160 bits …SHAttered!!!

We knew this day was coming. On a long enough timeline, the survival rate for every algorithm drops to zero. Yes, I’m paraphrasing Tyler Durden. It’s slightly less amazing than finding a unicorn in the woods and I don’t think many will remember where they were and what they were doing on the day they…

System Categorization-Take the Time to Get it Right

By Lon J. Berman, CISSP The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement. The young man is not sure how to get down there, but, seeing an open door, assumes it is the stairway and steps through. Unfortunately the door turns out to be an…

Spotlight: Information Security Continuous Monitoring

By Lon Berman, CISSP No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic organizational problem. Cyber attackers are more sophisticated than ever before, and it has become vitally important to understand how to manage risk and implement a continuous monitoring program.  More than just…

Offensive Wifi Gear Has Started to Arrive!

We are getting excited about our upcoming Offensive Wifi and Mitigation Techniques class.  Gear has started to arrive!  Check out these Mark V Pineapples that showed up today!  This class will be using these and other tools to demonstrate wifi attacks and how to prevent against them.  If you would like more information, please give…

RMF Transition Timeline Infographic

IT Dojo offers a comprehensive course on the transition from DIACAP to RMF.  Please take a look at our RMF training courses here. Here is a link to a great book on RMF that we highly recommend. A ton of other information can be found on the NIST web site.

DIACAP Says “So Long”

On March 12, 2014 the DoD released a new policy that makes it official that the DoD Information Assurance Certification and Accreditation Process (DIACAP) is being put to bed in favor of a “new” Risk Management Framework (RMF).  The news is not a revelation as it has been in the works for a few years…

Is Your Post 2011 Security+ Cert About to Expire? Get CE Credits Now!

As many of you know, if you received your Security+ certification after 2011, you are not eligible for lifetime Security+ status. Before that you were grandfathered in, but if your is after 2011 you are out of luck. No every 3 years you must renew your certification by either retaking the exam, or by completing…

Security Through Obscurity

The effectiveness of Security through Obscurity is closely related to the knowledge (or lack thereof) of the attacker. If someone is unaware of how a particular technology works, the data is obscured by the nature of the technology. Once some understanding is had by your adversary, however, the security vanishes. Some examples are: 1. Not…