Establishing and enforcing policies that limit employee access to sensitive data and IT systems are one of the most effective mitigation strategies against a malicious insider (Brancik, 2008).  There are a number of strategies that organizations can implement in order to better secure their digital assets.  Continue Reading…

Security breaches caused by internal employees, consultants, business partners and any other individual or group of individuals that have privileged access to certain parts of the network remain one of the highest threats to digital assets.  In an article about the employee life cycle and identification of internal organizational threats, Conrad et al (2009) asserts that within an organization, the employee population is the source of potential malicious insiders.  Continue Reading…

Honeypots are sometimes used as an active defense mechanism for network security and provide a means for targeting attackers and recovering forensic evidence.  A typical honeypot traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks outbound the compromised system. Continue Reading…

Intrusion Detection

Ian Carnaghan —  September 10, 2014 — Leave a comment

Intrusion Detection is the process of monitoring an information system in order to determine if any action is being performed with malicious or otherwise cause that may negatively affect its availability, confidentiality or integrity of data contained within.  In order to get started with intrusion detection, it is important to first of all gain an understanding of what an intrusion might look like and how it might impact a system or network. Continue Reading…

​Are you a Drupal developer or someone who is interested in learning or hearing more about the platform?  Each month there are various ‘meet-ups’ that take place across the area.  ICF International now co-sponsors two of these meet-ups, one is held in our Fairfax office and the other in Rockville.  Last night we held our first Rockville meet-up, which was a big success.  Continue Reading…

Have you ever had a need to test email functionality on an application within your local development setup?  I have found this process to be both time consuming and confusing in the past, especially when working within firewall restrictions.  Of course we can always test with real dummy email addresses, but what if we accidently send a mass email out to real users?  It is much better to test everything locally first. Continue Reading…

Heather also experienced some workflow issues with the application where she was unable to locate various areas of the system.  She commented that the excessive scrolling contributed to her confusion with this.  In addition to this she noted concern with the various grid updates and format of the STA grid for editing and updating.

Continue Reading…

Meg had some difficulty working with the various grids, however once she learned the process, she was able to easily complete the remaining tasks.  She also had some initial trouble with the ‘Big Ideas’ drop-down selection.

Continue Reading…

Michael was able to complete all tasks without many concerns.  He observer and pointed out a few potential enhancements with the system, however the only issue he ran into was the recurring problem with the ‘Final Product’ text area box. Continue Reading…

Romey completed most tasks with ease, however on a few occasions she came across recurring issues.  She had trouble working with the ‘Big Ideas’ control, updating the various expedition and case study grids, and not correctly saving each form. Continue Reading…