Cisco Blogs


Cisco Blog > Security

NCSAM Tip #1: Social Networking Safety

October 3, 2011 at 5:00 am PST

In today’s Cyber Security Awareness Month Tip of the Day we revisit a past post to once again focus on the fact that millions of individuals are victims of their own carelessness by freely posting information such as vacation plans and family photos on social networks, and by storing Personally Identifiable Information (PII) such as medical records and financial information on mobile devices. Users are sometimes not sufficiently educated when it comes to what types of information should be shared, and with whom they should be sharing this information.

Read More »

Tags: , , , ,

5 Tips to Avoid the Pitfalls of Social Media

The advent of social media platforms is continually transforming the way organizations interact with customers, build brands, and engage with the world.  While certain organizations have eagerly participated in social media as a means to garner long-term marketing benefits, other organizations are hesitant to address employee interaction in the new interconnected world of social media.  However, simply looking the other way is no longer a viable option.  The statistics are staggering and can’t be ignored:  Facebook with over 500 million users, Twitter with nearly 200 million registered accounts, and LinkedIn with 100 million users.

This is a primer on how to help your organization defend itself by identifying the potential risks associated with employee use of social media, providing recommendations on how to mitigate those risks, and sharing Cisco’s approach.

Pitfalls of Social Media

Read More »

Tags: , , ,

Adapting Levels of Assurance for the NSTIC

This is part of an ongoing series on the National Strategy for Trusted Identities in Cyberspace. The introduction to this series can be found here.

One of the goals of the National Strategy for Trusted Identities in Cyberspace (NSTIC) is to support a wide range of use cases. These might include everything from low-value purchases to making adjustments to critical infrastructure, like power systems, where someone might get hurt if an unauthorized action takes place.

Read More »

Tags: , , , ,

Credential and Attribute Providers in the NSTIC

This is part of an ongoing series on the National Strategy for Trusted Identities in Cyberspace. The introduction to this series can be found here.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) describes two types of intermediaries between subjects (users) and relying parties: identity providers and attribute providers. This is a separation not frequently found in identity systems. In order to emphasize this distinction, I often use the term “credential provider” or “authentication provider” rather than identity provider to refer to a service that provides authentication services and makes assertions resulting from authentication but does not directly provide attributes about the subject.

A credential provider can be thought of as a key cabinet. The subject authenticates to the credential provider in order to “unlock” the cabinet of credentials. As with a physical key cabinet where different keys inside are used for different things, the credential provider serves different credentials to different services. Ideally, the identifiers used for each of these services would be different; a good identifier is also opaque, meaning that the identifier itself provides no additional information about the subject. Provided that the choice of credential provider itself does not reveal significant information about the subject, a subject can be generally pseudonymous with respect to the relying party until the subject authorizes the release of identifying attributes.

Read More »

Tags: , , , ,

iPhone Location Tracking: Important, Even if it Doesn’t Matter to You

Apple’s iOS mobile device operating system has recently come under fire in the media for tracking user location, recoverable from device backups of a file called consolidated.db. As we discussed in the Cyber Risk Report, even though Apple has disclosed location tracking via their Privacy Policy, significant commentary online suggests that users are surprised to learn how it is accomplished. The researchers whose efforts have brought this location tracking to wide attention were aware that forensics experts knew about it, but developed their tool to bring this to a wider attention. By all accounts, they have succeeded in raising awareness; what remains is to understand what should be done from here.

Update: Apple responded with a press release on April 27, 2011

Read More »

Tags: , ,