The Internet Security Alliance presented Melissa Hathaway with its annual award for vision in cyber security Tuesday during an event at the National Press Club. Hathaway, the Obama Administration’s former acting cyber security chief, received the McCurdy Award on the one-year anniversary of when she began her 60-day review of the government’s cyber security program. ISA believes that Hathaway’s work, if implemented, would result in the establishment of a modern partnership between the public and private sectors, which is necessary for an effective and sustainable system of cyber security.
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
According to Peter Greenberg, the author of CRM at the Speed of Light, social CRM is a philosophy and a business strategy, supported by a technology platform and designed to engage a customer in a collaborative conversation in order to provide mutually beneficial value in a trusted and transparent business environment…
Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are.
In your policy it states quite clearly that no claim that you make will be paid. You unfortunately plucked for our Never-Pay Policy, which if you never claim is very worthwhile - but, uh, you had to claim - and there it is… Monty Python’s Flying Circus, circa 1971
Anti-jihadi hactivist The Jester (th3j35t3r), the self-proclaimed Nicest Hacker in the World, has returned for part two of our conversation concerning his campaign of intermittent disruption of militant pro-jihad websites. Part one, Q&A With anti-Jihadi Hacker The Jester, elicited both ire and accolades for the cyber-vigilante in nearly equal volume, revealing just how polarizing the issues surrounding ownership, permissions and access have become in this age of information.
Large enterprises rely on software products. And as everything else in large enterprises, the software products are large, complex, cumbersome and nearly unchangeable. This last attribute is better known as vendor lock-in. Software vendors love vendor lock-in.
The recession has lessened and all that cash your Company has been hoarding for the rainy days of the Obama years is burning a whole in your CEO’s pocket. He has his powder dry and is ready to make a big bang by going on a buying spree, targeting overseas entities, to beat the competition in coming out of your industry’s downturn. An initial inquiry should be made into the ownership structure of the target company. If any portion of the entity is owned or held by a government or governmental entity then such an entity is covered under the FCPA as a foreign governmental instrumentality…
In the online world where personal information in extremely large volumes is merchandise for organized crime, where law enforcement is more focused on building war-rooms and appointing cyber security tzars, and where everyone leaves a digital footprint, cyber vigilantes have become something like worshiped heroes…
We have had a few weeks to absorb the implications of wide spread Chinese supported attacks against Google and thirty or so other organizations. The US Secretary of State made one of the most affirmative statements on Internet freedom yet articulated by a government. Various policy analysts have chimed in as well. Some thoughts on what they have said…
The detailed reasons why people fail at DLP implementations merits a separate post – but it’s a lot like why over 50% of the content management implementation from vendors never made it to production in the 90s – the root cause was that there was no real business case for the technology. Unlike business processes – data risk cannot be outsourced.
WireHead SecurityTM, an information security services firm providing customers with solutions to strengthen internal security and risk management, today announced a partnership agreement with the North Carolina Independent Colleges and Universities (NCICU), under which member institutions can take advantage of discounted service pricing. NCICU is comprised of North Carolina’s 36 private, non-profit liberal arts, comprehensive, and research colleges and universities accredited by the Southern Association of Colleges and Schools.
Fraud as a service or FaaS for the acronym collectors, has been a topic of concern for security professionals since 2008. Gone are the days where the primary theft is being perpetrated by the sociopath lone-wolf in the basement. The major player is now organized crime, responsible for 70 percent of online fraud and billions in ill-gotten gains…
Scammers will say and do anything to get a person to part with their money. At first they had a sob story that sounded like a legitimate issue, new housing, can’t have a pet. When posted in a classified ad, it looks legitimate. Then they involved a “shipping company” that was a front for the scam. Once the victims were asked to send money via Western Union, that should have been a red-flag.
There needs to be a change to email security if we want to stop seeing high profile security breeches such as the ones that hit Hotmail and Google in 2009, and the America law firm Gipson Hoffman & Pancione more recently. The problem is, most email filtering systems will trust the email address and therefore allow it through.
Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
Many organizations are focused on stopping random hackers and blocking pornography when they should be concerned with bigger threats from professional cybercriminals, according to a new cybersecurity report.
In a survey conducted last year of 523 IT and security managers, top-level executives, and law enforcement personnel, hackers were rated the biggest threat, followed by insiders and foreign entities–probably because hackers are the “noisiest and easiest to detect,” the 2010 CyberSecurity Watch Survey concluded.Many organizations are focused on stopping random hackers and blocking pornography... more
Are you embracing the collaboration phenomenon that has been storming, complete with thunder, lightning and rain over the past few years? Or have you been hiding under an umbrella to avoid this social media storm? Yes, we are all interconnected, whether we want to be, are expected to be, or prefer not to be. We are, as they say in poker, all in, as collaboration is here to stay ― and it’s driven by technology…
Despite the fact that CDI has inherent weaknesses, as do all of the prior fraud prevention technologies, it is providing tremendous benefit to many companies, ranging from credit and loan issuers to social networking sites to online retailers. This is especially true when layering it with other effective technologies.
The number and types of external threats to a network are growing exponentially, and unless a company has a dedicated and highly specialized team devoted to network security, it’s hard to keep up with the rapidly changing threat landscape. After all, the threats of the Internet are the same for every company regardless of its size.