The seeming inconsistency between the perception of being immune from data breach risks with the rapid growth in data breach incidents, led us to think about whether organizations can actually quantify their level of breach risk. We were somewhat surprised that there is not much available to organizations to help them in scoring their vulnerability.The seeming inconsistency between the perception of being immune from data breach... more
As part of their storage security strategy, enterprises must understand the value of such intellectual property in combination with the risk tolerance of the organization before they can address how to appropriately secure it and store it. Moreover, because the value of information changes over its lifetime, so should its storage.As part of their storage security strategy, enterprises must understand the value of... more
SecurityBinge – a team composed of Chris Martin aka pr4ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hacker’s perspective. Tim and Stefan, the show’s co-hosts, have years of experience both in corporate and hacker circles.SecurityBinge – a team composed of Chris Martin aka pr4ch, Tim Elrod aka ri0t, and... more
Today, most of our contracts are jurisdiction-based and mostly relate to the location of data. With cloud computing, this is something which can’t be defined. Until laws evolve to accommodate these technological issues in contractual terms, large corporations will find it difficult to migrate quickly to clouds.Today, most of our contracts are jurisdiction-based and mostly relate to the location... more
If you listen to the hype, social media is the answer to all that ails you and your company…if only we could figure out how it all works. Given the omnipresence of social media these days, surely there’s something to it, right?If you listen to the hype, social media is the answer to all that ails you and your... more
Web 2.0 evangelist Stowe Boyd shares his views on the myths, realities and future of web 2.0 and enterprise: Crowd sourcing innovation - drawing on the smarts distributed across the company and outside in the user community - is another big bang that companies need to be exploring.Web 2.0 evangelist Stowe Boyd shares his views on the myths, realities and future of... more
Here is a scam that is particularly difficult threat to spot. Note the use of a Hallmark email address, Hallmark Logo and the template that was probably lifted from an authentic e-card. What’s the dead give-away that this is scam? Note the fact that the link has an “.exe” which is an “execute” command that will probably run some kind of nasty malware.Here is a scam that is particularly difficult threat to spot. Note the use of a... more
One of the penalties of having a well published email address is that I receive dozens of phishing emails, scam letters, and other nefarious material en masse daily. Most of these are the typical inheritance, lottery, and sweepstakes scams - but then there are the ones that at first glance may seem legitimate. Take for instance the following email I received over the holiday weekend...One of the penalties of having a well published email address is that I receive dozens... more
It is possible that, if such policies exist and were created specifically for HIPAA compliance, your organization is viewing this policy noncompliance as being a HIPAA infraction because of the HIPAA requirements to have security/privacy policies and enforce them.It is possible that, if such policies exist and were created specifically for HIPAA... more
This is the first part of my Black Hat interview with Andrew D. Hayter, Anti-Malcode Program Manager for ICSA Labs. In this installment, Mr. Hayter highlights the challenges businesses face in mitigating malware-related risks.This is the first part of my Black Hat interview with Andrew D. Hayter, Anti-Malcode... more
ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at Heartland” by Bob Carr, CEO of Heartland Payment Systems; Carnegie Mellon University Software Engineering Institute Insider Threat Workshop; U.S. Department of Homeland Security Critical Infrastructure and Key Resources; ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project; IT Sector Coordinating Council Protective Programs and Research and Development (PPRD)…ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at... more
Greg Schaffer, Assistant Secretary for CyberSecurity & Communications for the US Department of Homeland Security, sees Trusted Internet Connections, EINSTEIN, and front line defense of the nation’s networks as top cybersecurity priorities for the department.Greg Schaffer, Assistant Secretary for CyberSecurity & Communications for the US... more
Here we focus on methods which are developed and learned based our organizational and individual philosophy, and how that philosophy is emboldened by strong character leadership, which in turn influences our perception and understanding of the climate on the ground, and directly affects the decisions and actions we take in a given situation.Here we focus on methods which are developed and learned based our organizational and... more
QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to adjust their mindset when auditing virtualized card processing infrastructure…QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to... more
Any organization should have a simple and brief procedure to treat information carriers for systems that are to be discarded. All that hardware contains a lot of confidential information, and it is essential that such data is properly erased so it cannot be recovered. Here is a brief summary of the crucial information disposal procedure elements.Any organization should have a simple and brief procedure to treat information... more
With the perspective of six years of data breaches, the rise of cyber crime, phishing, identity theft, and information warfare - it seems laughable that the big issue of employees bringing malware infested laptops into the office spawned so many companies.With the perspective of six years of data breaches, the rise of cyber crime, phishing,... more
Safety online is a controversial issue, one that is debated to death with little results that the average person can use without an advanced IT qualification. Here are my four simple rules for improving internet safety:Safety online is a controversial issue, one that is debated to death with little... more
Currently, people rely on obscurity to keep their data safe. But with progressively more intelligent search engines available that can churn through vast amounts of data and make sense of it – even your email – security is something that needs to be addressed.Currently, people rely on obscurity to keep their data safe. But with progressively... more
In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information. In May, a hacker stole more than 500,000 patient records from a state-run database that tracks drug prescriptions in Virginia — and then demanded a ransom to return the information.In recent years, the number of reported data breaches at healthcare organizations has... more
Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date.Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a... more
