Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business. Like anything good, there is always a negative…
According to Consumer Reports’ 2009 State of the Net Survey, cybercriminals have bilked $8 billion from consumers in the past two years, and McAfee warns consumers not to fall victim to the twelve most dangerous online scams that computer users face this holiday season.
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
Large enterprises rely on software products. And as everything else in large enterprises, the software products are large, complex, cumbersome and nearly unchangeable. This last attribute is better known as vendor lock-in. Software vendors love vendor lock-in.
Despite the fact that CDI has inherent weaknesses, as do all of the prior fraud prevention technologies, it is providing tremendous benefit to many companies, ranging from credit and loan issuers to social networking sites to online retailers. This is especially true when layering it with other effective technologies.
The number and types of external threats to a network are growing exponentially, and unless a company has a dedicated and highly specialized team devoted to network security, it’s hard to keep up with the rapidly changing threat landscape. After all, the threats of the Internet are the same for every company regardless of its size.
Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…Analyzing an incident when the manufacturer claims that it’s an operator error... more
Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to analyze windows event logs. But before you start going commercial, there is a tool that will get you going without any cost. Against all odds, it’s a tool made by Microsoft!
Ever forge your husband’s signature? Wife’s? Parent’s? Client’s? Do you think the clerk behind the counter at Walmart is skilled in handwriting analysis? The fact is, a handwritten signature provides zero proactive security. If someone signs your name to a check, and you call the bank and say it wasn’t you, they look at the signature and determine whether it’s yours or not. From there they assign liability. That’s dumb.
We are observing an incredible rise in cybercrime. New profiles of attackers arrived in the so-called hacking underground, and the hacking world – sometimes – is meeting with organized crime and State-sponsored attacks. The world is changing and, basically, the keyword is the information. In today’s world Information is the Power that’s the sole reason why all of this is happening.
Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date.Radisson Hotels & Resorts has posted an open letter to its guests, informing them... more
The fourth guide in our ‘Forgotten Security’ series, Forgotten Security: Keeping up to date, is targeted at IT teams, encouraging them to take another look at their procedures, ensuring that they cover both software and equipment. A fully updated system is protected against the latest threats.
The 2009 ITRC Breach Report had captured numerous healthcare data breaches since the September 23rd effective date for the HITECH Act. So, I’m perplexed as to why there aren’t any data breaches over 500 individuals yet listed by HHS. Surprisingly, there is nothing there.
Symantec isn’t the only company to forecast improved enterprise IT spending based on quarterly results in the past few weeks; executives at EMC, IBM, and Intel all spoke positively about IT budgets rebounding in the coming months.
In terms of speed, Retina performed much faster. In terms of scan depth, Nessus has a small advantage, since it includes a web mirroring tool that is very helpful in HTTP. In a direct comparison, Nessus wins simply because Retina manifested erroneous results on repeat scans.
Criminals set up fake websites and then go through the same process legitimate eTailers do in regards to search engine optimization, search engine marketing and online advertising via adwords. They use key words to boost their rankings on Internet searches to show up along side legitimate sites. These same processes are also being used to infect unsuspecting users with malware. Here are ten tips for secure online shopping.
A moral argument can be made that for any large organization to maintain wealth and power, competitive barriers must be erected to prevent young start-ups from moving in too quickly and eroding the margins. Some barriers such as price fixing or dumping goods below cost have been ruled illegal, but others have been encouraged due to their social benefits, and include trade secrets, copyrights, patents, and proprietary software and business processes. No such moral argument can apply to non-profits. A non-profit is supposed to be driven solely by its mission.
Hackers are spreading their operational bases further around the world, according to threat analysis from managed security firm, Network Box. Not only should we all be wary about what links we click on in emails, social networking sites and IM, but we should examine what data we put online.
In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information. In May, a hacker stole more than 500,000 patient records from a state-run database that tracks drug prescriptions in Virginia — and then demanded a ransom to return the information.In recent years, the number of reported data breaches at healthcare organizations has... more
