Profile

Hi Jon, I wanted to share my experience with this. I am a JD though not practicing and am usually one of the first in line for reviewing vendors and then hand it off to our counsel. In my experience most of the vendors who do regular business with gov't entitles have no issue amending their NDA's ...

Thanks for that info Dan. You should check out the CVE though, as it appears that the iClass SE cards are now affected. Not sure if it is a flipper attack or some other RFID capture device though. Edit to include link for the CVE. ------------------------------ Mike Rovetto Information Security ...

Hi all, A month or so ago, I posted asking if anybody had seen the flipperzero being used on campus, etc. I recently came across an article about an incident at SLU where a master keycard was cloned and a student used it to gain access to a dorm room. After doing some digging I came across the above ...

Hello all! I am not sure if this is the proper forum for this, if not I apologize (if a mod could tell me where to post it I'll be more than happy to). Recently my team became aware of the Flipper Zero and O.MG cable due to social media posts. While there is a lot of hype surrounding the devices, it ...

Hi Wendy, thanks for the reply! It has definitely been causing me some issues :). I come from the law side of things and we like our standards to have been settled law for 50 years. Beyond CIS and OWASP, do you have any other recommendations for finding best practices? Also, how would you set-up your ...

Thanks Carolyn! Out of curiosity, when you had a strong enough opinion what kind of support did you use and how did you deal with pushback from others that might disagree? ------------------------------ Mike Rovetto Information Security and Data Privacy Legal Analyst University System of Maryland ...

Hi all, I am trying to find common best practices for the parts of 171 that are "org defined". For example, 800-171r3 3.01.10 says to use a device/session lock after X amount of period. I searched high and low on NIST and could not find a solid recommendation, but the CIS Enterprise Controls list ...

Hi Wendy! Thank you for your reply! I actually forwarded your website to my boss and we are discussing how we can implement some of the things we saw. I guess my problem/question stems more from the legal side if a dispute where to happen. Most of the agreements I've reviewed have a totality of agreement ...

Hi all, I am a recent law grad and do security reviews from a legal risk perspective in addition to the technical side of things. In my current role, I haven't had to use a HECVAT yet, but at a prior institution I reviewed all of our cloud vendors. In my experience, it seems as if the HECVAT's are ...