New Year’s Resolutions for 2012
It’s that time of year again! Yay! (more…)
PCI Compliance – It’s not just for today
Read an article recently on study that was comparing organizations that had achieved PCI Compliance, but that when re-visited a year later, had fallen out of compliance. (more…)
In the event of a breach…
Saw a great WSJ article recently on steps to take if you’ve been breached. Well written! Here’s the Cliff Notes version: (more…)
Consumer Loyalty and Data Breaches
A recent article on darkreading.com showed results of a survey on consumer loyalty and data breaches called SailPoint Market Pulse Survey, conducted online by Harris Interactive. (more…)
Who’s Storing Your Sensitive Data?
In the spirit of keeping sensitive data safe, and our private lives private, I was a little disturbed by a recent article I found on Wired News. They are referencing a newly released Dept. of Justice (DoJ) memo which outlines the retention periods for major Telecoms on data they’re storing about your: texting – detail/content; IP session and destination information; call details, (more…)
Systems and Architecture Review
Systems and Architecture Review. So, you’re feeling pretty confident that you’ve got your environment locked down. Are you certain your infrastructure, servers, and devices deployed throughout your organization are protecting the confidentiality, integrity, and availability of your sensitive information assets? (more…)
Logging, logging and more logging – configuring logging
OK, any Information Security professional knows that logging is very important. Here are some best practices that we subscribe to in configuring logging: (more…)
BET24 warns over data breach – 19 months later
As reported by The Register (http://www.theregister.co.uk/2011/07/26/bet24_security_breach/), online gambling site BET24.com notified customers on Monday of data breach that occured in December, 2009. (more…)
Information Security Awareness Becoming More Mainstream?
Information Security Awareness – This morning on CNN, there was about five minutes spent talking about things like cloud security, the recent Sony and Lockheed Martin breaches, and the increased need to be aware of where our sensitive data is stored and how it’s being protected. (more…)
New Draft Guidance from NIST for Cloud Computing
Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance: (more…)