The Internet Security Alliance presented Melissa Hathaway with its annual award for vision in cyber security Tuesday during an event at the National Press Club. Hathaway, the Obama Administration’s former acting cyber security chief, received the McCurdy Award on the one-year anniversary of when she began her 60-day review of the government’s cyber security program. ISA believes that Hathaway’s work, if implemented, would result in the establishment of a modern partnership between the public and private sectors, which is necessary for an effective and sustainable system of cyber security.
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
According to Peter Greenberg, the author of CRM at the Speed of Light, social CRM is a philosophy and a business strategy, supported by a technology platform and designed to engage a customer in a collaborative conversation in order to provide mutually beneficial value in a trusted and transparent business environment…
Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are.
Large enterprises rely on software products. And as everything else in large enterprises, the software products are large, complex, cumbersome and nearly unchangeable. This last attribute is better known as vendor lock-in. Software vendors love vendor lock-in.
The recession has lessened and all that cash your Company has been hoarding for the rainy days of the Obama years is burning a whole in your CEO’s pocket. He has his powder dry and is ready to make a big bang by going on a buying spree, targeting overseas entities, to beat the competition in coming out of your industry’s downturn. An initial inquiry should be made into the ownership structure of the target company. If any portion of the entity is owned or held by a government or governmental entity then such an entity is covered under the FCPA as a foreign governmental instrumentality…
In the online world where personal information in extremely large volumes is merchandise for organized crime, where law enforcement is more focused on building war-rooms and appointing cyber security tzars, and where everyone leaves a digital footprint, cyber vigilantes have become something like worshiped heroes…
The detailed reasons why people fail at DLP implementations merits a separate post – but it’s a lot like why over 50% of the content management implementation from vendors never made it to production in the 90s – the root cause was that there was no real business case for the technology. Unlike business processes – data risk cannot be outsourced.
WireHead SecurityTM, an information security services firm providing customers with solutions to strengthen internal security and risk management, today announced a partnership agreement with the North Carolina Independent Colleges and Universities (NCICU), under which member institutions can take advantage of discounted service pricing. NCICU is comprised of North Carolina’s 36 private, non-profit liberal arts, comprehensive, and research colleges and universities accredited by the Southern Association of Colleges and Schools.
Fraud as a service or FaaS for the acronym collectors, has been a topic of concern for security professionals since 2008. Gone are the days where the primary theft is being perpetrated by the sociopath lone-wolf in the basement. The major player is now organized crime, responsible for 70 percent of online fraud and billions in ill-gotten gains…
Scammers will say and do anything to get a person to part with their money. At first they had a sob story that sounded like a legitimate issue, new housing, can’t have a pet. When posted in a classified ad, it looks legitimate. Then they involved a “shipping company” that was a front for the scam. Once the victims were asked to send money via Western Union, that should have been a red-flag.
There needs to be a change to email security if we want to stop seeing high profile security breeches such as the ones that hit Hotmail and Google in 2009, and the America law firm Gipson Hoffman & Pancione more recently. The problem is, most email filtering systems will trust the email address and therefore allow it through.
Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
Are you embracing the collaboration phenomenon that has been storming, complete with thunder, lightning and rain over the past few years? Or have you been hiding under an umbrella to avoid this social media storm? Yes, we are all interconnected, whether we want to be, are expected to be, or prefer not to be. We are, as they say in poker, all in, as collaboration is here to stay ― and it’s driven by technology…
Despite the fact that CDI has inherent weaknesses, as do all of the prior fraud prevention technologies, it is providing tremendous benefit to many companies, ranging from credit and loan issuers to social networking sites to online retailers. This is especially true when layering it with other effective technologies.
The number and types of external threats to a network are growing exponentially, and unless a company has a dedicated and highly specialized team devoted to network security, it’s hard to keep up with the rapidly changing threat landscape. After all, the threats of the Internet are the same for every company regardless of its size.
We are observing an incredible rise in cybercrime. New profiles of attackers arrived in the so-called hacking underground, and the hacking world – sometimes – is meeting with organized crime and State-sponsored attacks. The world is changing and, basically, the keyword is the information. In today’s world Information is the Power that’s the sole reason why all of this is happening.
Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business. Like anything good, there is always a negative…
Conducting effective training programs is listed in the 2005 Federal Sentencing Guidelines as one of the factors the Department of Justice will take into account when a company, accused of an Federal Corrupt Practices Act violation, is being evaluated for a sentence reduction. But what is an effective training program?
It came as a surprise to me when I went to log into my FriendFeed account to make an adjustment and I discovered I was logged into someone-else’s account. I had FULL access. I was able to access the full dashboard and change the picture, email associated and add or delete feeds. My first thoughts were that I have spyware and someone is able to remotely access my machine and use it as their own. I did a full system scan and there is nothing on my machine. There is no other strange activity going on so I’ve narrowed the issue down to this one account…
