Browse by Tags
All Tags »
Security (RSS)
I had a chance to review the 2010 Verizon Data Breach Report today, which I was alerted to by ISC.SANS.ORG . They’ve put together data from 2004 through 2009, and it is quite interesting. These are from confirmed data breach cases. Here were 3 of
Read More...
Yes, you heard me correctly… We still think about personal and corporate security only as an afterthought. Despite all the regulatory and industry compliance that has been created and updated in the past 15 years, as we close out this decade, we are hardly
Read More...
The role of an organization’s technologists are to protect the technology and information assets of the company, while facilitating productivity to move the business forward. This is always a balancing act, as no technology department that I am aware of today has anything resembling an unlimited budget.
Read More...
There are several major challenges to the successful implementation of good information security in many organizations today. It is not because business owners do not think that security is important. No, the issues exist because they do not
Read More...
It has long been accepted that Information Security should be implemented in layers: Defense in Depth . The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder. To use a simple analogy, if you
Read More...
I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?” , and it highlights a common misconception about the role of auditing and auditors in the compliance
Read More...
Well, it’s been a while since we’ve had an active zero-day in Internet Explorer, but according to Microsoft Security Advisory 972890 , that’s what we’re looking at: a vulnerability in DirectX that allows for unauthenticated, remote execution attacks
Read More...
It’s only the second of April, and already I’m dealing with chaos. And not the kind I expected, either. We’ve all been waiting for Conflicker to do something this month , but so far, nothing has occurred. This is not a bad thing, mind
Read More...
The Conficker worm continues to make headlines , not only because it has been so elusive over the past 5 or so months, but because it is configured to do something special on April 1, 2009. For a disturbingly large number of individuals and organizations,
Read More...
The more things change, the more they remain the same. Almost exactly two years ago, I posted an article about the general organizational obsession with regulatory (or industry) compliance, at the expense of proper information security . Just today,
Read More...
Quite frankly, it’s even more important than it has been in the past. This morning, I was reading some articles on information security, including news about the Conficker worm . You know, we haven’t had a really good worm in 3 or 4
Read More...
Since the middle of 2008, we have seen an increase in the types and complexity of information security attacks that organizations have been facing. The widespread worms of 2004 and 2005 gave way to the targeted attacks of 2006 and early 2007. Things
Read More...
ComputerWorld has a very interesting article this week that talks about how immature Oracle's patch management program for customers is, compare to Microsoft's . As the following quote indicates, there are things that vendors should be doing to provide
Read More...
Yes, we know that information security in an interconnected world is not trivial. We accept that configuration errors or malicious insiders or new, complex threats might conspire to provide opportunities for a breach. But who says that it is acceptable
Read More...
Given the recent spate of breach announcements from companies like Monster.com and TradeFreedom Securities Inc. , I've been thinking about how poor security is going to impact organizations and consumers over the next few years. Even though there have
Read More...