December 05, 2014 Added by:Paul Lipman
The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...
December 04, 2014 Added by:Thu Pham
The average total cost of a data breach increased 15 percent in 2014 to $3.5 million, this according to the Ponemon Institute’s 2014 Cost of Data Breach Study: Global Analysis. But how does that average vary from industry to industry, each with different types of consumer information and different data regulations?
December 03, 2014 Added by:Steve Durbin
Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...
November 26, 2014 Added by:Steve Martino
While data must be protected, not all data is of equal importance and therefore not in need of the same level of protection. Security teams should consider the types of data that exist within their organizations and what security measures will work best for each.
November 11, 2014 Added by:Patrick Oliver Graf
In today’s business environment, the list of overlooked network security threats is endless. Information security professionals are modern-day gladiators, tasked with defending corporate data and networks against both known and unknown threats, but no matter how skilled they are, there will always be new threats to their networks.
November 05, 2014 Added by:Steve Durbin
Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.
September 10, 2014 Added by:Patrick Oliver Graf
The concept of "Bring Your Own Device" seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they're probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees g...
July 17, 2014 Added by:Neohapsis
Without full disk encryption (like BitLocker), sensitive system files will always be available to an attacker, and credentials can be compromised.
July 14, 2014 Added by:Patrick Oliver Graf
Together, the high-profile hacking of the Houston Astros and Butler University show why it’s important for every organization to think like an enterprise in constructing a network security plan.
May 21, 2014 Added by:PCI Guru
In the past, organizations would rely on their database and file schemas along with their data flow diagrams and the project was done. However, the Council has come back and clarified that the search for cardholder data (CHD), primarily the primary account number (PAN).
April 23, 2014 Added by:Tripwire Inc
Know what you have, know how it’s vulnerable, configure it securely, and continuously monitor it to ensure it isn’t compromised and remains secure.
February 27, 2014 Added by:Simon Moffatt
The internal 'trusted' network no longer exists. Employees often pose the biggest threat to information assets, even though they are trusted with legitimate accounts on protected internal machines. Zero Trust is a recent security approach that looks to move away from network segmentation and focus more on data and resources and who can access them, when and from where.
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015