The Information Security Vacuum

By Michael Gianarakis, Senior Security Consultant

Originally published: http://eightbit.io/post/56489111073/the-information-security-vacuum

Many penetration testers and information security consultants complain when a client just accepts the risk of an issue or doesn’t provide adequate support to the security team. I often hear “ the business doesn’t get security” and that “security risk is a business risk, they should pay more attention”.Unfortunately, what I don’t see is penetration testers and security consultants actively trying to understand business in order to truly understand, and more importantly, articulate the security risk. I’m not talking about “the business” of a client but rather business in general. In fact I often encounter disdain for the very notion of devoting any time or thought to understanding business and risk concepts. Continue reading

Security as a Competitive Advantage in the Global University Software Market

In 2011 Securus Global was actively involved in shaking up how security was assessed in Learning Management Systems (LMS) affecting many of the world’s universities. We were indirectly drawn into this as a result of testing we did for an Australian University.

It started with a news article from SC Magazine that came about when Australian universities starting sharing the results of our work which showed serious security issues with student and staff information. This article went global and set off a chain of events that saw the world’s largest LMS developers competing with each other in regards to how secure they were at protecting student and staff information.

Original article:
http://www.scmagazine.com.au/News/272215,millions-of-student-exams-tests-and-data-exposed.aspx

The follow-up analysis and ongoing updates are post here. Latest update is from December 2012:
http://www.unitask.com/oracledaily/2012/12/27/open-as-in-transparent-instructure-conducts-2nd-public-security-audit-on-canvas-lms/

If you are responsible for Information Security at a University or other Educational Establishment that uses LMS, please take your time and read through the article and associated links within it.