Blog Posts Tagged with "DLP"
Beyond the Firewall – Data Loss Prevention
April 06, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
Comments (0)
The Security Impact of Putting it in the Cloud
February 20, 2012 Added by:Robb Reck
nd. Information security must not be the roadblock that prevents the adoption of such technology. By thinking ahead about the kinds of risks that outsourcing our systems will involve, we can be ready to quickly and securely lead our organization into the cloud...
Comments (3)
Data at Rest: Dormant But Dangerous
February 11, 2012 Added by:Simon Heron
Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...
Comments (0)
Four Keys for Intellectual Property Protection
February 08, 2012 Added by:Jason Clark
Intellectual property includes product designs, secret formulas, and other trade knowledge. It's what organized cybercrime, state governments and hackers are all going after. Why? Mostly because of the value. One stolen manufacturing process can be worth millions...
Comments (1)
Data Loss Prevention Step 6: Encrypting Data at Rest
February 07, 2012 Added by:Rafal Los
Even if you did know where all your critical information is, you'd probably be powerless to control its sprawl. Let's face it, systems consume data and then become mobile - which is hardly something you can do anything about in a world where mobility is a key business driver...
Comments (2)
Email Intrusions Facilitate Wire Transfers Overseas
January 30, 2012 Added by:Headlines
The FBI has observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions...
Comments (0)
Data Loss Prevention Step 5: Disable Access to Cloud Storage Services
January 17, 2012 Added by:Rafal Los
This is part 5 in a series, and it's about pulling your data away from the clutches of the cloud. It's not all as crazy as that sounds though, because the cloud has real benefits, but it has to be approached with sanity rather than as the ostrich approaches the sandstorm...
Comments (0)
Data Loss Prevention Step 4: Prevent Network Cross-Connect
January 12, 2012 Added by:Rafal Los
Preventing network cross-connect used to be simple as making sure your VPN client wasn't able to perform split-tunneling so malware couldn't bounce to your corporate office. If your corporate office is virtual all that stopped mattering...
Comments (0)
Data Loss Prevention - Step 3: Engage Physical Security
December 20, 2011 Added by:Rafal Los
While often missed, this component of security is one of the most critical when it comes to understanding, and fighting the loss of data in your organization in a very real, tangible way. There are three types of threats you want to be aware of from the physical perspective...
Comments (0)
Data Loss Prevention: Step 2 - Manage Privileges
December 14, 2011 Added by:Rafal Los
Getting back to basics is critical, and one of the most basic of basics is managing the rights to your data, your systems, and your critical operations. Let's take a critical, step-by-step look at how managing privileges can greatly decrease your likelihood of leaking data...
Comments (0)
Data Loss Prevention - Step 1: Know What's Important
December 13, 2011 Added by:Rafal Los
It's important to understand what your company does and then figure out what the critical bits are. Sometimes it's your customer lists, or a secret ultra-high efficiency engine design, or the next big thing in stealth bombers. The point is that you simply need to know your business...
Comments (0)
Data Loss Prevention - Without the New Blinky Boxes
December 08, 2011 Added by:Rafal Los
The glut of blinking lights and devices that require time and effort to manage has gotten out of control... or so I'm being told. I've not manged a security team in 4 years now, but even back then the glut of boxes, products and solutions was becoming too much to bear. I can only imagine it now...
Comments (1)
Data Loss Prevention – Technology is Just the Start
October 12, 2011 Added by:Simon Heron
The trouble is that technology is just one element of the solution. There is little doubt that while DLP software and devices can help, there is no single solution that can encompass all aspects of DLP, as different types of data have different threats and hence need different controls...
Comments (1)
Why Less Log Data is Better
October 06, 2011 Added by:Danny Lieberman
One of the crucial phases in estimating operational risk is data collection: understanding what threats, vulnerabilities you have and understanding not only what assets you have (digital, human, physical, reputational) but also how much they’re worth in dollars...
Comments (1)
The Twenty Controls That Aren't
October 05, 2011 Added by:Infosec Island Admin
"Controls" advocate practices that simply cannot be met by the average small firm. DLP for everybody? A well-trained security staff that is expert in secure network engineering? If nothing else, this list should encourage small firms to simply outsource everything, even if it costs more...
Comments (0)
Security Trends: Which to Avoid and Which to Embrace
September 30, 2011 Added by:Ken Stasiak
With Enterprise Risk Management (ERM) comes a comprehensive risk assessment equation and process. Defining one process that can be used and incorporated into the entire organization will allow for conformity, efficiency, and effective alignment between departments...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR