tagged w/ IT
-
If the form is “neutral,” is that good enough for you or are you more interested in using a document that provides your company with as much protection as possible? Do you have the experience to know whether the form agreement is missing any key elements?If the form is “neutral,” is that good enough for you or are you more... more
-
-
Compounding the problem for the consultant CISO in the shorter term is that budgets are under downward pressure while the risk of fraud, insider theft and 3rd party exposure is going up. Longer term the financial crisis has forced firms to re-focus on systemic risk resulting in a revival of top-down Enterprise Risk Management efforts.Compounding the problem for the consultant CISO in the shorter term is that budgets... more
-
-
In reality, the computer forensics job is a standard process and every one of us does parts of the process when we debug our computers. Here is a simple tutorial on what is involved in performing more thorough computer forensics.In reality, the computer forensics job is a standard process and every one of us does... more
-
-
A chant at a football game can embroil everyone at the event but it too dies out. While it may be possible to get someone to donate their computer to an attack they soon tire of their own machine being slowed by the activity. And thus DDoS attacks promulgated through Twitter, while devastating in the short term are indeed short lived.A chant at a football game can embroil everyone at the event but it too dies out.... more
-
-
From an IT Operations perspective it would seem there is a pretty powerful argument to virtualize and distribute applications like this rather than have to install and maintain them on every users PC or laptop.From an IT Operations perspective it would seem there is a pretty powerful argument to... more
-
-
The study opines that a 10-point drop in piracy in Asia-Pacific alone would generate $135 billion worth of additional economic growth and create approximately 2 million new jobs.The study opines that a 10-point drop in piracy in Asia-Pacific alone would generate... more
-
-
There is a threat difficult to quantify or even detect, one that has not yet grabbed the headlines or captured the imagination, and yet is relentlessly and efficiently looting, pillaging and plundering the U.S. and global economies of their magic ingredient — trade secrets.There is a threat difficult to quantify or even detect, one that has not yet grabbed... more
-
-
Listen to the podcast as Steven asks me about “Knowing thy enemy”, “lessons learned”, “crowd sourcing attacks”, “understanding environmental and cultural context”, “Iranian cyber war”, and “political goals”.Listen to the podcast as Steven asks me about “Knowing thy enemy”,... more
-
-
There are products out there claiming to be “Enterprise Solutions” that only support a single mobile operating system, or, worse yet, a single version of a single operating system. While these products may do an admirable job managing the subset of devices that run that OS, what about the rest?There are products out there claiming to be “Enterprise Solutions” that... more
-
-
“Monday’s successful test involved Zones 1, 2, 3 and 4,” detailed Steven M. Elefant, Heartland’s executive director of end-to-end encryption. “We believe that protecting data in these zones alone will significantly impact the protection of cardholder data.“Monday’s successful test involved Zones 1, 2, 3 and 4,” detailed... more
-
-
It will be no small task in terms of cost and effort for many of the impacted companies to make the transition from self-assessment to onsite 3rd party assessment. However, there are ways to lessen the burden and actually drive business-value from the engagement.It will be no small task in terms of cost and effort for many of the impacted... more
-
-
If the auditor observes that no one is showing up to the change management meetings, authorizations are rubber stamped without any real evaluation, unauthorized changes and unplanned outages are occurring regularly, then she will likely flag this as a potential high risk area.If the auditor observes that no one is showing up to the change management meetings,... more
-
-
The CIO is a “General”. Generals are not concerned with how the weapons function or how the rank-and-file are performing. This is the job of the lieutenants. The General focuses on the strategic application of resources on the battlefield.The CIO is a “General”. Generals are not concerned with how the weapons... more
-
-
It is important to realize that insider threats are not just a people problem, but a technical problem as well. There are certain controls and best practices that you can follow to help identify and address threats and minimize your organizations risk.It is important to realize that insider threats are not just a people problem, but a... more
-
-
Due Diligence can be categorized as a fraud management tool, an information gathering exercise or just a shield that will provide some value in case something goes wrong. It is important to undertake a DD for all transaction irrespective of the value. You cannot evaluate it in terms of ROI. Consider it as a cost just like a premium paid for insurance.Due Diligence can be categorized as a fraud management tool, an information gathering... more
-
-
New Facebook blog: "We can hack into your profile"; Hacked high-profile Twitter accounts still spreading malicious links; Spam, Phishing, and Malicious Code Related to Recent Celebrity Deaths; Exploits of unpatched Windows bug will jump, says Symantec; Mozilla tackles XSS vulnerabilities with new technology; Red Condor’s Spam Trip Wire detects new virus; Adobe Releases Update for Shockwave Player; Gates Creates Cyber-Defense Command; Google clamps down on ‘malvertising’...New Facebook blog: "We can hack into your profile"; Hacked high-profile... more
-
-
There is a surfeit of Information today, and although we have come up with ways and means to store them for eternity, we are still not able to ensure their security. Information is valuable only as long as it remains protected, and once in the hands of people who are likely to misuse it, it turns into a recipe for disaster.There is a surfeit of Information today, and although we have come up with ways and... more
-
-
From an “all hazards” approach, we worry about the overall architecture of the system. If there were a major incident in one facility, will we and our customers have what they need to survive a major hit?From an “all hazards” approach, we worry about the overall architecture of... more
-
-
Why do nation states engage in economic espionage and intellectual property theft? Primarily, to acquire technology to advance a military program, or to advance the economic competitiveness of the nation’s industrial base, or simply to ensure that the major companies and contributors to the nation’s GDP continue to make that contribution.Why do nation states engage in economic espionage and intellectual property theft?... more
-
-
Anyone in the security field will tell you that information security is affected and addressed at multiple layers within a solution. As part of the evaluation process for an enterprise business solution, particularly one that enables the transport of potentially sensitive data outside the corporate network, a risk analysis should be conducted.Anyone in the security field will tell you that information security is affected and... more
-
