Agile is a development method designed to add energy, focus, clarity and transparency to the project planning and implementation process. Scrum is probably the most widely used Agile framework for developing and managing complex projects. Scrum is used to successfully manage projects in which there is usually uncertainty and ambiguity at the early stages of the project, and the methods used help organize efforts to complete small pieces of an overall project as they are defined.
The entire project is split into a sequence of smaller iterations called Sprints. Each Sprint is time-boxed for less than one month (usually 2 weeks) and planned well in advance. Planning is completed not according to a set of prescribed tools, but according to the requirements as decided by the Scrum team. A self-organizing and cross-functional team identifies tasks and organizes team efforts to accomplish a well defined set of tasks in small 2-4 week increments of time. In order to achieve maximum cooperation among all team members, daily face-to-face communication is encouraged. The business stakeholders and the technical team assigned to the Sprint work in close collaboration to deliver of high-quality, working software at the end of each Sprint.
Continue reading “A Quick Introduction to Scrum Methodology”
The WannaCry ransomware that starting compromising system last year consists of multiple components that arrive in the form of a dropper, a self-contained program that extracts the other application components embedded within the ransomware package.
Luckily the program code is not obfuscated and was relatively easy for security pros to catalog and analyze as we try to better understand the risks.
Once launched if WannaCry can’t access a hard-coded URL kill switch it proceeds to search for and encrypt files matching a list of vital formats, including documents, images, music files, etc. It then displays a ransom notice demanding $300 USD in Bitcoin to decrypt the user files. If you don’t pay, the files can not be recovered.
We posted detailed information here.
Continue reading “WannaCry Ransomware Update”
After years of working on the details, the dynamic programming language Julia 1.0 was officially released to the public during JuliaCon, an annual conference of Julia users held recently in London.
Julia 1.0 is a huge Julia milestone since MIT Professor Alan Edelman, Jeff Bezanson, Stefan Karpinski, and Viral Shah released Julia to developers in 2012.
Julia is free and open source language that was developed and incubated at MIT with more than 700 active open source contributors, 1,900 registered packages, 41,000 GitHub stars, 2 million downloads, and a reported 101 percent annual rate of download growth. It is used at more than 700 universities and research institutions and by companies such as Aviva, BlackRock, Capital One, and Netflix.
Continue reading “Julia Programming Language”
Have you seen the latest TIOBE rankings report?
The TIOBE Programming Community index is an indicator of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third party vendors. Popular search engines such as Google, Bing, Yahoo!, Wikipedia, Amazon, YouTube and Baidu are used to calculate the ratings. Observe that the TIOBE index is not about the best programming language or the language in which most lines of code have been written.
Programming language Python is getting very close to the top 3 of the TIOBE index. If Python surpasses C++ and becomes number 3, this will be an all time high for the scripting language of Guido van Rossum. In 2005 there was a study what programming language was taught most at US universities and Java appeared to be a clear number one with 60% of all introductory programming courses. Similar research was conducted almost 10 years later in 2014 and the outcome was different. This time Python was a clear winner with more than 70% “market share”.
Continue reading “TIOBE Index for August 2018”
PowerShell is a power scripting tool that can also be used to manage your SQL Server audits. In this article by Colleen Morrow we learn some of the advanced techniques. You can also start at the beginning here.
Creating an Audit Object
The first step in implementing SQL Audit is to create the audit object, so that’s where we’ll start. Let’s look at the whole script and then break it down.
.MaximumRolloverFiles = 10
.MaximumFileSize = 100
.QueueDelay = 1000
The first thing we’re doing is simply declaring some variables to hold our instance name, the name of the audit we want to create, and the folder where we want our audit file to be written. For re-usability, we could even make these into parameters, but I wanted to keep this simple. Next we create a new SMO connection to our instance with the command
Once we’re connected to SQL Server, we can create a new audit class object and start assigning attribute values. Here, we’re setting the destination to a file, and the file path to our $auditDir variable. We set the maximum number of rollover files, the queue delay, etc.
Continue reading “Using PowerShell to Manage SQL Server Audits”
When you are looking for ways to protect your network from attack, you should also consider how you will protect assets from users with authorized access. Employees and contractors with legitimate access to your business systems and data could be responsible for more data breaches than you might assume. Most insider data breaches are caused by accidental or negligent access, but you must consider how you would detect malicious access because the results can be disastrous to your business and even your career.
If you look at the caches of documents and data provided to the public in recent years, it has been provided by insiders with elevated access. These disgruntled employees collected all the data they could find and shared them with the public, which could disclose business intelligence or even customer data like credit card or health data. A 2017 Verizon survey puts the number of insider-led data breaches at 77 percent.
Most security solutions focus on protecting enterprise assets from outsiders, with little information on how to block legitimate insiders from unauthorized access to critical data. The key to dealing with insider threats is to log all activities by personnel accessing your most sensitive data and to identify indicators of malicious intent. Once you have identified the personnel and their potentially malicious behavior (copying data, exfiltrating sensitive files, etc.) you can alert the proper personnel to execute actions to cut off access and begin remediation, which could include legal action.
Continue reading “IT Security: Ways to Tell an Insider Has Gone Rogue”
Cybersecurity is an important part of you business, and includes many aspects of security from development to infrastructure systems plus everything from document and data retention to how you deal with data breaches.
Cyberspace and its underlying infrastructure are vulnerable to a wide range of risks stemming from both physical and cyber threats and a wide range of hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal valuable information and even money. They are also developing capabilities to disrupt, destroy, or threaten the delivery of essential services. A range of traditional crimes are now being perpetrated through cyberspace. This includes the production and distribution of child pornography and child exploitation conspiracies, banking and financial fraud, intellectual property violations, and other crimes. All of these illegal activities have substantial human and economic consequences. These are some of the aspects of cybersecurity that you need to consider when building an environment around IT Security:
- Rapid Detection – Building a system that allows your team to rapidly detect and prevent system compromise from an attack. This includes perimeter defenses to alert technicians of an active attack and the ability to respond to a breach as quickly as possible. This includes the ability to identify systems being actively attacked and which systems are not currently under attack.
- Incident Response – Your technicians must have the tools available to deny access to assets when that asset is involved in a suspected incident, but they must also have the tools to quarantine the data on those systems and block additional access to any suspicious users as quickly as possible. Some tools allow for an automated response during an incident that can be helpful to smaller teams to respond quickly, but this can also be a curse if a poorly tuned system causes multiple false positives.
- Alarm Events – Systems must send meaningful and actionable alerts to your security team. Alarms can tell you something is wrong before you can easily see the problem with your naked eye, but they could also be the source of false alarms or send alerts from redundant sources that make an issue seem worst than it really is by doubling or tripling the quantity of alerts.
- Network Visibility – Tools that allow your team to identify new endpoints and visualize the entire network will allow them to quickly identify problems and react to unauthorized endpoints.
- Vulnerability Prevention – The ability to identify malware and known vulnerabilities is the key to a stronger and more secure network. The ability to protect each endpoint from suspicious software, unauthorized downloads, and generating vulnerability alerts are essential to targeting corrective actions before an attacker finds these issues.
Continue reading “Building a Security Operations Center (SOC)”