Information Security

Multi-factor authentication with YubiKey
August 3, 2020   |   Information Security

Multi-factor authentication (MFA) is generally available these days with popular services e.g. Facebook, Google, Amazon, etc. Even more traditional industries, such as banks, are also doing, slowly, the same. A good mention here for my previous employer, a credit union, that has implemented multi-factor authentication around 2019.

Continue Reading
Are You Outsourcing Your Security With a Cloud Application?
August 1, 2018   |   Information Security

You finally decided to use cloud services for your organization? Great! There are definitely many advantages. Your objective was also to outsource the security to the provider? Sorry, not quite. The security of your information will always be your own responsibility.

Continue Reading
Keeper Security and Random Deactivation
May 30, 2018   |   Information Security

We trust cloud services to keep our data secure. But we don’t always think about the impact in the event where the service would have some downtime. Even less in a situation where the provider would decide to disable the service.

Continue Reading
Are You Really receiving a Penetration Test Report?
February 22, 2018   |   Information Security

There are more and more organizations interested in a penetration test, or simply a “pentest”, on their infrastructure. However, there is a requirement for specific skills and this expertise is not often available within most organizations. It is also a good idea to have an external opinion, someone who will be impartial and doesn’t know too much about the current configuration.

Continue Reading
Cloud Security with Object Storage
January 5, 2018   |   Information Security

Many cloud providers are often criticized for the security provided with object storage services. Even more after the disclosure of private information that occurred in 2017 by using these services. These security breaches were also from well-known organizations such as Verizon, Accenture, Booz Allen Hamilton, Viacom, National Security Agency, National Credit Federation, Australian Broadcasting Corporation, Department of Defense, Republican National Committee, etc.

Continue Reading
NIST and the Digital Identity Guidelines
November 21, 2017   |   Information Security

The NIST published last June the final version of the Digital Identity Guidelines also known as SP 800-63. This publication was a draft since 2016 and they even asked for comments from the community on GitHub during the summer 2016. All these comments were inputs for the final publication.

Continue Reading
October 2017 : Security Breaches
November 5, 2017   |   Information Security

The data security breaches occurred/disclosed in October 2017. Disqus The popular commenting system was breached in 2012. Disqus got notified by Troy Hunt, a security expert, who obtained a copy of the data. According to the company, the data exposed are from 2007 and involve 17.

Continue Reading
iDNS: Scam Going On for More Than 15 Years
October 15, 2017   |   Information Security

You probably already received one of these letters if you have registered a domain name in the past few years. The company behind these letters is Brandon Gray Internet Services Inc. The worst part is the fact this is a legitimate organization registered and operating in Canada (Markham, Ontario).

Continue Reading
Septembre 2017: Brèches de sécurité
October 3, 2017   |   Information Security

This post was published when this blog was also in French. This post is available in English. Septembre 2017 a été un mois intéressant pour plusieurs brèches importantes de sécurité. Nous avons tous appris la valeur de nos informations personnelles. À partir de maintenant, je vais publier un billet mensuel au sujet des brèches importantes de sécurité du mois précédent.

Continue Reading
September 2017: Security Breaches
October 3, 2017   |   Information Security

September 2017 has been an interesting month for many important security breaches. We all learned the value of our personal information. From now, I will publish a monthly post about the major security breaches from the previous month. Equifax Equifax is a consumer credit reporting agency and they had a recurrent unauthorized access to their systems from May 13th to July 30th.

Continue Reading
CISSP: Réussi, et une autre étape complétée
September 2, 2017   |   Information Security

This post was published when this blog was also in French. This post is available in English. Terminé. Cet examen de 6 heures avec ses 250 questions est enfin du passé. Eh oui, je parle bien du légendaire CISSP ou l’examen pour le “Certified Information Systems Security Professional” de ISC2.

Continue Reading
CISSP: Passed, and One More Milestone Completed
August 28, 2017   |   Information Security

Done. The 6-hour exam with its 250 questions is finally in the past. Yes, I am talking about the famous CISSP or the “Certified Information Systems Security Professional” exam from ISC2. This is the certification that most information security professionals will try to obtain at one point in their career.

Continue Reading