How to Quickly Respond to Computer Intrusions – HALOCK
The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play?
While having a full incident response plan (IRP), a trained response team, and well-placed log repositories are optimal, in our (more…)
RECOGNIZING THE THREAT FROM WITHIN
Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and (more…)
THE JP MORGAN CHASE HACKER INDICTMENTS EXEMPLIFY HOW BACKWARD THE INFOSEC SPACE IS
HACKER INDICTMENTS – Cybersecurity audits mean nothing to hackers. And in fact, neither do short-sighted privacy regulations. Hackers have been showing us this for years. And not just because they find ways to exploit systems before you have a chance to lock them down. It’s more than that. Hackers find value in your systems and data that you don’t think are interesting enough (more…)
WHAT IS HIPAA?
HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA.
REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a (more…)
SIX THINGS TECH START-UPS CAN DO TO IMPROVE THEIR SECURITY POSTURE
The Internet of Things (IOT) and Cloud Computing has provided business and consumers with unimaginable tools and functionality, not to mention immense entrepreneurial opportunities. Along with the connectedness of these solutions comes increased security risks that many entrepreneurs, start-ups, and venture capitalists need to be aware of before either launching into the tech industry or (more…)
PREPARING FOR YOUR DATA BREACH
PREPARING FOR YOUR DATA BREACH.
Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The latest breach is being reported as the largest data breach of (more…)
Lessons in Risk Management: What We Should Learn from the FAA Fire
Too often in information security we focus on the confidentiality of personal information, ignoring the damage that can result from failures in integrity and availability. In fact, this is the main driver of much of our information security spending in the U.S. But the proper function of information and communications can create huge impacts not only to business, but to the public if (more…)
Code Spaces Spaced Out On Data Security
The information security community is abuzz with the news of Code Spaces closing its doors after having all of its client’s data erased by an attacker who gained access to their environment. Code Spaces offered their clients a “code repository” service – think Subversion-as-a-Service – and convinced their clients that their code was safe from data loss when stored there. The failure is (more…)
Vendor Risk Management Hype Extends Beyond Target®
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant (more…)
