Items Tagged with "Data Loss Prevention"
August 30, 2012
The majority of attacks that result data breaches are simply not that complex, relying on well-known, tried-and-true methods. Yet most organizations lack the time and expertise to develop the security content— the breach detection rules and configuration hardening policies for servers—that can deter attempts...
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
August 28, 2012 Added by:Robert Siciliano
If you choose to use your personal device for work, then your employer will more than likely want control over that device. This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data...
August 27, 2012 Added by:Infosec Island Admin
As the complexity of attacks grow at a rate outstripping the pace of Moores Law, defenders have to take up a more nuanced approach to protecting their environments. Reliance on technical solutions alone is not tenable, you have to look at the creature behind the keyboard to get a better picture of the attack...
August 23, 2012 Added by:Brent Huston
Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...
August 22, 2012
The basis of the paradox – how can a device that is so small, open, innovative, tactile, easy to use and readily available retain mass-market appeal while at the same time remaining secure? This is the challenge not just from a software or hardware perspective, but also a cultural one...
August 22, 2012 Added by:Kelly Colgan
The digitization of medical records may make folks queasy, but it is also efficient, offering an opportunity to save both money and lives. It is in fact inevitable. Unfortunately, so are data breaches and the identity compromises that follow. We need to be deadly serious because lives are at literally at stake...
August 16, 2012
Anyone can go research IT companies and make decisions based solely on what they read, but this is not how people make decisions. People interested in buying a product or service want to know if it will work, how well it has worked in the past, and if current customers are happy with the product or service...
August 15, 2012 Added by:Rafal Los
Does it make sense to repurpose "security awareness" to be inclusive of corporate and personal responsibility? Should we have users sign agreements that make them aware they are responsible, personally, when bad things happen as a result of their actions? Should there be HR actions against users who are reckless?
August 15, 2012
To provide more effective data protection that combines preventive and detective controls, a security admin can obtain the necessary technical information to create reports and dashboards that translate data into terms the business understands to make information security visible, measurable and accountable...
August 14, 2012 Added by:Rebecca Herold
Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. Bottom line for all organizations: Humans have always been and will always be the weakest link in security...
August 12, 2012 Added by:Brent Hutfless
Training and education are key elements to securing data. The advances in detection and monitoring solutions have placed more capable tools in the security professional’s toolbox, but APT attacks have grown in sophistication and perseverance – often leading to successful attacks and subsequent data loss...
August 11, 2012 Added by:Tripwire Inc
Rather than brute-forcing the account, the hackers gained access by doing some creative social engineering by contacting Apple customer support. The problem is that we often turn over our data to 3rd-party providers without understanding what protocols they have in place to keep our data safe...
August 10, 2012
In the cyber world our identity is reflected by our usernames and passwords. For users, keeping passwords safe is vital to avoid security incidents. But online service providers who store usernames and passwords are expected to do the same. Problems arise when security is compromised at either end of the chain...
August 09, 2012 Added by:Michelle Drolet
There’s no one-size-fits-all solution. In creating a policy you have to consider what devices to support, how much access to give them, and what kind of budget to allocate. Do you have specific compliance issues? Are you willing to subsidize data plans or device purchases? How do you ensure company data is secure?
August 08, 2012 Added by:Fergal Glynn
Devices aren’t the main problem in a BYOD strategy: employees are. That’s why BYOD is not just a technical issue. It needs a holistic approach that includes HR, data security and legal stakeholders. Organizations adopting a BYOD strategy should put in place a strategy that includes policies and technical constraints...