Items Tagged with "Data Loss Prevention"
July 17, 2012
Developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the application. This Recommendation provides information and establishes frameworks to support appropriate decisions...
July 16, 2012 Added by:Rafal Los
If we as IT professionals and architects acknowledge that the perimeter is now around the data, what solutions do we have for protecting it? How can we protect data which is mobile, usable, and in a constant state of danger? The answer seems to be some form of protection that involves our old friend, encryption...
July 16, 2012 Added by:Marc Quibell
Times have changed , and I'm not talking about the technologies involved. I'm talking about the rules and regulations we have to follow, and the best practices we as employees must abide by - as opposed to the days of the old briefcase - when it comes to protecting the data with which we are entrusted...
July 14, 2012 Added by:Rafal Los
APT - Advanced Persistent Threat has been the nervous topic for a long time now in Information Security. While there is a metric ton of misinformation and confusion about what constitutes an Advanced Persistent Threat, the thrust seems to be that once you're a target, you're a victim...
July 13, 2012 Added by:Michelle Drolet
The downside to the BYOD movement is the difficulty of maintaining security. How do IT departments provide easy access to documents and files for a host of different devices and still ensure that sensitive material remains safe and workplace systems are not exposed to serious threats? How can they safeguard networks?
July 12, 2012 Added by:Fergal Glynn
The impact of Insecure Cryptographic Storage flaws when exploited is usually quite high due to the fact that the information that is usually encrypted are important things like personally identifiable information, trade secrets, healthcare records, personal information and credit card numbers...
June 22, 2012 Added by:PCI Guru
“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...
June 21, 2012 Added by:Jayson Wylie
It does not seem like the top leaders at organizations are as concerned with others' information as they might be with the bottom line. If organizations do not respond to fear of embarrassment for failing at security, should we start taking them to court to formulate better consumer protections?
June 13, 2012 Added by:DHANANJAY ROKDE
Vendors are increasingly using the fear factor and coarse tactics to pressure information security managers into deploying rather unnecessary technologies and products. Why have we never heard of a vendor pitch claiming responsibility of failure to protect a company’s infrastructure?
June 12, 2012 Added by:Simon Heron
Mobile devices are contributing to improved efficiency and are undoubtedly popular with employees, but they are also inherently vulnerable. To minimise the risks, organisations must develop specific mobile device management policies – and then enforce them...
June 11, 2012 Added by:Danny Lieberman
The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...
June 09, 2012 Added by:Jason Clark
The LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate DLP consequences and tighten network security. You need a strategy to protect against attack scenarios. Here’s a seven-step check list for mitigating your risk...
June 08, 2012 Added by:Stacey Holleran
The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...
June 06, 2012 Added by:Danny Lieberman
When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio...
June 05, 2012 Added by:Jayson Wylie
Technology staff, on occasion, have had an all-access pass to all data on Window’s networks. This creates an environment where the support staff has exposure in having access to sensitive and confidential stuff stored in the most private parts of the organization’s data stores...
June 04, 2012 Added by:Dave Shackleford
Overall, here’s the rub: There are almost no security absolutes. Aside from some obvious things like bad coding techniques, the use of WEP, hiring Ligatt Security to protect you, etc... Everything else is in information security the gray area...