ongoing work and if the project does not plan for this the risk is that the organization is not sufficiently compliant in a long-term perspective.

Read more

Kyberuhka kytee lappeenrantalaisen taloyhtiön pannuhuoneessa

By Antti Nuopponen

Viime päivinä uutisiin on noussut tapauksia, joissa suomalaisten taloyhtiöiden taloautomaatiojärjestelmiin on kohdistettu verkkohyökkäyksiä, joista mm. Etelä-Saimaa ja Yle uutisoivat 8.11.2016. Kuten viestintävirasto arvio, verkkohyökkäysten takana on ollut rikollisia. Suomalaisten lämmitysjärjestelmien kokemat tahalliset verkkohyökkäykset ovat kuitenkin olleet vain jäävuorenhuippu. Riskit ovat olleet tiedossa jo vuosien ajan.

Read more

Have companies taken information security risks of their process control systems into account in their overall risk evaluations?

By Robert Valkama

Companies are not fully able to take information security risks into account in their overall risk evaluations when it comes to automation systems.

Read more

Information security of industrial internet brings a competitive edge

By Kalle Luukkainen

Finnish manufacturing industry is heading towards industrial internet at full speed.

Read more

These 30 vulnerabilities are used to attack critical infrastructure

By Juha-Matti Laurio
Information security authorities recently published a list of the most common vulnerabilities used in attacks against critical infrastructure organisations.
Read more

Implementing cost-effective cyber security (part 2 of 2)

By Pekka Viitasalo
This post continues on the theme that began in yesterday's post.
One characteristic of command and control channels is permanence. Setting up a monitoring system is fairly simple: the goal is to find all permanent TCP connections between an internal network address A and en external address B. The TCP connection does not have remain constant but the endpoints do.
Read more

Implementing cost-effective cyber security (part 1 of 2)

By Pekka Viitasalo

If an attacker can be prevented from getting the goods, the attack has failed and no significant harm is done.

Read more
Subscribe to Information security management