Which Mobile Operating System is the most secure?

I invite you to answer poll question: “Which Mobile Operating System is the most secure?”

Offered answers are:

  • Android,  Google
  • BlackBerry OS,  RIM
  • iOS,  Apple
  • Symbian OS,  Nokia and Accenture
  • Windows Phone,  Microsoft
  • Other

Poll is located at top of right column of this blog. Thank you for voting.

Share
Posted in Mobile / Cellular / Bluetooth, Operating Systems and Application Security, Polls, Security, Wireless Security | Leave a comment

Certified ISMS Lead Auditor, PCI ISA

During last 6 months (period April – October 2011) I have gone through trainings, passed the exams and obtained new certificates:

  • Certified ISMS Lead Auditor – ISO / IEC 27001 Information Security Management System
  • PCI ISA (Payment Card Industry Internal Security Assessor), PCI Security Standards Council.

More details about ISO 27001 Certified ISMS Lead Auditor Training Course you can find here.

Information about PCI ISA Training Program is here.

Share
Posted in Compliance, Education and Training, Security | Tagged , , , , , | Leave a comment

Security Risk Management for Critical Infrastructures

Paper “Security Risk Management for Critical Infrastructures”, prepared by two colleagues and me, has been presented on ItAIS 2011 conference at Rome Italy on October 8th, 2011.

Citation details for the paper:

  • Dragan Pleskonjic, Fabrizio Virtuani, Oscar Zoggia: “Security Risk Management for Critical Infrastructures”, ItAIS 2011, Rome, Italy, October 7-8, 2011

Here is conference program.

Abstract:

This paper presents a methodology for risk management developed and used mainly for critical infrastructures, but that can be generalized and used in other contexts. It outlines security risk assessment including identifying processes, resources / assets, threats and vulnerabilities, impacts and likelihood of failures. The methodology primary focus is the analysis of business impacts and the quantification of the different risks, together with the identification of priority intervention areas, in order to eliminate, reduce, transfer or assume calculated risks, finding the right balance between the investment (resources, money etc.) and the acceptable level / threshold of risk. The paper, based on theoretical background and on practical experiences and results achieved in real organizations that operate on global level, presents critical infrastructure characteristics, the risk management process, security goals and standards and an integrated methodology for risk management applied to critical infrastructures. Some applications cases and results obtained are shortly described, disguised for strong confidentiality issues.

Conference is held on October 7th and 8th, 2011 on LUISS “Guido Carli” University, Rome – Italy.

Paper and presentation was well accepted and generated a lot of interest in this new challenging topic among the scientific and industry community.

Share
Posted in Conferences, Events, Security, Security Research | Tagged , , | Leave a comment

Location Based Services – Security and Privacy Aspects

On September 28th, I delivered presentation on topic “Location Based Services – Security and Privacy Aspects” on global group Telenor Security Conference 2011.

Here is abstract:

Location based services are fast growing area in various types of businesses, particularly concerning mobile operators and telecoms. Mobile devices with GPS systems and location based services and its applications give great advantages and opportunities, but also generate various challenges. In present time it raises many concerns about security and privacy among individual users and business customers. Media report about these types of issues with lot of sensationalism and often without detailed and deep analysis and knowledge of technology. This presentation is intended to give overview of privacy issues and to analyze various points of view and aspects. It includes aspects users of location based services on mobile devices (mobile phones, PDAs, computers, other devices), mobile operators (telecoms, ISPs), vendors (mobile devices producers, operating systems and application developers, services providers), and regulatory bodies (including standards and compliance programs). There are many myths about privacy issues and this presentation will try to separate myths and facts in order to create balanced and real view. Also, it will try to anticipate some of future trends.

Conference is held in Belgrade on September 27 and 28, 2011 in presence of delegates of Telenor from all countries where this multinational telecom group operates.

Presentation was very well accepted and generated a lot of interest in this new challenging topic. If you are interested to now more, contact me by e-mail.

For the citation:

  • Dragan Pleskonjic: “Location Based Services – Security and Privacy Aspects”, Telenor Security Conference, September 27-28, 2011, Belgrade
Share
Posted in Conferences, Events, Mobile / Cellular / Bluetooth, Privacy, Security, Wireless Security | Tagged , , , , | Leave a comment

Cellphone location tracking – are you worried?

As part of ad-hoc research and preparation of presentation to security related conference, I put new poll on this blog.

Question is “Cellphone location tracking – are you worried?”, and possible answers:

    • Yes
    • No
    • Don’t know

Poll is located at top of right column of this blog. Thank you for voting.

Plan is to publish detailed post on blog related to Security and Privacy aspects of Location Based Services (LSB).

Share
Posted in Mobile / Cellular / Bluetooth, Polls, Security, Security Research, Wireless Security | Leave a comment

B92 Blog

During last October (2010), after more than 5 years of blogging on this blog Dragan on Security, I started to write also on B92 blog, one of the most popular web sites in Serbia. You can read my texts on B92 site here and,  if you can’t read Serbian language, you can use Google translate with all of its advantages and drawbacks. ;-)

Certainly, I will continue to write on this blog and B92 is just one more place where I will be present with my posts.

Thank you for reading.

Share
Posted in General, Security | Tagged | Leave a comment

NIST has selected the Third (Final) Round Candidates of the SHA-3 Competition

NIST has selected five SHA-3 candidate algorithms to advance to the third (and final) round:

  • BLAKE
  • Grøstl
  • JH
  • Keccak
  • Skein

Selection was announced during December 2010.

What do you think, which algorithm will win competition and become new SHA-3 standard? You can vote in poll on this blog (right upper corner).

Here is citation from NIST announcement of 3rd (final) round candidates selection: Continue reading

Share
Posted in Cryptography, Polls, Security Research | Tagged , , , , , , , , , | Leave a comment

Poll: Do You Use Any Security Precautions On Your Mobile Phone?

I invite you to answer poll question: “Do you use any security precautions on your mobile phone (lock, remote lock, encryption, remote wipe, locate etc)?”

Offered answers are:

  1. No
  2. Lock only
  3. Combination of means

Poll is located at top of right column of this blog. Thank you for voting.

For those of you who are worried for data on the mobile in case of your mobile being lost or stolen, there is free tool F-Secure Anti-Theft for Mobile.

It has next functions with simple sending SMS to phone: Continue reading

Share
Posted in Mobile / Cellular / Bluetooth, Polls, Security | Tagged , , , , , , | 1 Comment

Senior Member at ACM

I received Senior Member Grade at ACM (Association for Computing Machinery). Senior Members 2010 list is here.

The Senior Member Grade recognizes those ACM members with at least 10 years of professional experience and 5 years of continuous Professional Membership who have demonstrated performance that sets them apart from their peers.

Thanks to all who supported me to get this grade at ACM.

Share
Posted in General | Tagged , | Leave a comment

New Version of CrypTool

New version of CrypTool has been released on August 4th, 2010. CrypTool is a free, open-source e-learning application, used worldwide in the implementation and analysis of cryptographic algorithms. It supports both contemporary teaching methods at schools and universities as well as awareness training for employees and civil servants.

The program can be downloaded here.

The current release version for users is CrypTool 1.4.30. It is available in English, German, Spanish, Polish, and from this version, in Serbian language.

My students from “Visoka škola elektrotehnike i računarstva” from Belgrade, contributed localization of this software to Serbian language.

Share
Posted in Cryptography, Education and Training | Tagged , , , | 1 Comment