Ain’t No Style Points in Infosec

It’s Winter Olympics time. I love watching them, especially safely ensconced in the American Southwest where we don’t have to deal with the snow and ice associated with the winter sports. Speed skating, (real) Biathlon, Hockey, Downhill and XC skiing, and all the rest of it.

But my friend the sports curmudgeon complains about sports that rely on judges to determine the outcome.

> Read More

Compliance Is Bad for Security

There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same person,

> Read More

Market Impact of a Data Breach

In my Changeup post the other day, I mentioned that my colleague Paul Henry had saved an organization an estimated $10M (or roughly 15%) in market cap by showing that an intrusion had no material impact. That got me to thinking: what *is* the typical market impact of a breach?

> Read More

Not reporting a data breach – your reputation may suffer but what about your pocketbook?

How would you feel if a restaurant, hotel or retailer knew your information had been compromised, but you didn’t find out until fraudulent charges started appearing on your credit card? Or if a company you had invested tens of thousands of dollars in didn’t let you know that it had suffered a data breach? Not great I’d imagine,

> Read More

Vermont Updates Data Breach Notification Laws

Updates to the Vermont Data Protection and Breach Notification laws came into effect in May 2012. As readers of my posts know (yo G!), although I seem to play one in this blog, IANAL. With that said, since these laws seem to cover any business in the US and beyond, you should take a quick look at Vermont’s data protection laws.

> Read More

Security vs. Operations

Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency. For some tips,

> Read More

Security and Operations: Back to the Basics

We’re back with part II in our podcast series on security versus operations with Mike Rothman, president and analyst with Securosis. In this post, Mike and I will discuss getting back to the basics of endpoint security, as small and mid-size organizations should not even consider employing in-depth cyber security measures until they have the basic preventative measures in place.

> Read More

Lessons from the Road…Tokyo, London, Sydney: Part II

As I mentioned in my last post, after quite a bit of overseas travel recently, I observed a few trends that apply globally – at its core, what trends are driving technology trends in IT environments, today?

In addition to the platform-centric approach being firmly planted both here and overseas and the efficiency of agents on the endpoint being increasingly under the microscope which I covered in my last post,

> Read More

Lessons from the Road…Tokyo, London, Sydney: Part I

A few things I learned while on the road in the past couple of weeks:

1.    The platform-centric approach is firmly planted both here and overseas;
2.    The efficiency of agents on the endpoint is increasingly under the microscope;
3.    Application whitelisting is truly hitting a global tipping point;
4.   

> Read More

Whitelisting: Fill in the Gaps Where Traditional Efforts have Failed

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a year after,

> Read More

The Case for Endpoint Operations and Endpoint Security Convergence

Ask any IT administrator where their greatest security risk lies and they will tell you it’s at the endpoint. The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network. Data that once resided on secure centralized servers (and was accessed only by local desktops within a company) has migrated to remote “offices” where technology is distributed,

> Read More

Waving The Red Flag—Are you Ready for Another Regulation?

More than six years after President Bush signed the Fair and Accurate Credit Transactions Act of 2003 (FACTA), it appears that the Federal Trade Commission (FTC) is finally ready to put the hammer down on the long-delayed Red Flags Rule provision of the law. Designed to prompt businesses that extend credit to customers to pay attention to the danger signs–or red flags–that could signal fraudulent activity as a result of identity theft,

> Read More