Archive for February, 2010
February 22, 2010 at 2:33 am · Filed under Risk Management
By Toney Jennings, President & CEO of CoreTrace
Cyberspace defense has largely been a measure/countermeasure/counter-countermeasure game. The good guys build a fence and, in short order, the bad guys climb over it. The good guys build the fence taller and the bad guys figure a way over it again. I would not be the first to compare this reactive security approach to the famous “whack-a-mole” game, but I thought it would be a fun way to demonstrate the point.
A decade ago, it could be argued that the “mole” poked its head up with sufficient enough malaise that you actually stood a reasonable chance of bashing the little bugger on the head. Today’s threats, however, look more like the Caddyshack gopher–and traditional, reactive security solutions looking about as capable as Bill Murray.
Read the rest of this entry »
February 16, 2010 at 12:36 pm · Filed under Compliance, Risk Management
By Greg Hoffer
In a recent interview with CNET, Bob Russo, general manager of the PCI Security Standards Council noted, “Becoming compliant with the standard is pretty much a snapshot in time. An assessment company would come in and go through all those requirements and check that this stuff is in place. If everything is in place they issue a report on compliance. It is then your responsibility as a merchant to maintain that compliance.”
Russo’s point about continuous versus point-in-time compliance is interesting on many levels. As a respectable business or IT leader, you can’t argue with the fact that companies must not only meet government and industry standards at a single point in time, but that they must also update processes, tools and systems to maintain their compliance as regulations shift and change. In order to ensure information security (that you’ve mitigated risk to an acceptable level), you must treat the policies, processes and tools that you use to protect sensitive data as an evolving, imperfect set of entities.
However, it’s somewhat of a cop-out by Russo and the council to imply that because companies are not completely in compliance all the time, their information and systems are any more vulnerable than those who might be in complete compliance all of the time. To take it one step further, he also seems to be saying that a company’s lack of compliance explains why a breach occurred. Might it be possible that the standards really only provide a false sense of security for consumers?
Read the rest of this entry »
February 4, 2010 at 10:49 am · Filed under Managed File Transfer, Risk Management, Secure Information Exchange
By Todd Doerr
Ad hoc file transfer isn’t the only MFT trend to watch for this year. In today’s world of tight IT budgets, reduced workforces, and security mandates, it’s only natural for us to expect that companies will turn to MFT solution providers who offer intelligent file-centric automation capabilities.
Today’s automation differs from the automated functionality available in the past. We’re no longer talking about just moving files from point A to point B. It’s not enough to rely on homegrown solutions (like custom scripts) built in the past. We’re talking about seamlessly moving files into back end systems while providing full audit tracking, robust monitoring capabilities, and the ability to react to anomalies, which can trigger alerts.
What’s driving this demand?
Read the rest of this entry »
