Blog Posts Tagged with "Data Loss Prevention"
May 09, 2012 Added by:Danny Lieberman
Previously, we talked about the roles that trust, security and privacy play in online healthcare interactions. In this post we look at privacy challenges in social networks and describes how you can implement a private healthcare social network for without government regulation...
May 09, 2012 Added by:Rafal Los
You're probably worried that log analysis is going to consume all of your time, or you'll find out that your organization has been pwn3d for years and all your data has been exfiltrated in real-time and your latest database is being copied off to China... aren't you?
May 07, 2012 Added by:Ben Rothke
While there are many books on important security topics such as firewalls, encryption, identity management and more, The CERT Guide to Insider Threats is the one of the first to formally tackle the devastating problem of trusted insiders who misappropriate data...
May 03, 2012 Added by:Danny Lieberman
In this article, Danny Lieberman talks about the roles that trust, security and privacy play in online healthcare interactions. At the end of the article, he introduces the idea of private social networking for healthcare – leaving the piece open for a sequel...
May 02, 2012 Added by:david barton
Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
April 23, 2012 Added by:Neira Jones
In my previous post I summarized fraud and how it relates to infosec. Key enablers used to defraud victims of all types cut across the landscape and often overlap, posing further challenges for quantifying their impact, but the classifications are nonetheless helpful...
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
April 18, 2012 Added by:Neira Jones
To all of you infosec professionals out there: one way to show you add value is get closer to your fraud colleagues and try to understand what their big ticket items are. You can even ask them the right questions as the big ticket items are more than likely those detailed here...
April 16, 2012 Added by:Wendy Nather
Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...
April 12, 2012 Added by:Rafal Los
You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...
April 11, 2012 Added by:Rebecca Herold
Small to medium sized businesses have legal obligations to protect sensitive information, such as personally identifiable information. Here are some of the common long-held myths related to encryption misconceptions...
April 05, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
April 02, 2012 Added by:Christopher Rodgers
Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...
March 30, 2012 Added by:Richard Stiennon
Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?
March 27, 2012 Added by:Kevin Doel
A lost or stolen phone constitutes a serious security threat to the information on the device because the attacker has unlimited time to gain access to the secrets that are stored therein. Important personal information should not be stored in any unsecured note application...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015