Friday, September 30, 2011


Organizer: Social Media Today, Speaker: Robin Carey, Sustainable Business Forum, Dupont Sustainable solutions

Webinar 9/29/2011, will be available on demand within a couple of days

Notes taken by: Brittany Box, Fortalice, LLC.

Panel: Norman Marks (VP of Governance, RIsk, and Compliance at SAP), Elaine, Cohen (CSR Consultant and sustainability reporter at Beyond Bus. Ltd., author of CSR for HR), Simon Herriott (Dupont), Robin Carey (CEO of Social Media Today)


often has its own structure within a company- individualized culture

much mandated by law in countries and states, compliance

based on size:

larger- more structured, separated from sustainability mgmt., etc.

smaller- lack structure, may not be formal at all, HR, Operations manager responsibility, no written policy **concern because this is where growth is

value of security and safety must be clarified to executives and key stakeholders in order to be addressed adequately-- putting a value on safety that translates

Is technology security being used appropriately?

need to communicate and demonstrate effectiveness (ie. with tangible milestones of progress) in regards to business goals

should be a process vs. one quick fix

members at all levels must have some level of understanding and concern

Risks: reputation risk is much higher now than ever

even if its just a PERCEPTION and not a fact, this is enough to take down an enterprise

real time reliable information must be delivered across all levels

Virtual Commute now for companies: How do we keep this safe?

risk prevention is necessary, need to be proactive, but difficult because it must be adapted according to forming trends

analytics to predict behavior

What are companies doing to monitor computers in the home office without violating privacy?

difficult to monitor in remote offices

a BIG problem, particularly if a global enterprise, that is not being addressed

lack of tools to actually assess in a real sense what is happening in these locations-- HUGE opportunity for tool development here

SAP compliance software? Consideration for at home safety?--more for protecting electronic devices in the home

provide as much education and awareness as possible

OSHA now requiring annual report from agencies- what social media they're using and how?

US govt. requires self-certification that home office is safe

Need for best practices regarding home office regulation and monitoring of private environment

3rd party safety practices? Many companies fail to address this dimension

need to carry safety regulations through all levels of chain in extended enterprise

Cost of being safe far outweighs the potential cost of not being safe**

Problem: Maybe companies don't know how far to go?

Friday, September 23, 2011

Beware of Fake Testimonials!!

Notes taken by: Theresa Payton, Fortalice, LLC.

Also featured on WBTV's Protecting Your Cyberturf with Kristen Miranda and Theresa Payton

We all have learned to count on reviews from ordinary people before we purchase a product, try a new service, or eat at a restaurant. But what if you based your decision on reading opinions that were not what they seem to be? Your hard earned money might go right down the drain if you are not aware of this latest issue.

It’s a new site called FIVERR and even though the site is still in test mode – beta – there are lots of people hanging out there. The allure? It’s the place where people share the things they will do for $5! Including, writing testimonials for businesses, even if they don’t know a thing about the business.


If you see a big burst of reviews, all positive or all negative and within hours or a few days, you might have a scam. Look for similar patterns to the positive or negative feedback.


If the reviews seem to good to be true, go to multiple review and opinion pages to see what you can find

Go out to Facebook or Twitter and ask your social network for input

Check Consumer Reports

Check in with the Business Bureau where that product or service is located to see if the reviews are consistent with the online ratings


If you want to see how others use Gogo or other Wi-Fi services on airplanes look at Mashable’s infographic:

There are many sites that allow people to post opinions. We have listed some options for you on three sites.

EPINION.COM: Sites like try to set up a trusted network of opinion givers to avoid scams but they can still get through. If you see a problem on their site, go to:

YELP.COM: lets you report questionable material at their site:

AMAZON.COM: You can see’s guidelines and report a problem at:

Quiet Bad Guys Behind the QR code

Notes taken by: Theresa Payton, Fortalice, LLC.
Also featured on WBTV's Protecting Your Cyberturf with Kristen Miranda and Theresa Payton

We told you about these a year ago, those funny looking bar codes called “QR” codes. They are popping up on TV screens, coupon
flyers and around in stores. They are fun to scan and get special information. But we’re learning now that they may not be safe
to scan. QR codes, the “QR” stands for Quick Response. Marketers love them because they can store a lot of information right
to a customer’s smart phone with a quick scan. The tag can redirect a phone to a photo, website or even a movie clip. The same
thing that makes them fast and convenient can also make them unsafe.

We have told you before not to click on links from people you do not know. Well, this can be the same thing!

If you click on a QR code that has been manipulated or tampered with, it’s the equivalent on clicking on a bad link on an email and –
boom – your smart phone is infected!


1. Wary: Be wary of QR codes
2. Watch: If a QR code tries to install something on your phone, turn the phone off
3. Protect: your personal information and passwords:

If a QR code leads you to a website that asks for personal information or passwords, think twice before inputting information
or go to the site another method


The Better Business Bureau posted a warning about QR codes at:

If you are concerned about your smart phone security, there are mobile security tools. For a recent review, check out PC Magazine’s
write up at:,2817,2385361,00.asp

Fast Company has a summary about QR codes and how to use them for your business:

Tuesday, September 13, 2011

9/11 Social Media Impact

Social Media Influence Today: How could this have made a difference for 9-11-2001?

Notes taken from: Talking points with Theresa Payton, Fortalice, LLC. and Kristen Miranda, also covered in WBTV's segment, Protecting Your Cyberturf

What's different? 9-11-2011:
Those impacted by 9/11 did not have the same level of communications that we do now.

If you think about it, popular apps such as Myspace 2003, Facebook 2004, and Twitter did not exist until 2006.
We could not have skyped the newscast until 2003!

The phone lines, both land and cell, became jammed and we were asked to not use phones if we did not need to.

High speed internet at home via broadband was not as available.

If the rescuers and those impacted had access to more sophisticated tools, it might have helped get the word out faster and sped up the process reconnecting loved ones and rescue efforts.

Post 9/11 -- How the military uses social media to keep the homeland safe!

Pre-9/11, law enforcement and the military did their best to watch chat rooms, track money exchanges between groups, and tap into communication lines to try to decipher what the bad guys might do next. They have a newer tool in their media.

Many people think of social media as a great way for the service men and women to stay in touch with their families...and it is...

However, they can now use this tool to actively watch and even infiltrate enemy networks. They do this by creating online persona and winning the trust of the bad guys. Much like putting in place an undercover cop in the physical world.

Post 9/11 - how to be prepared, stay connected, and have a plan in case you have to go offline

There are many points of view on what a future attack could look like. Some say it will be physical involving casualties. Some say it might be cyber - taking banks, cell phones, and even social networking offline either via an EMP (electromagnetic pulse) or through coordinated internet attacks.

You can plan for the worst now with three steps:
1. Print out your contacts list and keep a copy in the trunk of your car, in your briefcase, and at your home
2. Establish a "waypoint" that everyone of your loved ones know to go to in the event that phone lines, cellular service, and internet are not working
3. Establish social media accounts now with your loved ones and use them periodically so you can use them easily in the event of an emergency - Twitter, email, skype, text chat, Facebook to name a few

Lumension Webinar 9/7/2011

It’s Your Move: The Changing Game of Endpoint Security Webinar 9/7/2011

Hosted by: Lumension

Notes by: Brittany Box, Fortalice, LLC.

Executive Summary: The changing landscape of threats and more mobile workforce create a higher need for more thorough network security.

Panel: Paul Henry( security and forensic analyst) , Paul Zimski (Lumension), Doug Walls, Jason Brown

1. How have the Bad Guys changed the Rules

-there are no rules for them, defenders follow rules

-attacks on all ports

-Current recipe for disaster:

1. Bait an end user with spear phishing

2. Exploit a vulnerability

3. Download a back door

4. Est. back channel

5. Explore & steal

6. Select another victim

7. Repeat (ie. FB friending)

-Flaw Remediation is missing the target* still taking advantage of the same vulnerabilities

-neglect our endpoints, traditional AV can no longer keep up, focused on gateway only

-more than 73,000 new malware instances daily- can’t be matched without constant signature monitoring

-14 victims of malware every single second!!

-focused on blocking the delivery of malware-not preventing its execution…definition of insanity: repeating the same thing multiple times and expecting different results

- we need to make a definitive change in our defenses or we will procure the same results

-next generation malware has arrived: FLUX- is a new Trojan spreading covertly through the internet, instead of the infected machine waiting for a connection to be made from the outside, the infected machine makes the connection itself, write code—need to recognize, nearly invisible to current anti-malware software, circumvents most desktop firewalls

-Polled audience: What is your top IT security challenge- Advanced Persistent threats/ targeted attacks 21%, patching critical vulnerabilities 15%, data encryption 4%, malware viruses 20%, reducing agents and consoles 1%, educating users 38%

2. Key Moves we can make to regain control

1. Implement Defense-in-Depth Endpoint Security: more operational & security approach at a core level, risk mitigation, define a trusted environment from in the inside-out

2. Shift from threat-centric to Trust-based security

-stop malware payloads

-what is the end goal of that attack?

-antivirus will provide some protection against known payloads, provides a good layer in ultimate security defenses

-application whitelisting: what should be trusted and what should occur, look inwards on own environment unlike traditional AV, can limit use of unauthorized applications

-Trusted updater: authorizes select systems mgt. solutions to “update” software, patches, and remediations, while automatically updating the whitelist

-trusted publisher: authorizes apps. Based on the vendor that “published” them thru the digital signing certificate

-trusted path: authorizes apps to run based on their location

-local authorization—limit local admin usage, monitor and control existing local admins

3. Focus on operational basics

-Assess, Prioritize, Remediate, Repeat

-vulnerability management

“the top security priority is patching client-side software”-SANS institute, heterogeneous patch maker in place

-immediate and simple risk mitigation

4. Manage those devices ie. Compromised Flash drives? Keyboards? Anything with memory

-enforce access policy

-enforce encryption policy

-monitor, manage, report

3. Real world IT Security Experience

-EM solutions, Arlington VA: insider threat and data spill, huge focus on auditing transportable media

-protect dedicated network

-Lumension Endpoint Management and Security Suite: snapshots all endpoints

4. Q&A

-need to integrate all security systems

-need to build integrity check into defenses

Friday, September 2, 2011

Fortalice Cyber-Security Survey!

Hello, everyone! If you have a couple extra minutes, please take our brief survey here:

We will be publishing the results on here some time within the next 2 weeks! Your help with our research would be very much appreciated!

Have a great and safe Labor Day weekend!