InfoSec links June 25, 2014

Getting Wrapped Around the CISO Reporting Structure Axle - Rafal Los - Following the Wh1t3 Rabbit

CISO's and where they report seem to be up for debate within the infosec community. Should they report to the Chief Information Officer (CIO) or the Chief Executive Officer (CEO). Under a CIO a CISO would have to go through someone who may not share their same concerns to get to the CEO. Under a CEO the CISO doesn't have those concerns but has to be able to express security issues and concerns in terms that a CEO can understand and probably needs a better overall understanding of the business. So where should the CISO report? That depends according to the article and I would agree. As with any security measures, what's right for one organization may not be right for another.

15 Ways to Download a File - Ryan Gandrud - The NetSPI Blog

Ever wonder how you get stuff installed on your computer that you didn't know about and probably don't want. Well here's 15 ways that can happen.

How Not To Respond To A DDoS Attack - Kelly Jackson Higgins - Dark Reading

Distributed denial-of-service (DDoS) are one of the most public attacks out there. The term might not be as well known among the general public but the attack is and attackers are continuing to come up with new ways of executing the attack regularly.  DDoS is here to stay and this article has some pretty good tips on how to handle and, more importantly, how to be prepared for such an attack.