Blog Posts Tagged with "Data Loss Prevention"
June 11, 2012 Added by:Danny Lieberman
The short answer is that you should not store PHI (protected health information) on Dropbox since they share data with third party applications and service providers - but the real reason is you should not use Dropbox for sharing information with patients is simply that it is not private by design...
June 09, 2012 Added by:Jason Clark
The LinkedIn breach made headlines, but I want to go deeper and provide practical advice for organizations on how they can anticipate DLP consequences and tighten network security. You need a strategy to protect against attack scenarios. Here’s a seven-step check list for mitigating your risk...
June 08, 2012 Added by:Stacey Holleran
The traditional password must die. The whole concept is fatally flawed. The sheer volume of attacks should be a wake-up call to anyone utilizing a password (pretty much everyone). Now is the time to practice vigilance and to secure systems, accounts and security applications such as firewalls with Passphrases...
June 06, 2012 Added by:Danny Lieberman
When we share medical information with our healthcare provider, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly – as consumers of healthcare services, it’s impossible for us to audit the effectiveness of their security portfolio...
June 05, 2012 Added by:Jayson Wylie
Technology staff, on occasion, have had an all-access pass to all data on Window’s networks. This creates an environment where the support staff has exposure in having access to sensitive and confidential stuff stored in the most private parts of the organization’s data stores...
June 04, 2012 Added by:Dave Shackleford
Overall, here’s the rub: There are almost no security absolutes. Aside from some obvious things like bad coding techniques, the use of WEP, hiring Ligatt Security to protect you, etc... Everything else is in information security the gray area...
May 31, 2012 Added by:Danny Lieberman
In a complex healthcare organization, large scale security awareness training is a hopeless waste of resources considering the increasing number of options that people have (Facebook, smartphones..) to cause damage to the business. Security awareness will lose every time it comes up against an iPad or Facebook...
May 28, 2012 Added by:Marc Quibell
Opportunists are using an alarmists strategy, bolstered by bloated opinions, to get you to buy their stuff. IT Sec businesses and vendors are not objective sources for security trends, threats and/or events. They are advertisements...
May 23, 2012 Added by:PCI Guru
In a true war, we would be investing in creating an offensive capability to go into cyber-battle with the enemy. And while there are discussions about having offensive capabilities, security professionals are still in a defensive posture protecting the organization...
May 23, 2012 Added by:Danny Lieberman
If you are a HIPAA covered entity, securing patient data is central to your business. If you are a big organization, you probably don’t need my advice. If you are small to mid-size provider without a large budget, the question is “How can I do this for as little money as possible?”
May 22, 2012 Added by:Fergal Glynn
Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...
May 17, 2012 Added by:Stacey Holleran
Many small merchants—whether selling online or brick-and-mortar, or both—don’t have the technological background to understand the steps necessary for protecting the cardholder information and other sensitive data that passes through (and may be stored in) their business systems...
May 16, 2012 Added by:Phil Klassen
When you own something, especially a mobile device, there is a sense of entitlement that the individual has. So it's critical that you establish the fact that using a personal device to do company business is a privilege, not a right, and that privilege can be taken away...
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
May 10, 2012 Added by:Marc Quibell
Here's the problem - too many people have too much information about you, stored in or on who-knows-what, and who-knows-where. The risks of having your identity stolen and used are astronomical. All it requires is someone on the receiving end putting it all together...
May 10, 2012 Added by:Rafal Los
Once you get over the anxiety of logging, a wave of elation generally hits. Whether you're getting excited about being able to catch evil-doers in the act, or the capability to notice system failures before they happen logging can save your skin more than you'd think...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015