Not reporting a data breach – your reputation may suffer but what about your pocketbook?

How would you feel if a restaurant, hotel or retailer knew your information had been compromised, but you didn’t find out until fraudulent charges started appearing on your credit card? Or if a company you had invested tens of thousands of dollars in didn’t let you know that it had suffered a data breach? Not great I’d imagine,

> Read More

HIEs Prepare for Flood of Patient Data, Demanding Privacy Mandates

As health information exchanges (HIEs) prepare for more rigorous data exchange requirements under Stage 2 of the “meaningful use” mandates from Centers of Medicare and Medicaid Services (CMS), they must also be prepared to take more rigorous steps to protect patient privacy and security.

Under the Health Information Technology for Economic and Clinical Health (HITECH) Act,

> Read More

Ensure a Secure Transition to IPv6

IPv6 is coming soon, whether information security professionals like it or not. So it’s best to be prepared rather than ignore or resist the process.

On June 6, dubbed World IPv6 Launch Day by the Internet Society, major ISPs, home networking equipment manufacturers, and web companies around the world will enable IPv6 for their products and services.

> Read More

Checkmark Compliance Will Get You Nowhere But Hacked

It used to be the only thing you could count on was death and taxes. But these days, you can bet on hackers going after your organization’s data too. Motives may differ – consider the hackers who want to make a statement and the cyber criminals who look to make a buck – but in the end,

> Read More

Security vs. Operations

Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency. For some tips,

> Read More

Security and Operations: Back to the Basics

We’re back with part II in our podcast series on security versus operations with Mike Rothman, president and analyst with Securosis. In this post, Mike and I will discuss getting back to the basics of endpoint security, as small and mid-size organizations should not even consider employing in-depth cyber security measures until they have the basic preventative measures in place.

> Read More

Security and Operations: Guidelines to Striking a Balance

Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency.

Download the podcast.

> Read More

PCI spotlight on Europe

Alan Bentley, SVP International Sales, Lumension, asks Bob Tarzey, Analyst and Director with Quocirca about the difference between PCI compliance and a strong security posture.

Q: PCI standards are designed to be a starting point to helping build a strong security posture. Are retailers/organisations aware that they need to do more than achieve PCI compliance to achieve full risk management? > Read More

Lessons from the Road…Tokyo, London, Sydney: Part II

As I mentioned in my last post, after quite a bit of overseas travel recently, I observed a few trends that apply globally – at its core, what trends are driving technology trends in IT environments, today?

In addition to the platform-centric approach being firmly planted both here and overseas and the efficiency of agents on the endpoint being increasingly under the microscope which I covered in my last post,

> Read More

The Case for Endpoint Operations and Endpoint Security Convergence

Ask any IT administrator where their greatest security risk lies and they will tell you it’s at the endpoint. The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network. Data that once resided on secure centralized servers (and was accessed only by local desktops within a company) has migrated to remote “offices” where technology is distributed,

> Read More

Waving The Red Flag—Are you Ready for Another Regulation?

More than six years after President Bush signed the Fair and Accurate Credit Transactions Act of 2003 (FACTA), it appears that the Federal Trade Commission (FTC) is finally ready to put the hammer down on the long-delayed Red Flags Rule provision of the law. Designed to prompt businesses that extend credit to customers to pay attention to the danger signs–or red flags–that could signal fraudulent activity as a result of identity theft,

> Read More

Federal Cyber Security Outlook for 2010

Steve Antone, Vice President of Federal Solutions Group provides insights into the Federal Cyber Security Outlook for 2010 survey.

Why Compliance and Security Need to Play Nice

In this video interview, Matt Mosher, SVP of the Americas, Lumension, takes an in-depth look at how organizations can make compliance a continuous process by correlating compliance with security posture.