Archive for the ‘Compliance’ Category

In this time of global financial insecurity, large scale companies are stretching further and further across the planet in order to reduce costs and remain competitive. But this strategy brings with it risks. The pressure on a global company’s supply chain is simply immense, with operations stretching across whole continents and handfuls of countries, variables [...]

According to the press release they say “Our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cybersecurity an Administration priority. When the President released his Cyberspace Policy Review almost two years ago, he declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation.”

Facebook’s new security features and the Zuckerberg hacking incident

Image via CrunchBase Is there such a thing as Social Media Warfare? We have had cyber warfare going on for years now. So it should be an obvious “YES” that Social Media warfare exists. But is that true?  To get to a full blown war opposing sides go through an escalation process. Where are we [...]

Image by ivanpw via Flickr Social Media Policy Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has been a bottom up approach. By bottom up I mean that the consumer [...]

Image via CrunchBase When you join a company, you relinquish certain rights. The workplace is not a democracy. Yet many people still think that their corporate email, their corporate computers and the data they use is “theirs”. Who owns that data? Well the answer is the company. Companies are concerned with data loss prevention. A [...]

Data Lifecycle Management: How to reduce risk Part 2 The Data Lifecycle Management (DLM) goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. [...]

The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction.

Image via Wikipedia There is a lot of focus on network security and application security today. Years ago it was operating system security that was all the rage. But with the advent of the strict requirements of some of the regulations such as HIPAA, PCI, SOX, and FISMA, more attention needs to be paid to [...]

Image via Wikipedia PCI laws are expanding around the country. Washington State is the latest to add a law to their books. Washington state follows Nevada and Minnesota in implementing Payment Card Industry Data Security Standard (PCI), the law is HB 1149. It changes the breach notification law they already had on the books. The [...]

Image via Wikipedia We have seen a lot of problems with Adobe vulnerabilities. Adobe has been getting beat up with all the negative publicity in the past few months. Apple is restricting access to Adobe on their devices. Has anyone tried their remote desktop sharing? I wonder if some vulnerability will be release in that [...]

Image via Wikipedia Vendor risk assessment are not part of everyday corporate managememnt but it should be. If you drive a car and every week you have to get something fixed it would prove pretty annoying, disgusting, outrageous and you probably you would never buy that model again and probably wouldn’t by from that manufacturer [...]

Image by Getty Images via Daylife SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of  Data [...]

Ponemon Institute recently released their  Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change [...]

The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in [...]

FTC’s Additonal Rules for HIPAA Security The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault [...]

Miami is a fun place to live and work (there are actually people who work here). Its a great vacation spot, people enjoy the nightlife and now we have something else to crow about. The largest credit theft ring was based here! According to Bloomberg, “Albert Gonzalez, a 28-year-old Miami resident, and two hackers living [...]

Forget Information Security, someone work on airport delays My posts are all usually information security related. Some interesting things on web security, vulnerability assessment, risk assessment, all that good stuff. Well today I cannot blog about that. As much as I love it, get a probably un-natural excitement about it, I can’t do it. I [...]

Website security is the one of the most dangerous places for a company. If you look at a layered security approach, we start out with the internal network. There we have host security, patch management, host IDS and other server based technologies. Next we have the network security layers, network intrusion detection, network monitoring and [...]

The Ponemon Institute and Ounce Labs (www.ouncelabs.com) released a study on the view CEOs have regarding data protection in their environment. In the study of 213 CEOs and other senior executives, CEOs did not share the same view on how secure their organization is with their executives. 92 percent of respondents said they were attacks. [...]