Blog Posts Tagged with "Data Loss Prevention"


Why Data Security and Enterprise Risk Management are Important

August 28, 2012 Added by:Christopher Rodgers

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...

Comments  (0)


Understanding Your BYOD Policy

August 28, 2012 Added by:Robert Siciliano

If you choose to use your personal device for work, then your employer will more than likely want control over that device. This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data...

Comments  (0)


Threat Intelligence: Plenty Out There, But Are You an Analyst?

August 27, 2012 Added by:Infosec Island Admin

As the complexity of attacks grow at a rate outstripping the pace of Moores Law, defenders have to take up a more nuanced approach to protecting their environments. Reliance on technical solutions alone is not tenable, you have to look at the creature behind the keyboard to get a better picture of the attack...

Comments  (1)


Which Application Testing is Right for Your Organization?

August 23, 2012 Added by:Brent Huston

Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...

Comments  (0)


The Data Compromise Evolutionary Clock Is Ticking

August 22, 2012 Added by:Kelly Colgan

The digitization of medical records may make folks queasy, but it is also efficient, offering an opportunity to save both money and lives. It is in fact inevitable. Unfortunately, so are data breaches and the identity compromises that follow. We need to be deadly serious because lives are at literally at stake...

Comments  (0)


Relating Responsibility and Liability: At the Core of BYOD

August 15, 2012 Added by:Rafal Los

Does it make sense to repurpose "security awareness" to be inclusive of corporate and personal responsibility? Should we have users sign agreements that make them aware they are responsible, personally, when bad things happen as a result of their actions? Should there be HR actions against users who are reckless?

Comments  (0)


Not Providing Education is the Dumbest Idea for Infosec

August 14, 2012 Added by:Rebecca Herold

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. Bottom line for all organizations: Humans have always been and will always be the weakest link in security...

Comments  (0)


Why Effective Awareness Training Matters

August 12, 2012 Added by:Brent Hutfless

Training and education are key elements to securing data. The advances in detection and monitoring solutions have placed more capable tools in the security professional’s toolbox, but APT attacks have grown in sophistication and perseverance – often leading to successful attacks and subsequent data loss...

Comments  (2)


The Weakest Link in the Security Chain: Is it in Your Controls?

August 11, 2012 Added by:Tripwire Inc

Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...

Comments  (0)


Get a BYOD Policy Now

August 09, 2012 Added by:Michelle Drolet

There’s no one-size-fits-all solution. In creating a policy you have to consider what devices to support, how much access to give them, and what kind of budget to allocate. Do you have specific compliance issues? Are you willing to subsidize data plans or device purchases? How do you ensure company data is secure?

Comments  (0)


Mobile Security Experts on BYOD

August 08, 2012 Added by:Fergal Glynn

Devices aren’t the main problem in a BYOD strategy: employees are. That’s why BYOD is not just a technical issue. It needs a holistic approach that includes HR, data security and legal stakeholders. Organizations adopting a BYOD strategy should put in place a strategy that includes policies and technical constraints...

Comments  (0)


BYOD - Challenges of Protecting Data - Part 4

August 07, 2012 Added by:Rafal Los

When it comes down to it, BYOD is only possible if you've got the basics of data-centric security right. You know, protecting the actual data rather than trying to build elaborate structures around the things that work with that data in order to compensate. Let me explain...

Comments  (0)


Why Does Data Leak?

August 06, 2012 Added by:Danny Lieberman

Data is leaked or stolen because it has value. The financial impact of a breach is directly proportional to the value of the asset. The key attack vector for an event is people - often business partners working with inside employees. People handle electronic data and make mistakes or do not follow policies...

Comments  (0)


The Unbearable Riskiness of Being Social...

August 06, 2012 Added by:Neira Jones

With social networks transforming the rules of business engagement, many businesses think the biggest risk of social media is the brand and reputational damage that could result from negative interactions or the potential disclosure of proprietary or sensitive information...

Comments  (2)


BYOD: Challenges of Protecting Data - Part Three

August 06, 2012 Added by:Rafal Los

BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...

Comments  (0)


Ticking Time-Bombs: Production Data in Non-Production Systems

August 03, 2012 Added by:Rafal Los

While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked