No Image

How many Certified Secure Software Lifecycle Professionals are out there?

As of September 25 2013: 1168 CSSLP in the entire world (you have to sum them up from that table) https://www.isc2.org/member-counts.aspx#     It is an honour to be one of them. 🙂 And this since one year and a half (Mai 2012).   Some interesting statistics from that table: Romania  1 Germany 19   Read here what it takes to be a CSSLP certified:http://sorin-mustaca.com/?p=958  

No Image

Mentioned in the (ISC)2 Newsletter for Europa

  After publishing the article in Security Insider under the shield of (ISC)2, I was surprized to see in the monthly newsletter a reference to the article. Source: Security Insider (HTML,  PDF) Originally published in English: (ISC)2 Blog Republished in this blog: http://sorin-mustaca.com/2013/05/29/security-for-free/   “News and Events in your region”                 Zahlt kostenlose Sicherheit sich wirklich aus? The latest submission for Security Insider from Sorin Mustaca, CSSLP in Germany looks at whether freeware open source and other ‘free security’ solutions pay off.

No Image

Security “for free”?

As security professionals, we are continuously facing the challenge of smaller and smaller budgets allocated to maintain and improve the IT security. That’s probably the main reason why there is always the temptation of “Free”. Many people, sometimes even professionals, think that they can achieve a good security for free. “For free” means in this context that some programs used to achieve and improve security don’t cost any money to acquire.  Unfortunately, the analysis of the costs stops at the acquisition and it ignores other costs like the installation and maintenance costs. But, is it possible to cover all the possible attack vectors with free security products? I made a short analysis of the most common ways used to endanger the IT security and if it is possible (to my best knowledge) to cover them with free tools. I am ignoring the social engineering techniques as they, most of the time, can’t be combated with tools. The security landscape changes continuously and you have to be fully protected against the most common attack vectors: infections through files carried on USB sticks, memory cards, mobile hard drives, downloaded files network attacks (spoofing, DOS) vulnerabilities that get exploited in common software drive-by…

No Image

Define S.M.A.R.T IT security goals

One of the biggest problem that most IT security experts around the world have is the fact that IT security is never taken seriously until a security incident takes place. After that, management boards start being interested in IT security. However, these managers see security not through the eyes of an expert, but through the eyes of a business man. They need to measure, to plan and probably most important of all, they need to know the costs. An easier way to talk security with management is to define security as a manager. SMART is a mnemonic with many accepted meanings, but in this article it stands for: Specific, Measurable, Achievable, Relevant, Time-oriented. The term is coming originally from project management where it is used to set objectives (called Key Performance Indicators – KPIs) and to track them. For security specialists it is important to be able to set and track KPIs for the goals they want to achieve when evaluating, designing, implementing security solutions or when doing risk assessment. Presenting SMART goals to a management board can make security goals be easier to understand and … to approve. While on the first view these terms are overlapping, they are…

No Image

(ISC)2 Blog post: Vulnerability disclosure: a new business model?

Original: http://blog.isc2.org/isc2_blog/2013/01/vulnerability-disclosure-a-new-business-model.html   We all see in the mass media every day that software is vulnerable and that this is bad. But, few know what is happening behind the scene, until the news get out. There are two ways to disclosure a vulnerability: the most common one is to make a “full disclosure”, but there is also the “limited disclosure”. A full disclosure means that the details of a security vulnerability are disclosed to the large public, including details of the vulnerability and how to detect and exploit it. [Wikipedia] A limited disclosure is an alternative approach where full details of the vulnerability are provided to a restricted community of developers and vendors while the public is only informed of a potential security issue. Advocates of this approach also claim the term “responsible disclosure” [Wikipedia]. The hope and theory behind a full disclosure is that once that a vulnerability is released to the public, the company affected will issue a fix immediately in order to reduce the damage in image and not only. So, the intention is obviously good because it ideally results in a better security for the users. But, as very often in real life, the theory doesn’t always work in…

No Image

Added in searchsecurity.de (ISC)2 Corner

http://www.searchsecurity.de/specials/security_corner/isc2/ My cooperation with SearchSecurity.de is finally showing something. I was addded on the (ISC)2 Security Corner:                       Sorin Mustaca, Avira Operations GmbH & Co. KG Sorin Mustaca, (ISC)²-zertifizierter CSSLP, CompTIA Security+,Project+, ist seit 2000 in der IT Sicherheitsindustrie und seit 2003 bei Avira tätig. In seiner aktuellen Rolle als Produktmanager ist er verantwortlich für die bekannten AntiVir-Produkte, die von über 100 Millionen Anwendern weltweit genutzt werden. Herr Mustaca hat sein Software-Ingenieur Diplom an der Universität „Politechnica“ in Bukarest erworben. Seitdem ergänzt er sein akademisches Wissen mit Produkt- und Projekt-Management-Kenntnissen, um neue und fortschrittliche Lösungen für die IT-Sicherheit zu erschaffen.

No Image

The PC is dead, long live the PC

If you have read news lately, you couldn’t have missed hearing how well the tablets, smart phones and smart TVs are selling, and how badly the PC market (excluding laptops) is doing. Many so called “futurists” have predicted the passing of the PC era. But is it really gone? Is the Personal Computer really dead, or are these just marketing gags? Being curious, I asked some friends what they use for their “computing” activities and how they use their devices. First of all, it is important to clarify who are my friends and what they do. My circle of friends – and I am not talking about Google Plus’ circle, but people whom I meet in person almost every day – vary from seniors (70+) with little to no IT know-how, to professionals who use computers for their work (not directly IT-related) and IT professionals who are making a living with computers. The seniors have never held a tablet in their hands, but they know what one is. They all have PCs in their homes, connected to Internet, some of them even a laptop (with WiFi) as well as a PC. All of them use their PCs only for browsing,…

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.