Innovative Minds - On Point - One Group  

Policy and Procedure

This is the blog for MindPoint Group's Information Security & Privacy (ISP) division. We hope to use this to contribute to and debate ideas among the ISP community.
14
Mar
2016

Electronic Voting for the 21st Century

By:

With the election year ahead it behooves us to take a look at the security of our voting systems and consider new technologies to make voting more accessible. Emerging technologies such as internet voting and mobile voting could help open elections to more people and encourage greater turnout. Both new and existing technologies pose concerns

Read More

03
Nov
2015

Your Data’s Your Data: Managing Third Party Risk

By:

Your Vendors Are a Risk, Here is What You Can Do It is likely your organization relies on third parties to sustain day to day business operations; two-thirds of companies do. Outsourcing has more than doubled between 2000 and 2012 from $45 billion to $99 billion respectively.[i] But how secure is your supply chain? Of

Read More

15
Oct
2015

Privilege Escalation via Group Policy Preferences (GPP)

By:

While this is not a new topic in the penetration testing world by any means [Chris Gates (@carnal0wnage) and others were speaking about this way back in 2012], it is still prevalent across many networks today. It is important enough to talk about because it is “low-hanging fruit” for pentesters (and hackers) and it is

Read More

22
Feb
2011

Wikileaks: How I Learned to Worry More…

By:

Wired’s Danger Room blog recently acquired a “Cyber Control Order” penned by Major General Richard Webber, commander of Air Force Network Operations. This order, dated December 3rd, bans the use of removable media on SIPRNET, and specifically reminds all Airmen that failing to comply with an order is punishable under Article 92 of the UCMJ.

Read More

25
Sep
2010

A Requirement By Any Other Name….

By:

Since we’ve covered FISMA and NIST recently, I thought it would be a good time to discuss policies, standards, guidelines, and procedures. Hopefully I can provide some meaningful guidance regarding what should and in some cases shouldn’t be in each of these documents.I will preface the rest of this post by saying that have learned

Read More