Blog Posts Tagged with "Data Loss Prevention"
Why Security Through Obscurity Still Does Not Work
May 15, 2012 Added by:Rebecca Herold
I know from my years as a systems analyst and maintaining a large change control system that it is easy for mistakes to occur within the network security architecture, and that there will always be some humans involved who are tempted to bypass important security controls...
Comments (0)
Where is My Information?!?!
May 11, 2012 Added by:Marc Quibell
Here's the problem - too many people have too much information about you, stored in or on who-knows-what, and who-knows-where. The risks of having your identity stolen and used are astronomical. All it requires is someone on the receiving end putting it all together...
Comments (0)
Logging: Opening Pandora's Box - Part 2 - Elation
May 11, 2012 Added by:Rafal Los
Once you get over the anxiety of logging, a wave of elation generally hits. Whether you're getting excited about being able to catch evil-doers in the act, or the capability to notice system failures before they happen logging can save your skin more than you'd think...
Comments (0)
Healthcare Data and the (Private) Social Network
May 10, 2012 Added by:Danny Lieberman
Previously, we talked about the roles that trust, security and privacy play in online healthcare interactions. In this post we look at privacy challenges in social networks and describes how you can implement a private healthcare social network for without government regulation...
Comments (0)
Logging: Opening Pandora's Box - Part 1 - Anxiety
May 10, 2012 Added by:Rafal Los
You're probably worried that log analysis is going to consume all of your time, or you'll find out that your organization has been pwn3d for years and all your data has been exfiltrated in real-time and your latest database is being copied off to China... aren't you?
Comments (0)
The CERT Guide to Insider Threats
May 07, 2012 Added by:Ben Rothke
While there are many books on important security topics such as firewalls, encryption, identity management and more, The CERT Guide to Insider Threats is the one of the first to formally tackle the devastating problem of trusted insiders who misappropriate data...
Comments (0)
Healthcare Data: I Trust You to Keep this Private
May 04, 2012 Added by:Danny Lieberman
In this article, Danny Lieberman talks about the roles that trust, security and privacy play in online healthcare interactions. At the end of the article, he introduces the idea of private social networking for healthcare – leaving the piece open for a sequel...
Comments (0)
What Good is PCI-DSS?
May 03, 2012 Added by:david barton
Credit card processors have valuable information that bad guys would love to get their hands on. So processors are the Fort Knox of the modern world. When bad guys are motivated, no amount of security can keep them out. Does that mean PCI-DSS standards are worthless?
Comments (9)
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
From Fraud to Infosec and Vice Versa... Part 2
April 24, 2012 Added by:Neira Jones
In my previous post I summarized fraud and how it relates to infosec. Key enablers used to defraud victims of all types cut across the landscape and often overlap, posing further challenges for quantifying their impact, but the classifications are nonetheless helpful...
Comments (0)
The Fort Knox Approach to Security
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
Comments (0)
From Fraud to Infosec and Vice Versa... Part 1
April 19, 2012 Added by:Neira Jones
To all of you infosec professionals out there: one way to show you add value is get closer to your fraud colleagues and try to understand what their big ticket items are. You can even ask them the right questions as the big ticket items are more than likely those detailed here...
Comments (0)
The Security Poverty Line and Junk Food
April 17, 2012 Added by:Wendy Nather
Organizations below the security poverty line tend to be inordinately dependent on third parties and have less direct control over the security of the systems they use. They end up ceding risk decisions to third parties that they ideally should be making themselves...
Comments (2)
On Data Breach Containment
April 12, 2012 Added by:Rafal Los
You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...
Comments (0)
Encryption: Myths and Must Knows
April 12, 2012 Added by:Rebecca Herold
Small to medium sized businesses have legal obligations to protect sensitive information, such as personally identifiable information. Here are some of the common long-held myths related to encryption misconceptions...
Comments (0)
Beyond the Firewall – Data Loss Prevention
April 06, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR