Blog Posts Tagged with "Data Loss Prevention"
The Fear Factor in Information Security
June 13, 2012 Added by:DHANANJAY ROKDE
Vendors are increasingly using the fear factor and coarse tactics to pressure information security managers into deploying rather unnecessary technologies and products. Why have we never heard of a vendor pitch claiming responsibility of failure to protect a company’s infrastructure?
Comments (0)
Fashionable But Vulnerable: Mobile Devices in the Workplace
June 12, 2012 Added by:Simon Heron
Mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them...
Comments (0)
Can You Use Dropbox for Storing Healthcare Data?
June 11, 2012 Added by:Danny Lieberman
The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...
Comments (0)
LinkedIn Breach Part II: What You Need to Prepare for Next
June 09, 2012 Added by:Jason Clark
The LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate DLP consequences and tighten network security. You need a strategy to protect against attack scenarios. Here’s a seven-step check list for mitigating your risk...
Comments (4)
It’s Time to Convert from Passwords to Passphrases
June 08, 2012 Added by:Stacey Holleran
The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...
Comments (0)
How to Keep Healthcare Secrets Online
June 06, 2012 Added by:Danny Lieberman
When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio...
Comments (0)
Keeping Technology Staff Honest
June 05, 2012 Added by:Jayson Wylie
Technology staff, on occasion, have had an all-access pass to all data on Window’s networks. This creates an environment where the support staff has exposure in having access to sensitive and confidential stuff stored in the most private parts of the organization’s data stores...
Comments (0)
Infosec Subjectivity: No Black and White
June 04, 2012 Added by:Dave Shackleford
Overall, here’s the rub: There are almost no security absolutes. Aside from some obvious things like bad coding techniques, the use of WEP, hiring Ligatt Security to protect you, etc... Everything else is in information security the gray area...
Comments (1)
Five Things a Healthcare CIO Can Do to Improve Security
May 31, 2012 Added by:Danny Lieberman
In a complex healthcare organization, large scale security awareness training is a hopeless waste of resources considering the increasing number of options that people have (Facebook, smartphones..) to cause damage to the business. Security awareness will lose every time it comes up against an iPad or Facebook...
Comments (0)
The Virtual Sky is Falling!
May 28, 2012 Added by:Marc Quibell
Opportunists are using an alarmists strategy, bolstered by bloated opinions, to get you to buy their stuff. IT Sec businesses and vendors are not objective sources for security trends, threats and/or events. They are advertisements...
Comments (0)
Is Security Broken? How I Propose to Fix It...
May 23, 2012 Added by:PCI Guru
In a true war, we would be investing in creating an offensive capability to go into cyber-battle with the enemy. And while there are discussions about having offensive capabilities, security professionals are still in a defensive posture protecting the organization...
Comments (2)
How to Secure Patient Data in a Healthcare Organization
May 23, 2012 Added by:Danny Lieberman
If you are a HIPAA covered entity, securing patient data is central to your business. If you are a big organization, you probably don’t need my advice. If you are small to mid-size provider without a large budget, the question is “How can I do this for as little money as possible?”
Comments (0)
Data Mining A Mountain of Zero Day Vulnerabilities
May 22, 2012 Added by:Fergal Glynn
Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...
Comments (0)
Small Merchant Data Security: Helping Them Help Themselves
May 17, 2012 Added by:Stacey Holleran
Many small merchants—whether selling online or brick-and-mortar, or both—don’t have the technological background to understand the steps necessary for protecting the cardholder information and other sensitive data that passes through (and may be stored in) their business systems...
Comments (0)
BYOD - It's a Personal Matter
May 16, 2012 Added by:Phil Klassen
When you own something, especially a mobile device, there is a sense of entitlement that the individual has. So it's critical that you establish the fact that using a personal device to do company business is a privilege, not a right, and that privilege can be taken away...
Comments (1)
Why Security Through Obscurity Still Does Not Work
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
Comments (0)
- Influence Operation Uses Old News of New Purposes
- Spring Cleaning: Why Companies Must Spring Clean Out Their Social Media Accounts This Season
- Building Modern Security Awareness with Experiences
- The Promise and Perils of Artificial Intelligence
- Utilising the Benefits of Industrial Robots Securely
- On the Horizon: Parasitic Malware Will Feast on Critical Infrastructure
- Thoughts on DoS Attack on US Electric Utility
- Network of Fake Social Accounts Serves Iranian Interests
- Researchers Analyze the Linux Variant of Winnti Malware
- BlackWater Campaign Linked to MuddyWater Cyberspies