The CISO of Pennsylvania was apparently fired after discussing a breach while serving on a panel at the recent RSA conference. The removal appeared in several articles including this SCMagazine report. The information provided by Bob Maley was a clear description of a threat that some states may face, an appropriate discussion for this panel. [...]
Between 1930 and 1940, France built a massive system of defenses known as the Maginot Line. Designed to stop a German invasion, history illustrates its failure. The 1940 German invasion of France skirted the defensive Maginot Line as they swiftly penetrated through the Ardennes by way of Belgium. I’m not a historian and there are [...]
Though it seems obvious that corporations have an obligation to protect the sensitive information they use for business it still amazes me that corporate behavior in this regard is still quite dismissive. Lawsuits and public embarrassment seem to be the only catalyst for action for many organizations. That is kind of sad. Not only is [...]
An article by Kim Zetter on Wired.com caught my attention: “Restaurants Sue Vendor for Unsecured Card Processor”. The gist is that several restaurants purchased Point-of-Sale (POS) systems from a particular vendor. These POS systems that were sold were apparently not Payment Card Industry – Data Security Standard (PCI-DSS) compliant and that resulted in a breach [...]
A subsidiary of manged health care provider Health Net Inc, just reported the loss of personal information for 1.5 million customers that occurred six months ago according to a ComputerWorld article. Without knowing all the details of the situation, I can only speculate as to some of the security controls and thoughts of the Health [...]
Cloud computing certainly offers cost management opportunities for organizations straining to maintain server infrastructure but there is more to consider than just server management. Security in the cloud simply has not had an opportunity to mature. Protecting servers, which no doubt cloud providers can do pretty effectively, is different than protecting information. Those organizations that [...]
How often is e-mail used to send documents and information that contains sensitive information? I’ve seen consultants share sensitive information about clients this way as well as staff members just “trying to be helpful”. I’m sure this happens all the time and it can be mitigated through training and providing staff the tools necessary to [...]
When an employee leaves a company either voluntarily or involuntary, the business must have the processes and procedures in place to immediately revoke access to information resources. This isn’t a new concept in the information security realm but it is something that is often applied lackadaisically in organizations. With the cost of breaches rising, leaving [...]
Tandil Wordpress Theme designed by Wp Themes Planet and proudly powered by WordPress