Blog Posts Tagged with "Data Classification"

94ae16c30d35ee7345f3235dfb11113c

OPSEC: Is the Juice Worth the Squeeze?

September 06, 2012 Added by:Joel Harding

In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?

Comments  (0)

82ac4cd789b46af43c0cde730625317e

Why Data Security and Enterprise Risk Management are Important

August 28, 2012 Added by:Christopher Rodgers

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

BYOD: Challenges of Protecting Data - Part Three

August 06, 2012 Added by:Rafal Los

BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

BYOD: Challenges of Protecting Data - Part One

July 30, 2012 Added by:Rafal Los

Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

Another Angle on Big Data

July 22, 2012 Added by:Tripwire Inc

Today, we don’t have the concept of “knowledge security,” but should we begin considering that moving forward? Given that we are moving, quite quickly, into a knowledge-based orientation, what are the implications for “information security?” Are there any? Does this perspective even matter?

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Ensuring Data Integrity via Checks, Tests, and Best Practices

June 04, 2012 Added by:Fergal Glynn

As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...

Comments  (0)

F2792196079f2c16cd02be6e9ff5b3da

Why Do You Need Privileged Identity Management?

April 30, 2012 Added by:DHANANJAY ROKDE

Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Fort Knox Approach to Security

April 23, 2012 Added by:PCI Guru

Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...

Comments  (0)

82ac4cd789b46af43c0cde730625317e

Data Classification: Why it is Important for Information Security

April 02, 2012 Added by:Christopher Rodgers

Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)

959779642e6e758563e80b5d83150a9f

Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Ten Steps to Protect Your Organization's Data

January 13, 2012 Added by:Danny Lieberman

Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Skype in the Enterprise: Is Your Security Program Ready to Chat?

November 27, 2011 Added by:Brandon Knight

Beside the fact that it's possible to have a bit more confidence in how Skype traffic is encrypted, is there enough information now to make a fully-formed risk decision on whether or not to use Skype? It's useful to step back and evaluate the fuller picture in the context of your existing operations...

Comments  (0)

07c90faf3632560a12dd6e98069813f2

Avoid Becoming a Security Statistic

October 12, 2011 Added by:Konrad Fellmann

Some organizations hoard data, but have no idea why. A business owner needs to figure out why the data needs to be kept, who will use the data, and how long it needs to be kept for business, legal or contractual reasons. Once defined, IT can implement proper controls to protect the data...

Comments  (0)

7c5c876d1933023ac375eead04302e1a

You Can't Buy DLP

June 13, 2011 Added by:Boris Sverdlik

To implement a data loss solution, you must take a holistic approach to identify the problem, threat vectors and vulnerabilities. You must understand where your sensitive data lives within your organization. This can’t be done with a tool, regardless of how good they claim it is...

Comments  (3)

67a9d83011f3fbb2cf8503aff453cc24

To DLP or not to DLP - Data Leakage/Loss Prevention

January 19, 2011 Added by:kapil assudani

DLP solutions address only a subset of data leakage issues and only help enforce “acceptable use” policies and processes with a number of limitations. They do not prevent information security related data leakage issues like external malicious attackers...

Comments  (2)

Page « < 1 - 2 > »