Clearly communicate that, in fact, there are secrets. Once employees understand that they have a responsibility to protect the enterprise, the chasm between the security professional and the rest of the staff not only shrinks, it disappears. Far too often, security policies arrive as a reaction, as opposed to a proactive management of risk. Through this process, the enterprise will acknowledge security as forethought, not an afterthought.
Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to analyze windows event logs. But before you start going commercial, there is a tool that will get you going without any cost. Against all odds, it’s a tool made by Microsoft!
“First, the President is correct in his appreciation of the need to view cyber security as not just a technical and security issue, but as an economic one as well. In the 21st century - the digital century - economics and security are opposite sides of the same coin. You cannot affect one without impacting the other.” ~ Congressional Testimony
Acquisition and deployment of real solutions is now within grasp of business owners (seemingly) without the need for conventional IT delivery and support. But many questions may go unanswered without engagement of EA, and latent risks (such as compliance and security) may turn into real issues.
In its recently released Global CIO Study, IBM found that 83% of respondents identified business intelligence and analytics as the best way to help enhance their organizations’ competitiveness. At the company’s Information on Demand conference in Las Vegas, IBM outlined a series of new products and services. It includes tools to analyze the increasing volumes of unstructured data found on Web sites, on social networking sites and in digital files.
Kellogg, Brown & Root (KBR) was responsible for the kickback fraud that occurred in the US v. Khan case, and has been the focus of many other cases of procurement fraud within the LOGCAP project. Since combat operations began in 2001, DCAA has referred to criminal investigators 32 cases of suspected fraud that were associated with all wartime-support contracts. Of those, the vast majority were related to the Logistics Civil Augmentation Program.
Larry Clinton, president of the Internet Security Alliance (ISA), will testify tomorrow at a U.S. Senate Judiciary Terrorism and Homeland Security Subcommittee hearing titled, Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace.
People who generally have to much time on their hands read my posts. Or they simply enjoy my train wreck world view. Anyway there are some fantastic resources that I draw from that help me to break down the complicated issues revolving around how to keep the bad guy from draining your bank account. The following make me look good (not to insult them):
Wouldn’t it be a good idea to have privacy certifications for the organizations that are part of the large smart grid and for the smart meters to help ensure they are appropriately addressing privacy and providing households with informed decision-making capabilities for how the information collected from their homes through these devices are used?
On October 28th President Obama signed into law the National Defense Authorization Act for Fiscal Year 2010. OK, so more people are needed. Now, let’s talk money. How much money is provided in the 2010 Defense Authorization Act for Cyber Defense? A lot.
Once a predator uses your Internet connection to go to into the bowels of the web, your Internet Protocol address, which is connected to your ISP billing address, is now considered one that is owned by a criminal. If law enforcement happens to be chatting with that person, who’s using your Internet connection to trade lurid porn, then someone may eventually knock on your door at 3 AM with a battering ram. And in freakish and relatively new twist, hackers can use a virus to crack your network and gain remote control access, and then store illicit porn on your hard drive.
The question is not lack of process but whether or not security is being used to help enforce business process in the relevant areas of product safety, customer service, employee workplace security and information protection in business-to-business relationships.
These new regulations come at a time when healthcare breaches are on the rise; according to the 2009 ITRC Breach Stats Report healthcare breaches account for over 66 percent of all records breached this year, up from 20 percent in 2008. In fact, some of the largest names in healthcare suffered data breaches.
Congress is still considering the Informed P2P User Act, a law that would supposedly make it safer to use peer-to-peer file sharing software, an effort that is similar to banning mosquitoes from sucking blood. It just isn’t happening…
Every organization has some form of Information Security Risk Assessment - some perform a formal risk assessment, others simply use their practical experience. There aren’t that many tools that assist the organization in performing risk assessment. The most widely used one is Excel, but it is far from a good choice.
The ISA will release a new cybersecurity report, which proposes frameworks for taking key issues in the Obama Administration’s “Cyberspace Policy Review” document to the next level, in an effort to achieve tangible progress. The report will include frameworks for creating a new, practical model for information sharing; addressing the international nature of cybersecurity issues; developing a market for adopting good security standards and practices; building a highly educated digital workforce; and managing the global IT supply chain.
Hackers are spreading their operational bases further around the world, according to threat analysis from managed security firm, Network Box. Not only should we all be wary about what links we click on in emails, social networking sites and IM, but we should examine what data we put online.
The notion that social media sites are little more than a trendy consumer oriented technology is misguided. Most business activities have legal ramifications and social media is no exception., and legal issues can arise when an organization does not adequately address social media with company policy.
Identity theft is preventable. As with any other crime, the risk will always be there. But there are many things people can do to minimize that risk, both online and offline. The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths.
There are four pillars to the cyber war realm: intelligence, technology, logistics, and command. By understanding these factors IT security practitioners can gauge the threat to their own organization from cyber war and perhaps take steps to prepare for either direct attacks or the fallout from an outbreak of cyber hostilities between nations.
