10 Ways to Keep Your WordPress Site Secure
If you are running a website that uses WordPress here are 10 suggestions to help you avoid making your vulnerable:
- Always run the very latest version of WordPress
- Always run the very latest versions of your plugins and themes
- Be conservative in your selection of plugins and themes
- Delete the admin user and remove unused plugins, themes and users
- Make sure every user has their own strong password
- Enable two factor authentication for all your users
- Force both logins and admin access to use HTTPS
- Generate complex secret keys for your wp-config.php file
- Consider hosting with a dedicated WordPress hosting company
- Put a Web Application Firewall in front of your website
InfoSecurity Russia 2013: new records and success of anniversary exhibition!
InfoSecurity Russia 2013 which is the leading and most respectable Informational Security event in Russia affirmed this great status at the 10th time.
The illustrious guests from Federal Tax Service, Russian State Duma, Russian Ministry of Interior, Gazprom Transgaz Moscow, Russian Ministry of Communications, Russian Investigating Committee attended the solemn opening ceremony,greeted visitors and participants of the exhibition and became acquainted with the exposition.
Dmitry Shevcov, FSTEC of Russia:
Today international exhibition InfoSecurity Russia is one of th most important and expectable business event in Russia. I would like to thank the organizators for opportunity to meet the latest Informational Security ellaborations and to meet the members of government, experts, commercial organisations and the mail persons of the market.
As a result of expanded conference program and high quentity of products and services presented at the exposition InfoSecurity Russia 2013 combined the leading сhiefs and proffessionals of Russian and foreign markets. This year the pre-registration grew up to 62% from last event and got the number of 5973. The number of pre-arranged meetings broke all records of previous years exceeding 17000 times.
For the first two days of the exhibition visitor numbers exceeded the total number of visitors in 2012 According to preliminary estimates , it grew by 10 % compared to last year.
Milova Elena, MFI Soft.
All our colleagues, partners and clients come to this thematic exhibition. We develop and operate in this business for a long time and can steadily say that attendance of this event is very effective impact on future work. InfoSecurity Russia exhibition is excellent, as always! Year after year, the quality of work organization improves and visitors come positive of what they want to find there.. Thank you for your audience ! We are glad to be a part of such event!
Exhibitors presented 344 information security and IT products. Each visitor was able to get detailed information on products in the field of Mobile Security, Cloud Solutions, Security PDN , Networking , Cryptography, Anti-Virus, Data Centers, EDM, Certification Centers , Electronic Government Services , Virtualization, Identity Management, and much more .
For the first time in this year’s event was presented an unprecedented composition of key speakers – leading experts from Russia , Ireland, Italy , UAE, USA, UK, Switzerland, Germany, South Korea, India, South Africa , Hungary and Lithuania.
Crowded rooms , protracted discussions , disputes and unexpected findings – these are the characteristic features of the conference program in 2013.
Conference program was traditionally lit up the vital topics that most interest the community of experts and customers of the information security market . Among the main topics : mobile security, personal data protection , combating fraud , cloud computing , security, critical infrastructure and others.
For the first time in Russia , and only during InfoSecurity Russia was organized an international conference ” Cybercrime and Digital Forensics .”
We should also mention a whole section of the conference program – Foresight 2020 .
The exhibition included series of events , through which visitors could learn about the most recent projections for information security in Russia and the world, have a look into the future and to debate about technology and threats ahead of time .
Andrey Miroshkin , Groteck Business Media CEO
A distinctive feature of the exhibition in 2013 – a joint effort of the organizers , exhibitors and industry experts in organizing the event. The active cooperation of all stakeholders allowed to hold an exhibition in the style and format in which it is wanted to be seen by the majority of the professional community. These principles will be applied in the future!
The exhibition was a record in the number of interactive events : competitions and entertainment events on stands of exhibitors , the festival of Oktoberfest beer tasting , a concert of Bavarian folk music, drawing tablet iPad mini, at the same time share a handshake hundreds of IT and IS professionals and much more.
InfoSecurity Russia’2013 is over, but the work is going on . All those who could not attend the exhibition this year, can take advantage of online services and see what they’ve missed . Presentation materials and reports will be provided in the «My report» page of our website . In addition , the website will be filled with photo- and video interviews with the participants of the exhibition.
We thank all the participants, partners , visitors and invite you to work on the exhibition InfoSecurity Russia’2014!
Now you can book your participation in InfoSecurity Russia 2014 on the best conditions ! Contacts:
Natalia Rohmistrova ,rohmistrova@groteck.ru
Alla Aldushina aldushina@groteck.ru
National Cyber Security Awareness Month
October is National Cyber Security Awareness Month and it is an opportunity to engage public and private sector stakeholders – especially the general public – to create a safe, secure, and resilient cyber environment. Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation — from government and law enforcement to the private sector and most importantly, the public.
Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks. The Department of Homeland Security is committed to raising cybersecurity awareness across the nation and to working across all levels of government, the private sector, and internationally to protect against and respond to cyber incidents.
This year marks the tenth anniversary of National Cyber Security Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center.
Through a series of events and initiatives across the country, National Cyber Security Awareness Month engages public and private sector partners to raise awareness and educate Americans about cybersecurity, and increase the resiliency of the Nation and its cyber infrastructure.
This 10th anniversary, National Cyber Security Awareness Month looks ahead at the cybersecurity challenges for the next ten years, dedicating each week to a different cybersecurity issue:
 |
Week One (October 1-4): Launch of 10th Annual National Cybersecurity Awareness Month. Cybersecurity is Our Shared Responsibility |
The next ten years in cybersecurity are critical to ensure a safe, secure, resilient cyberspace where the American way of life can thrive. Given the stakes we must remain focused on meeting the challenges of the next ten years. |
 |
Week Two (October 7-11): Being Mobile: Online Safety and Security |
Emphasizes the importance of cybersecurity no matter where you are or what device you are using. |
 |
Week Three (October 15-18): Cyber Workforce and the Next Generation of Cyber Leaders |
Highlights the importance of fostering the next generation cyber workforce through education and training. |
 |
Week Four (October 21-25): Cyber Crime |
Focuses on national and local efforts to prevent traditional crimes like theft, fraud, and abuse that can also take place online. |
 |
Week Five (October 28-31): Critical Infrastructure and Cybersecurity |
Highlights the growing intersection between cyber and physical security when protecting the Nation’s critical infrastructure. |
Do Your Part
While each week of National Cyber Security Awareness Month highlights a different element of cybersecurity, the overarching theme is the same. Together, we can maintain a cyberspace that is safer and more resilient, and that remains a source of tremendous opportunity and growth for years to come.
To get involved:
- Find or register a local event on the official calendar.
- Get information on how your government, law enforcement, business, school, or organization can take action during NCSAM.
- Teach elementary, middle, and high school students about Internet safety and security.
- Follow @cyber, @DHSgov, and post cybersecurity tips, news, and resources highlighting NCSAM on social media sites.
Original post at DHS Site
Snowden documents reveal: NSA gathers U.S Citizens’ Social Connections’ data
Interesting article from our content partners at HackersNewsBulletin.com:
Latest Snowden documents reveal that National Security Agency has been exploiting US citizens’ personal information drawn from its huge collection of data to create sophisticated graphs of some Americans’ social connections.
According to nytimes, these Graphs can help them identify their associates, their locations at certain times, their traveling companions and other personal information.
Leaked documents also reveal—for examine Americans’ networks of associations for foreign intelligence purposes, Analysis of phone call and email logs have been allowing by the spy agency since November 2010, after N.S.A. officials lifted restrictions on the practice.
The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the US, a January 2011 NSA memorandum cited in the documents explained.
According to the nytimes’ report, the agency has been allowed to enlarge the communications’ data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data.
NSA officials declined to comment on, which phone and email databases are used to create the social network diagrams. The agency did say that the large database of Americans’ domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded.
Orin S. Kerr, a law professor at George Washington University, told the NYT:
Read the rest here.
WordPress 3.7 Beta 1
This article was posted by Andrew Nacin on WordPress.org
I’m pleased to announce the availability of WordPress 3.7 Beta 1.
For WordPress 3.7 we decided to shorten the development cycle and focus on a few key improvements. We plan to release the final product in October, and then follow it in December with a jam-packed WordPress 3.8 release, which is already in development. Some of the best stuff in WordPress 3.7 is subtle — by design! So let’s walk through what we’d love for you to test, just in time for the weekend.
Automatic, background updates. 3.7 Beta 1 will keep itself updated. That’s right — you’ll be updated each night to the newest development build, and eventually to Beta 2. We’re working to provide as many installs as possible with fast updates to security releases of WordPress — and you can help us test by just installing Beta 1 on your server and seeing how it works!
When you go to Dashboard → Updates, you’ll see a note letting you know whether your install is working for automatic updates. There are a few situations where WordPress can’t reliably and securely update itself. But if it can, you’ll get an email (sent to the ‘Admin Email’ on the General Settings page) after each update letting you know what worked and what didn’t. If it worked, great! If something failed, the email will suggest you make a post in the support forums or create a bug report.
Here are some other things you should test out:
- If you’re running WordPress in another language, we’ll automatically download any available translations for official WordPress importers and the default themes. (More to come here.)
- Our password meter got a whole lot better, thanks to Dropbox’s zxcvbn library. Again, subtle but effective. Strong passwords are very important!
- Search results are now ordered by relevance, rather than just by date. When your keywords match post titles and not just content, they’ll be pushed to the top.
- Developers should check out the new advanced date queries in
WP_Query. (#18694)
This software is still in development, so we don’t recommend you run it on a production site. I’d suggest setting up a test site just to play with the new version. To test WordPress 3.7, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
As always, if you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.
Happy testing!
WordPress three seven
Saves your weary hand a click
Updates while you sleep
Original Post Can Be Located Here.
Management of Information Security by M. E. Whitman and H. J. Mattord
Chapter 1
Introduction to the Management of Information Security
Chapter Overview
The opening chapter establishes the foundation for understanding the field of Information Security. This is accomplished by explaining the importance of information technology and defining who is responsible for protecting an organization’s information assets. In this chapter the student will come to know and understand the definition and key characteristics of information security as well as the come to recognize the characteristics that differentiate information security management from general management.
Chapter 2
Planning for Security
Chapter Overview
In this chapter, the reader will come to recognize the importance of planning and learn the principal components of organizational planning as well as gaining an understanding of the principal components of information security system implementation planning as it functions within the organizational planning scheme.
Chapter 3
Planning for Contingencies
Chapter Overview
The third chapter of the book will articulate the need for contingency planning and explore the major components of contingency planning. In this chapter, the reader will learn how to create a simple set of contingency plans using business impact analysis and prepare and execute a test of contingency plans.
Chapter 4
Security Policy
Chapter Overview
In this chapter, readers will learn to define information security policy and understand its central role in a successful information security program. Research has shown that there are three major types of information security policy and the chapter will explain what goes into each type as the reader learns how to develop, implement, and maintain various types of information security policies.
Chapter 5 Developing Security Programs
Chapter Overview
Chapter 5 will explore the various organizational approaches to information security and provide an explanation of the functional components of the information security program. Readers will learn how to plan and staff an organization’s information security program based on its size and other factors as well as how to evaluate the internal and external factors that influence the activities and organization of an information security program. As the topic of organizing the information security function is expanded upon, the reader will learn how to identify and describe the typical job titles and functions performed in the information security program. The chapter concludes with an exploration of the components of a security education, training, and awareness program and describes how organizations create and manage these programs.
Chapter 6 Security Management Models and Practices
Chapter Overview
In this chapter, readers will learn the components of the dominant information security management models, including U.S. government-sanctioned models, and how to customize them for a specific organization’s needs. This knowledge will be extended as readers learn how to implement the fundamental elements of key information security management practices and gain an understanding of emerging trends in the certification and accreditation of U.S. federal IT systems.
Chapter 7
Risk Management: Identifying and Assessing Risk
Chapter Overview
Chapter 7 defines risk management and its role in the organization and allows the reader to begin using risk management techniques to identify and prioritize risk factors for information assets. The risk management model presented here allows the assessment of risk based on the likelihood of adverse events and the effects on information assets when events occur. The chapter concludes with a brief discussion on how to document the results of risk identification.
Chapter 8
Risk Management: Assessing and Controlling Risk
Chapter Overview
The eighth chapter of the text presents essential risk mitigation strategy options and opens the discussion of how to control risk. This will include identifying risk control classification categories, using existing conceptual frameworks to evaluate risk controls, and formulating a cost benefit analysis. Readers will learn how to maintain and perpetuate risk controls. As a method to contrast the approach presented in the earlier parts of the chapter, the OCTAVE approach to managing risk is introduced.
Chapter 11
Law and Ethics
Chapter Overview
Chapter 11 covers the topics of law and ethics. In this chapter readers will learn to identify major national and international laws that relate to the practice of information security as well as come to understand the role of culture as it applies to ethics in information security.
