General
The Year of the Security Standard
May 09, 2013 Added by:Anthony M. Freed
Often in the security field we hear the question asked, “Who’s watching the watchers?” It occurred to me recently that one might make a similar rhetorical quip about other aspects of our field – in particular, the question of “Who’s standardizing the standards?”
Comments (0)
Bore Them With Death-by-Awareness: That’ll Teach em!
May 08, 2013 Added by:Lee Mangold
As security professionals, we have to understand that not everyone has a passion for security. In fact, most people don’t. Given that we know “they” don’t share our passion, and we know they are the most vulnerable attack vector, why do we continue to bore them with homogenous and irrelevant training?
Comments (0)
Using Least Privilege to Effectively Meet PCI DSS Compliance
April 25, 2013 Added by:Andrew Avanessian
PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.
Comments (0)
Enter the CISO: Torchbearer of Security and Risk Management
April 06, 2013 Added by:Anthony M. Freed
In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit.
Comments (0)
Conducting Secure Transactions On-the-go with VPNs
March 20, 2013 Added by:Patrick Oliver Graf
The safeguarding of private customer information has become a top priority for many organizations, thanks in no small part to government regulation and industry oversight, as we move toward an increasingly digital world.
Comments (0)
Identity in the Modern Enterprise
March 12, 2013 Added by:Simon Moffatt
The view of IAM 1.0 (enterprise provisioning) and IAM 2.0 (federated identity, 'cloud' services and so) is continually evolving and it's pretty clear that identity management now has a greater role to play for many organisations, as they look to embrace things like increased mobility and out sourced service driven applications.
Comments (0)
Why HTC’s Settlement is a Game Changer for Secure Development
March 08, 2013 Added by:Rohit Sethi
The HTC settlement is not based on high-profile breaches. Instead, it points out: “HTC America failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices”.
Comments (0)
Implementing a Data De-Identification Framework
January 29, 2013 Added by:Rebecca Herold
Marketing organizations salivate at the prospects of doing advanced analysis with such data to discover new trends and marketing possibilities. The government wants to use it for investigations. Historians want to use it for, yes, marking historical events. And the list could go on...
Comments (0)
Privacy Crusaders – Their Own Worst Enemies
January 28, 2013 Added by:Danny Lieberman
It is no accident that the largest healthcare organizations have the highest rate of patient-privacy breaches. The old saying – “the bigger they are, the harder they fall” is true, but more than that is happening when it comes to patient-privacy breaches in America as a whole...
Comments (0)
Tribute to Stan The Man and 11 Rules for Compliance Success
January 21, 2013 Added by:Thomas Fox
These insights could help you improve your compliance program. And while it doesn’t have quite the same rhyming scheme as Paul Simon’s Mrs. Robinson, here’s to you Stan ‘The Man’ Musial. I hope that you enjoy an inning or two at the great game in the hereafter...
Comments (0)
Are you meeting your perceived security obligations?
January 19, 2013 Added by:Tripwire Inc
Security professionals today identify lack of qualified talent and lack of organizational funding as a key problem to their daily job; which probably implies that they are doing what they can with what they have; which likely may not meet expectations...
Comments (0)
The Phoenix Project: A Review
January 16, 2013 Added by:Ed Bellis
Gene Kim was kind enough to provide me with an advanced review copy of The Phoenix Project who is a co-author of the book. Fair warning: the first half of this book brought back nails-on-a-chalkboard type memories of dealing with large-scale audits and everything that comes with it...
Comments (0)
Identity Thieves Take a Bite Out of Apple
January 15, 2013 Added by:Kelly Colgan
Scammers are taking advantage of a product financing offer that presents identity thieves with the opportunity to fraudulently obtain instant credit approval to make online purchases. The crime is simple to carry out. All scammers need are the basic types of information commonly exposed in data breaches...
Comments (1)
Common Sense Cybersecurity
January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
Comments (0)
ISMS Certification Does Not Equal Regulatory Compliance
December 27, 2012 Added by:Rebecca Herold
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
Comments (0)
If you are not serious enough about your security don’t expect your IT service provider to care
December 10, 2012 Added by:Hani Banayoti
Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)