Blog

How to prepare for an Information Security Certification Exam

Gwen Bettwy

Read More ->

OWASP – Inspectiv Blog

https://blog.inspectiv.com/owasp/ By Team, Inspectiv The Open Web Application Security Project (OWASP) was founded to ‘improve the security of software.’ They have existed for nearly 20 years and now have ‘hundreds of chapters and tens of thousands of members worldwide.’ The resource library they have created to assist developers, technologist, and their companies are incredible. The knowledge […]

Gwen Bettwy

Read More ->

SSO SAML Token Attacks

https://www.inspectiv.com/articles/sso-saml-vulnerabilities-token-attacks   By Team, Inspectiv The Solution We Turn To That Bad Actors Abuse Security Assertion Markup Language (SAML) has been around for many years and is commonly used for federated Single Sign-On (SSO). Bad actors have been abusing the trust that we place in these systems for some time. The National Security Agency (NSA) released […]

Gwen Bettwy

Read More ->

Prevent Email Spoofing with DMARC

The Federal Bureau of Investigation (FBI) announced in 2019 that business email compromise (BEC) had cost businesses internationally between June 2016 and July 2019 over $26 billion. BEC is an attack that convinces someone to transfer funds to a bad actor by pretending to be the chief executive officer (CEO) or chief financial officer (CFO). […]

Gwen Bettwy

Read More ->

Broken Authentication and IDOR – Check this one out on Inspectiv.com.

https://www.inspectiv.com/articles/broken-authentication-and-idor-a-big-but-solvable-problem   By Team, Inspectiv One of the biggest problems we have in information security today is Broken Authentication and IDOR. The 2021 Verizon Data Breach Investigation Report (DBIR) shows that bad actors use stolen credentials a large percentage of the time. As a result, we have a massive problem with broken access control in our […]

Gwen Bettwy

Read More ->

(ISC)² Moves to Computer Adaptive Testing (CAT)

You may already know that on December 18th, 2017 (ISC)2 moved English language CISSP exams to Computer Adaptive Testing (CAT). The question posed by many, is “What does this mean to me?” Let’s take a look at that and other related questions. Will the changes mean that it is more difficult to pass the exam? […]

Gwen Bettwy

Read More ->

How to Choose the Right Cyber Security Certification

The Global Information Security Workforce Study (GISWS) is a joint effort conducted biannually by the Center for Cyber Safety and Education and (ISC)2. The 2017 study indicates there will be a “cybersecurity workforce gap of 1.8 million by 2022”. (https://iamcybersafe.org/gisws/) The study further reveals that the number one reason for this shortage is due to […]

Gwen Bettwy

Read More ->

Is Cloud Security Possible?

Is cloud security possible? In a word yes, although it will take a little longer to explain. Possibly a lot longer for everyone involved in acquiring and configuring cloud to get it right. The Problem When we move to cloud services it is possible to secure that environment as well as we secure our business’s […]

Gwen Bettwy

Read More ->

Link Encryption vs. End-to-End Encryption

Much of the confusion on the topic of Link vs. End-to-End encryption is due to conflicting terminology used to say the same thing. Let me try to help… Data can be encrypted in either two fashions – with or without the IP header (routing information) encrypted. Either way the DATA is protected for confidentiality purposes. […]

Gwen Bettwy

Read More ->

Prepare for the CISM Exam – Study Guide

I am so excited to announce that we have published our CISM prep guide on Amazon. It is available in Kindle or Print versions worldwide.

Gwen Bettwy

Read More ->