Universities Remain a Rich Target for Hackers
Schaumburg, IL, April 9, 2014: In 2013, HALOCK Security Labs noted information security vulnerabilities at colleges and universities along with numerous hacker challenges that plague these institutions across the United States. More breaches may come to light if higher education institutions do not (more…)
Darrell Issa Just Learned the Difference Between Compliance and Security. Let’s Hope for a Payoff.
Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems. (more…)
A Word about the Target Data Security Breach
What happened to Target® last week is every business’ worst nightmare. We’ve received a number of inquiries regarding the security breach incident from concerned clients and friends and wanted to share a few insights. (more…)
California’s New “Do Not Track” Privacy Law is Weak … As Expected
If you operate a web site that accepts personal information from California residents, you may be aware that California’s amended CalOPPA law has added a “do not track” requirement this month. California’s legislators have added to the already-weak law a new, value-less clause that gives the appearance that the law does something that (more…)
Common Hazards in Risk Management: The Selfish Risk Assessment
Information security laws and regulations are telling us to conduct cyber security risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us (more…)
The NSA’s Threat to Information Security Culture
Over the past few weeks we’ve seen news coming out of the Edward Snowden leaks that we’ve been able to either shrug off or become perturbed by, depending on the details of each leak. But this past week, new information was revealed regarding a serious violation of trust. This time, reactions from security professionals are anything but middle of the road. ProPublica and The Guardian (more…)
Your Policies Can Hurt You, Part 2: Overzealous Policies Can Create Breach-Prone Environments
Early on in my information security career I was auditing a firm that conducted complex economic analyses for their clients. They processed a lot of personal information and they wanted to be sure they were applying appropriate controls to safeguard that information. Part of their business model was to charge their clients per hour for statistical analyses of large datasets. This meant that analysts were (more…)
Your Policies Can Hurt You, Part 1: The Importance of Well-Tailored Instructions
Managers often think about compliance in terms of policies. There is something concrete, achievable and finite about them. And they are required by laws and regulations for protecting information and systems. But too often managers think of policies as a finish line for compliance. Need to be compliant? Then write a (more…)
Why are Hackers Heckling the Director of the NSA?
The Hackers Heckling. The Black Hat convention is under way today in Las Vegas, and there, before a group of information-security-minded individuals, stood General Keith Alexander, Director of the NSA, getting heckled by conference attendees. Their complaints were targeted at the NSA’s surveillance activities and Director Alexander’s dubious testimony to Congress about those activities. (more…)
While Technological Security Risks Are a Possibility, Management Security Risks are a Certainty
Most of my information security focus these past few years has concentrated on managing risks and governance, but this was not always the case. I came into this profession as a technologist and manager who focused on team building, turn-arounds and doing a lot with few resources. But as my career moved from technology operations to security it also moved from technology (more…)
