Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
How to Quickly Respond to Computer Intrusions – HALOCK
By Todd Hacke
The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play?
While having a full incident response plan, a trained response team, and well-placed log repositories are optimal, in our experience many organizations are not well-prepared. (more…)
RECOGNIZING THE THREAT FROM WITHIN
Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious cyber threat. (more…)
THE JP MORGAN CHASE HACKER INDICTMENTS EXEMPLIFY HOW BACKWARD THE INFOSEC SPACE IS
HACKER INDICTMENTS – Cybersecurity audits mean nothing to hackers. And in fact, neither do short-sighted privacy regulations. Hackers have been showing us this for years. And not just because they find ways to exploit systems before you have a chance to lock them down. It’s more than that. Hackers find value in your systems and data that you don’t think are interesting enough to protect. (more…)
WHAT IS HIPAA?
HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA.
EU SAFE HARBOR HAS BEEN BASHED – WHAT TO DO NEXT?
Author: Chris Cronin, ISO 27001 Auditor
The Court of Justice of the European Union has determined that E.U. Safe Harbor is not sufficient protection of European Union residents whose personal information is sent to the United States. This is a big deal for U.S. and E.U.-based businesses who have relied on the Safe Harbor framework as a method for cutting through regulations to conduct trans-Atlantic business. (more…)
REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security and make compliance an enterprise-wide priority for managing risks. (more…)
9 QUICK TIPS TO IMPROVE WEAK AUTHENTICATION
Over years of penetration testing, HALOCK has seen some enduring security vulnerabilities. They are so common, in fact, that we have come to expect to see them in the field. Many information security breaches occur because authentication vulnerabilities permit unauthorized access to applications, systems and data. If you were to follow these tips, our penetration tests would be much less fruitful (and that’s a good thing!) (more…)
INCIDENT RESPONSE: KNOWING YOUR OBLIGATIONS IN THE EVENT OF A SECURITY BREACH
Author: Glenn A. Stout, Ph.D, PMP
Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan (IRP). Who do you call? When should you call? What information needs to be reported? (more…)
THE FEDERAL TRADE COMMISSION IS COMING TO GET YOU
Author: Chris Cronin, ISO 27001 Auditor
The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about. (more…)
SIX THINGS TECH START-UPS CAN DO TO IMPROVE THEIR SECURITY POSTURE
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA
The Internet of Things (IOT) and Cloud Computing has provided business and consumers with unimaginable tools and functionality, not to mention immense entrepreneurial opportunities. Along with the connectedness of these solutions comes increased security risks that many entrepreneurs, start-ups, and venture capitalists need to be aware of before either launching into the tech industry or investing in a tech business. (more…)