General
Insider Threats at the Executive Level
December 20, 2010 Added by:Headlines
The insider threat is particularly troublesome for organizations, as the the perpetrators have access to the most confidential of information, and breach detection usually only occurs after the damage is done...
Comments (0)
If Woody Had Gone to the Police...
December 14, 2010 Added by:J. Oquendo
The entire situation could have been avoided by implementing defense in depth. Had the United States military implemented something as simple as Data Loss Protection (DLP) combined with an SIEM, those cables might not have made it to WikiLeaks...
Comments (1)
SHATTER’s View of Gawker’s Database Hack
December 14, 2010 Added by:Alexander Rothacker
While this attack is definitely severe by the raw number of passwords compromised, breaches exposing financial information or Social Security Numbers can be much more detrimental to users and can cause even larger headaches and will take a significantly greater amount of time and hassle to remediate...
Comments (1)
Is a DLP System a Fit For Your Organization?
December 09, 2010 Added by:Robb Reck
DLP can move a company from assuming they know where their data is, and that it's being used appropriately, to a place where they know exactly where their sensitive is, who is using it, and where they are sending it...
Comments (0)
Ten Technical Questions to Make Your DLP Vendor Squirm
December 09, 2010 Added by:shawn merdinger
This will enlighten you about some of the methods attackers will use to perform data exfiltration, and will also provide you with some good questions to beat up vendors with. You can expect your DLP vendor to mention that nobody has asked some of these questions of them before...
Comments (3)
WikiLeaks and the Principle of Least Privilege
December 08, 2010 Added by:Alexander Rothacker
Clearly, there were not enough security controls in place that would have prevented the internal thief from accessing this data, and he shouldn’t have had access to this data to begin with. And if he was allowed access to it, there should have been activity monitoring in place...
Comments (0)
Complete PCI DSS Log Review Procedures Part 1
December 06, 2010 Added by:Anton Chuvakin
This is a complete and self-contained guidance document that can be provided to people NOT yet skilled in the sublime art of logging and log analysis, in order to enable them to do the job and then grow their skills. This is the first post in the long, long series..
Comments (3)
Security Versus Compliance
December 05, 2010 Added by:Alexander Rothacker
Most corporations do not have strong security cultures. Who with a budget is going to understand the anatomy of a database attack? Security advancements at many corporations are uphill battles that are largely enabled by compliance projects. Remember, the gold is in the database...
Comments (0)
WikiLeaks - Could You Be Next?
December 02, 2010 Added by:Javvad Malik
Over the last couple of days, many columns have been dedicated to covering the WikiLeaks issue and how embarrassing, not to mention politically damaging it’s been for the U.S. Government. But how can this effect a business? It could happen in any company...
Comments (1)
WikiLeaks is Doing the Security Profession a Favor
November 29, 2010 Added by:Mark Gardner
What it does highlight though, is the need for pragmatic, effective security controls to be in place, allegedly, these releases were only possibly because the Siprnet database security controls were relaxed to make the system as easy to use as possible...
Comments (5)
The Organizational Disconnect of Information Security
November 22, 2010 Added by:Alexander Rothacker
There is a false sense of reality that is plaguing organizations based on knowledge of, or a lack of knowledge relating to the costs associated with breaches at the database level. Those responsible for protecting the database don't understand the impact or costs associated with a breach...
Comments (0)
Understanding and Selecting a Database Assessment Solution
November 09, 2010 Added by:Sasha Nunke
Database Assessment is not just a security precaution, but an integral part of database operations management. Databases form the backbone of every major application within the data center, which makes their stability and security both critically important to business operations...
Comments (0)
The Road to Effective Information Management
November 05, 2010 Added by:Rahul Neel Mani
EMC completed its first 10 years in India. EMC has come a long way from being a storage box pusher to a preferred information management partner. Manoj Chugh, President EMC India in an exclusive conversation with Rahul Neel Mani talks about how the company grew both in size and stature...
Comments (0)
Information Based Enterprise Plagued by Fraud
October 27, 2010 Added by:Thomas Fox
According to the 2010 Kroll survey, 88% of companies have been victims of fraud in the past year. Information-based industries reported the highest incidence of theft of data over the past 12 months - these include financial and professional services, technology, media and telecoms...
Comments (0)
Securing Your Business Email Archive
October 26, 2010 Added by:Simon Heron
Email archiving is compulsory for some businesses, that have to keep old emails for compliance reasons, but all businesses should have an archiving system which makes correspondence quick and easy to find and that keeps business and personal data secure...
Comments (0)
Check Your Database Configurations
September 23, 2010 Added by:Application Security, Inc.
There are a myriad of Database Management System configuration options - many related to performance and enhanced feature sets. Having the correct configuration settings could determine whether your critical business information is secure or whether it could be compromised...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)