Blog Posts Tagged with "Danny Lieberman"

7fef78c47060974e0b8392e305f0daf0

The Threat Is Real and Must Be Stopped: Clarifications And Rebuttal by an INFOSEC Professional DRAFT II

October 22, 2012 Added by:Infosec Island Admin

So far though Senator Lieberman I have only seen gross generalities out of you and others about how dire things are and how scared we all should be. Your hue and cry ultimately lacks any hard evidence for any of us to stand behind as that the issue is real and it is so prescient that action must be taken post haste...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Applications vs. the Web: Enemy or Friend?

March 16, 2012 Added by:Danny Lieberman

A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Log Management: Debugging Security

February 18, 2012 Added by:Danny Lieberman

Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Why Data Leaks

February 13, 2012 Added by:Danny Lieberman

The main reason is people. People handle electronic data and make mistakes or do not follow policies. People are increasing conscious that information has value – all information has some value to someone and that someone may be willing to pay...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Why Data Security Regulation is Bad

February 11, 2012 Added by:Danny Lieberman

The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Insecurity by Way of Compliance

February 08, 2012 Added by:Danny Lieberman

The US leads in data security breaches while the EU leads in data security. The EU has strong, uniform data security regulation, whereas the US has a quilt-work of hundreds of security directives where each agency has it’s own system for data security compliance...

Comments  (2)

959779642e6e758563e80b5d83150a9f

The Valley of Death Between IT and Security

February 03, 2012 Added by:Danny Lieberman

Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?

Comments  (0)

959779642e6e758563e80b5d83150a9f

Enterprise Disaster Recovery Planning

February 02, 2012 Added by:Danny Lieberman

DR planning is not about writing a procedure, getting people to sign up and then filing it away somewhere. The disaster recovery plan is designed to assist companies in responding quickly and effectively to a disaster in a local office and restore business as quickly as possible...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Best Ways for Businesses to Prevent Data Breaches

February 01, 2012 Added by:Danny Lieberman

Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Compliance and Security Trends

January 29, 2012 Added by:Danny Lieberman

Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Security is in the Cracks

January 26, 2012 Added by:Danny Lieberman

In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Death of Antivirus Software

January 23, 2012 Added by:Danny Lieberman

Who needs an anti-virus? If I have a solid operating system like Ubuntu 11.10, IP tables, good control of the services on my notebook and practice safe email, why should I add additional layers of content security and feed the Symantec stock price?

Comments  (12)

959779642e6e758563e80b5d83150a9f

Healthcare Data Interoperability Pain

January 18, 2012 Added by:Danny Lieberman

Imagine vendor-neutral, standard middleware for EHR applications that would expose data for patients and doctors using an encrypted Atom protocol – very simple, very easy to implement, easy to secure and with very clear privacy boundaries...

Comments  (0)

Page « < 1 - 2 > »