tagged w/ Insider Threat
-
My daily routine includes a short scan for the latest posts of some specific blogs, especially security related. Of course, there are many security related blogs but considering the time that passes very fast, I can only follow specific ones. So here I share with you the top 5 security related blogs that I think you should subscribe to:My daily routine includes a short scan for the latest posts of some specific blogs,... more
-
-
Anyone within an organization could have the motivation, access to resources, and the tools to steal information, or even destroy critical resources. While often overlooked, the insider threat actually outweighs the threats from cyber criminals, hackers and the random malware that most organizations concentrate on. It is the insider that understands where the keys to the kingdom are hidden.Anyone within an organization could have the motivation, access to resources, and the... more
-
-
ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at Heartland” by Bob Carr, CEO of Heartland Payment Systems; Carnegie Mellon University Software Engineering Institute Insider Threat Workshop; U.S. Department of Homeland Security Critical Infrastructure and Key Resources; ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project; IT Sector Coordinating Council Protective Programs and Research and Development (PPRD)…ANSI Identity Theft Standards Panel webinar “Lessons from the Data Breach at... more
-
-
Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests’ names and their credit card or debit card number and expiration date.Radisson Hotels & Resorts has posted an open letter to its guests, informing them... more
-
-
As sites like Facebook, LinkedIn and Twitter have grown more popular, they have become a hot target for hackers. According to Kaspersky Lab, malicious code distributed via social networking sites is ten times more effective than malware spread via e-mail. Here are the Top 8:As sites like Facebook, LinkedIn and Twitter have grown more popular, they have become... more
-
-
More organizations are using managed security services, where security functions such as vulnerability assessment and network firewall monitoring are offered to clients as a service. These services offer potential benefits to organizations that lack the internal security resources. They also present risks…More organizations are using managed security services, where security functions such... more
-
-
RSA, the Security Division of EMC recently released several research reports that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA, the Security Division of EMC recently released several research reports that... more
-
-
“We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises” -Tom Gillis, VP and general manager of Cisco.
According to Cisco Systems’ Midyear Security Report, issued July 14, online criminals are exploiting traditional business strategies as they continue to flourish amid a shaky global economy.“We see many signs that criminals are mimicking the practices embraced by... more
-
-
For some reason, too many practitioners, and many/most consultants, think that if something is stated on the website, then all personnel magically, or by some type of mystical digital osmosis, know what it says and have actually read it.
That goes for the rarely-read-by-employees website privacy policy.
Most personnel don’t know what their website policy says because most get little to no awareness or training about privacy to begin with, and so most go along their merry way each day performing their job responsibilities in ways that violate that posted privacy policy!
Assuming all personnel know what the privacy policies even say = dumb dangerousnessFor some reason, too many practitioners, and many/most consultants, think that if... more
-
-
The idea of having confidential records shopped to competitors and then offered up for sale to the highest bidder would be enough to keep any CIO up at night. Yet, as scary as this scenario is, cyber extortion remains rare. The bigger threat - one that should legitimately keep IT professionals up at night - is on the inside.The idea of having confidential records shopped to competitors and then offered up for... more
-
-
The RFI is classified, but in general terms, it seeks information on prospective technical, end-to-end solutions that will help to protect the federal (.gov) cyber domain, and to facilitate cybersecurity improvements affecting the private sector. Registration will remain open until July 22, 2009.The RFI is classified, but in general terms, it seeks information on prospective... more
-
