General
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
Analysis of the April 2012 CPU for the Oracle Database
April 23, 2012 Added by:Alexander Rothacker
It’s mid-April, so it’s Oracle CPU fallout time again. This CPU contains 88 fixes. Thirty-three in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities...
Comments (0)
Pain Comes Immediately – Secure Development Takes Time
April 17, 2012 Added by:Alexander Rothacker
Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...
Comments (0)
Megaupload Goes to Court: A Primer
April 11, 2012 Added by:Electronic Frontier Foundation
Does the government have a responsibility to protect innocent third parties from collateral damage when it seizes their property in the course of prosecuting alleged copyright infringement? That is the question a federal district court will consider...
Comments (0)
Beyond the Firewall – Data Loss Prevention
April 05, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
Comments (0)
White House: Big Data is a Big Deal
April 05, 2012 Added by:Headlines
By improving our ability to extract knowledge and insights from large and complex collections of digital data, the initiative promises to help accelerate the pace of discovery in science and engineering, strengthen our national security, and transform teaching and learning...
Comments (0)
Data Classification: Why it is Important for Information Security
April 02, 2012 Added by:Christopher Rodgers
Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...
Comments (0)
It’s Data Breach Report Season: Beware Of Partial Truths
April 01, 2012 Added by:Josh Shaul
At the end of the day, these reports are important. They provide much needed insight into at least some data breaches. But we have to accept that this isn't the U.S. Census. We must learn what we can from them without becoming hypnotized by the hype that can surround them...
Comments (1)
Transborder Data Flows at Risk
March 22, 2012 Added by:David Navetta
The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries...
Comments (0)
Examining the Top Ten Database Threats
March 14, 2012 Added by:PCI Guru
Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...
Comments (0)
It’s Back: March Madness Higher Education Data Breach Brackets
March 12, 2012 Added by:Alexander Rothacker
The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets. For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected...
Comments (0)
Howard Schmidt to Unveil Report on Health Information Security
March 02, 2012 Added by:Marjorie Morgan
Schmidt is slated to announce the third publication in the Internet Security Alliance's financial cyber risk management series, "The Financial Impact of Breached Protected Health Information: A Business Case for enhanced PHI Security"...
Comments (0)
Database Security TLAs Make Me LOL
February 15, 2012 Added by:Josh Shaul
I can only imagine what folks go through when they’re shopping for solutions to improve databases security. Do you want DAM? DAP? DAMP? DSP? DLP? WAF? To improve the security of your databases, you’re probably going to need some or all of the following capabilities...
Comments (0)
Data at Rest: Dormant But Dangerous
February 10, 2012 Added by:Simon Heron
Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...
Comments (0)
Four Keys for Intellectual Property Protection
February 07, 2012 Added by:Jason Clark
Intellectual property includes product designs, secret formulas, and other trade knowledge. It's what organized cybercrime, state governments and hackers are all going after. Why? Mostly because of the value. One stolen manufacturing process can be worth millions...
Comments (1)
Twelve Security Best Practices for USB Drives
February 07, 2012 Added by:Kelly Colgan
Portable and mobile storage devices are significant players in most corporate offices. Ensuring proper protection with a best practices policy and strict enforcement offers significant risk reduction—and can prevent long nights on data breach investigations...
Comments (1)
- Windows Meets Industrial Control Systems (ICS) Through HAVEX.RAT – It Spells Security Risks
- Is it Cheaper to Keep it? Reevaluating Your IAM Solutions
- Facebook “Enter Details Here to Enable Your Account”
- Real Hacks of Critical Infrastructure are Occurring – Information Sharing is Not Working
- Multipath TCP - Black Hat Briefings Teaser
- Ad Hoc Security's Surprisingly Negative Residual Effect
- "Fake ID" Android Vulnerability in Lets Malicious Apps Impersonate Trusted Apps
- Connecting Bellwether Metrics to the Business
- The Dilemma of PCI Scoping - Part 1
- Cyphort Detects Surge in Ad Network Infections, a.k.a. “Malvertising”