Archive for Risk Management
July 26, 2011 at 9:57 am · Filed under Risk Management
By Evy Schwartz
Just when you thought there couldn’t possibly be another venue for hackers, here comes another threat. Security researcher, Charlie Miller, is claiming Apple batteries have a security flaw based on his recent research.
He’s not releasing detailed findings until he presents at the Black Hat Conference in Las Vegas at the end of this month but we do have general details. The problem with Apple batteries seem to be in their intelligence.
“Smart” batteries contain Read the rest of this entry »
July 18, 2011 at 10:35 am · Filed under Risk Management
By Evy Schwartz
Uh-oh…paternity and drug test information available for all to see! Yes, it’s happened again, another high-profile data breach. This time the breach happened to one of Australia’s largest DNA testing companies.
That type of data is highly personal and apparently, it was available via Google search results. There was a glitch in the software used to register requests for drug tests which left customer data searchable by Google.
IT expert, David Raffen, had a great thought. He says “My Read the rest of this entry »
June 30, 2011 at 9:26 am · Filed under Risk Management
By Todd Doerr
When it comes to IT security, your employees can innocently create havoc in your organization. An interesting study just came out regarding USB sticks.
The U.S. Department of Homeland Security wanted to find out what would happen if they dropped USB sticks in government and private contractor parking lots. Would people pick them up or ignore them? If the sticks were picked up…what would people do with them?
Amazingly, 60% Read the rest of this entry »
February 14, 2011 at 8:00 am · Filed under Application Whitelisting, Compliance, Risk Management, Secure Information Exchange
By Todd Doerr
Securing critical business data from sinister cyber attacks is important to every organization. Unfortunately, today’s malware threats don’t lend themselves to yesterday’s security solutions. Modern malware is stealthier and better at bypassing even the most trusted antivirus software products on the market.
As reactive antivirus solutions become more ineffective against threats, a shift has occurred in the endpoint security mindset toward a proactive approach. Application whitelisting leads the proactive approach, and has become a widely accepted security and operational alternative to the traditional blacklist-based antivirus model. Read the rest of this entry »
January 26, 2011 at 10:09 am · Filed under Cloud Computing, Managed File Transfer, Managed Services, Risk Management
By Bill Buie
It’s no secret that 2011 is primed to be the ‘Year of the Cloud.’ If they haven’t already done so, organizations will be turning to private or public clouds to store and manage their sensitive business data. While the promise of greater efficiency, scalability, and overall cost savings are the key drivers behind greater cloud adoption, it’s well documented that businesses still have concerns around how they can securely access and transfer files in the cloud.
When it comes to managing sensitive data, protecting their confidential information is by far the top priority for businesses. GlobalSCAPE’s Managed Information Xchange (MIX) combines a managed file transfer service with world-class cloud infrastructure to enable organizations to safely manage confidential data and exchange files in the cloud. GlobalSCAPE’s tiered hosted and managed service provides many of the benefits companies hope to get from cloud computing, including reduced costs, increased productivity, and a higher level of security and compliance. Read the rest of this entry »
January 11, 2011 at 12:41 pm · Filed under Managed File Transfer, Risk Management, Secure Information Exchange
By Todd Doerr
Today, physically transporting critical business files from one location to another is inefficient, time-consuming, and can increase the risk of losing or mishandling highly confidential customer information. Companies that regularly transfer large data files understand this, and subsequently, are taking steps to streamline the process.
For a leading global information services company, the transportation of sensitive customer files from their physical offices to the company’s closest data center created a lot of room for loss and misuse of their customers’ critical business information. Then, once the files were delivered to the company’s nearest colocation facility by either mail or truck, technicians had to open the files in a highly secure physical environment and upload the information to their mainframes. This tedious process was not only time-consuming, but also came at a high risk. This prompted a corporate mandate preventing the company from accepting any more physical media from its customers after a certain date.
Read the rest of this entry »
October 7, 2010 at 1:42 pm · Filed under Risk Management, Secure Information Exchange
By Craig Robinson
While some have characterized General Alexander’s comments regarding a new “secure zone” as a military turf grab, I believe the General is within his area of responsibility and that his specific comments do not diminish the role of other agencies, including DHS.
The treatment of the cyber domain as analogous to ground, sea, air, and space is valid. A broad range of adversaries have shown us repeatedly in recent years that they will operate against our interests in cyberspace, and as a nation, we must present a viable defense.
In many ways, General Alexander’s comments present a “Back to the Future” situation.
Read the rest of this entry »
August 5, 2010 at 3:35 am · Filed under Risk Management, Secure Information Exchange
By Johnny Wright
Do all employees within your organization know what information they can and can’t share with external parties? Do you think your business and IT leaders would know if they inadvertently exposed sensitive company data to malicious parties?
Last weekend these questions were put to the test. A contest was held at DEF CON 18 Hacking Conference in Las Vegas to see if contestants could successfully call employees at real organizations to collect sensitive corporate information. Of the 140 calls made, only 5 employees declined to give participants the information they were seeking. If the employees declined to provide any information, the contestant simply called a different employee at the same company until they received the information they were looking for. The contest forbid contestants from attempting to gain passwords, IP addresses or other sensitive data, and instead challenged them to obtain data that ranged from the contact info for the employee that handles a firm’s tape backups to the browser versions being used by employees at the organization.
Read the rest of this entry »
July 1, 2010 at 11:44 am · Filed under Risk Management, Secure Information Exchange
By Craig Robinson
Companies cite concern for data security as one of the primary reasons why they avoid cloud-based hosted infrastructure. Recent events, such as the Google-versus-China incident and ongoing reporting on probes against government computer systems, reinforce the fact that companies must understand and address IT security. Data security is a real concern whether the context is the Internet, a cloud-based solution, or a private network.
I see a growing market need for IT infrastructure to be deployed in the cloud. As previously discussed in this blog and in many other forums, this need is driven largely by a desire to improve operating efficiencies and, ultimately, maximize financial performance and competitive advantage. However, realizing these advantages often requires that companies recognize and adapt to the paradigm shift inherent in moving to an off-premises, hosted model for some aspects of their IT operations.
Read the rest of this entry »
May 7, 2010 at 12:39 pm · Filed under Risk Management
By Craig Robinson
Today’s leading information security professionals and experts recognize that the public and private sectors must work together more effectively if we are going to truly build a more secure digital world. This week we saw another example of this collaboration in practice as the world’s infosec elite gathered for the EastWest Institute’s Worldwide Cybersecurity Summit at Belo Mansion in Dallas, Texas.
The talks at the event highlighted the real-world threats posed by today’s most sophisticated cyber criminals (especially as those criminals attempt to interfere with business activities and military operations). Experts also shared ideas on how to create effective Internet usage policies that don’t infringe upon free speech, technology innovation, and economic growth. They also discussed how to promote conversation among international stakeholders in an effort to ensure that meaningful policies are enforced and criminals stifled.
Read the rest of this entry »
Next entries »
