tagged w/ Infoduciary
-
While the word “encrypt” does not occur even once within the ARRA, the guidance that the Department of Health and Human Services (HHS) provides for complying with the HITECH Act portion of the ARRA is full of encryption direction.While the word “encrypt” does not occur even once within the ARRA, the... more
-
-
Evaluating Security Information Event Management (SIEM) solutions is important, as they come in a lot of different flavours. So, in order to sift through the multitude of solutions, the buyer needs to ask the hard questions. Here are some of the key questions that need to be taken into consideration:Evaluating Security Information Event Management (SIEM) solutions is important, as... more
-
-
As part of the shake-up at General Motors, GMAC is now called Ally Bank. Naturally, scam emails are going out asking people to update their old GMAC account record through Ally Bank. DO NOT FOLLOW THE LINK or OPEN THE ATTACHMENT. You will be infected.As part of the shake-up at General Motors, GMAC is now called Ally Bank. Naturally,... more
-
-
Every year, Sybase holds a technical conference devoted to bringing great minds together, both from Sybase and from its customers, known as Techwave. Techwave gives customers the unique opportunity to interface directly with Sybase engineering, product and executive management.Every year, Sybase holds a technical conference devoted to bringing great minds... more
-
-
More organizations are using managed security services, where security functions such as vulnerability assessment and network firewall monitoring are offered to clients as a service. These services offer potential benefits to organizations that lack the internal security resources. They also present risks…More organizations are using managed security services, where security functions such... more
-
-
Both network vendors and PC vendors should wake up to the new reality that there is another layer of change on top of the ever increasing bandwidth, application, and storage requirements. A change in the threats.Both network vendors and PC vendors should wake up to the new reality that there is... more
-
-
This risk is often hidden in plain sight, poses a genuine clear and present danger to the business and information security objectives, and one that is often overlooked. This issue is change control...This risk is often hidden in plain sight, poses a genuine clear and present danger to... more
-
-
Cyber security threats have reached a critical juncture. With attacks becoming more sophisticated and damaging, members of Congress and the Administration have taken note. The Obama Administration’s recent cyber security review highlights matters of high importance to many companies. More than ever, firms must stay on top of the rapidly changing world of cyber security, and must consider newly developed White House policies. Some priorities set forth include:Cyber security threats have reached a critical juncture. With attacks becoming more... more
-
-
IT is widely seen as a strategic, not a tactical, function of the business. The job of the IT team is to set and implement an IT strategy to meet a business need, rather than developing the tactical technology to support the business need – which, more and more, is left to specialist experts. Nowhere have we seen this more than in security.IT is widely seen as a strategic, not a tactical, function of the business. The job of... more
-
-
The US Government must get its priorities right. Too often “cybersecurity” is confused with “anti-piracy.” The average Joe or Jane downloading copyrighted content from Youtube is not a cybersecurity issue, whereas organized gangs systematically collecting and exploiting personal data is a cybersecurity issue. One might question if the US government is devoting the proper time and attention to the cybersecurity issues that are truly most in need of national attention.The US Government must get its priorities right. Too often “cybersecurity”... more
-
-
People get so upset, understandably, when an organization loses a laptop with SSNs, or has one stolen. But now, upon hearing that crooks don’t even need to steal SSNs, but can just generate them from commonly known information and use them until the victims discover the crimes, it is puzzling why so many people don’t see this as something to be concerned with, and to demand changes for.People get so upset, understandably, when an organization loses a laptop with SSNs, or... more
-
-
Knowledge is paramount in our efforts to understand our “climate” when it comes to conflict, it’s causes, how it’s fueled by the feeling of loss of control, and how it either unfolds progressively over time or rapidly without notice. The extremes, ups and downs of emotions that spur loss of individual control and can lead to hot conflicts, dangerous encounters and unpredictable results.Knowledge is paramount in our efforts to understand our “climate” when it... more
-
-
Small and medium sized businesses (SMBs) are an attractive target for identity thieves. According to the Institute of Consumer Financial Education (ICFE), SMBs usually qualify for larger lines of credit, “enjoy extended payment terms and less transactional scrutiny for large purchases or high value ticket items than individual customers.”Small and medium sized businesses (SMBs) are an attractive target for identity... more
-
-
On July 29th, as I was following up on a story that flashed across my Twitter stream about 30 certified employees of a school district finding themselves victims of ID theft, I found something that should not have been there...On July 29th, as I was following up on a story that flashed across my Twitter stream... more
-
-
RSA, the Security Division of EMC recently released several research reports that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA, the Security Division of EMC recently released several research reports that... more
-
-
The US Defense Information Systems Agency announced that it is going to released a Request For Information this month. Anyone responding to DISA’s RFI would do well to study the methodology that Barrett Lyon describes using the open source SQUID proxy and caching server. The technique spelled out by Barrett involves putting a bank of high end servers running SQUID in front of the potential targets.The US Defense Information Systems Agency announced that it is going to released a... more
-
-
By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit of breachery from the Miami Herald: It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings...By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit... more
-
-
Review the state of play of cyber security for the government and the private sector, including recommendations on how to create a more productive public-private partnership. Cyber security policies are rapidly expanding, indicating the critical threat faced by any organization using Internet-based technologies. In 2008, the Bush Administration launched the most comprehensive cyber security policy review in the federal government’s history. Soon after taking office, President Obama tasked the National Security Council to review our nation’s cyber security policy. In April, the first major bill calling for broad federal regulations and unprecedented power over private sector cyber systems was introduced in the Senate.Review the state of play of cyber security for the government and the private sector,... more
-
-
Thieves prey on our deepest and strongest emotions, and two people madly in love and about to take the plunge are certainly full of emotions and stress. Stress makes us more apt to decide quickly, without thinking the situation through. The sense of relief we feel may encourage us to accept an offer that seems “too good to be true” when we might otherwise hesitate.Thieves prey on our deepest and strongest emotions, and two people madly in love and... more
-
-
Sun Tzu’s theories are for the tactically minded professional wanting to secure every possible advantage - for the professional who wants to understand the mental, moral, and physical realms of conflict. WHY? Because that’s how we win on the street.Sun Tzu’s theories are for the tactically minded professional wanting to secure... more
-
