Blog Posts Tagged with "Data Classification"
September 06, 2012 Added by:Joel Harding
In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
August 06, 2012 Added by:Rafal Los
BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...
July 30, 2012 Added by:Rafal Los
Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...
July 22, 2012 Added by:Tripwire Inc
Today, we don’t have the concept of “knowledge security,” but should we begin considering that moving forward? Given that we are moving, quite quickly, into a knowledge-based orientation, what are the implications for “information security?” Are there any? Does this perspective even matter?
June 04, 2012 Added by:Fergal Glynn
As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...
April 30, 2012 Added by:DHANANJAY ROKDE
Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
April 02, 2012 Added by:Christopher Rodgers
Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...
April 01, 2012 Added by:Neira Jones
For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...
March 01, 2012 Added by:Danny Lieberman
The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...
January 13, 2012 Added by:Danny Lieberman
Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...
November 27, 2011 Added by:Brandon Knight
Beside the fact that it's possible to have a bit more confidence in how Skype traffic is encrypted, is there enough information now to make a fully-formed risk decision on whether or not to use Skype? It's useful to step back and evaluate the fuller picture in the context of your existing operations...
October 12, 2011 Added by:Konrad Fellmann
Some organizations hoard data, but have no idea why. A business owner needs to figure out why the data needs to be kept, who will use the data, and how long it needs to be kept for business, legal or contractual reasons. Once defined, IT can implement proper controls to protect the data...
June 13, 2011 Added by:Boris Sverdlik
To implement a data loss solution, you must take a holistic approach to identify the problem, threat vectors and vulnerabilities. You must understand where your sensitive data lives within your organization. This can’t be done with a tool, regardless of how good they claim it is...
January 19, 2011 Added by:kapil assudani
DLP solutions address only a subset of data leakage issues and only help enforce “acceptable use” policies and processes with a number of limitations. They do not prevent information security related data leakage issues like external malicious attackers...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013