UNLIMITED SECURITY BUDGETS AND PERFECT SECURITY
Perfect security is not possible, feasible nor required by law. In fact, information security laws and regulations require that we provide “reasonable and appropriate” security through a well-defined risk management process.
Without a risk-based approach, organizations attempt to address information security requirements by either attempting to comply with a long list of security (more…)
SEIM Many Logging Options – What to Do?
Log and Security Event Information Management (SEIM) are two of the 20 Controls that SANS lists for network security. They are also some of the more controversial ones. Logs are very much like digital fingerprints for one’s network and applications. It has great value for both noticing exploits (visibility) and forensically investigating those which have already happened. SEIMs are the intelligence (more…)
Current State of Cloud Based Security
At HALOCK®, we recognize there’s a tremendous amount of concern surrounding cloud-based security. Most of the concern is focused around the risk of moving assets to the cloud and that worry has slowed down the adoption of virtualized infrastructure. It has been a challenge to find solid data surrounding cloud security risks.
So when one of our (more…)
How Business Pushes Information Security Compliance
The United States is an exceptional country in many ways, not least of which is that we don’t like doing what governments tell us to do. It’s in our moral fiber to rebel. One telling example of (more…)
Nice Infrastructure…. Mind If I Borrow it??
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind them, and what steps are reasonable (more…)
Gartner Advice on Defending Against 4 Attack Threats
This was taken from an article from Dark Reading, covering a recent Gartner Security & Risk Management Summit. Gartner experts were discussing how to defend against 4 main types of attack threats. (more…)
Security awareness training is more important than ever.
Can’t state it often enough – Cyber security awareness training is more important than ever. Many of the incidents we respond to are caused by malware being downloaded by users. Once it’s in your network, it’s only going to propagate. It’s like a bad roach infestation. (more…)
HIPAA Security Rule and Fines
Maintaining HIPAA compliance use to not have much teeth behind it. Times have changed, however, as the Alaska Department of Health and Social Services (DHSS) is too well aware. (more…)
On Line File Sharing Posing Risks for SMBs
Recent article from Dark Reading was from a Symantec survey of small to medium size businesses and their file sharing practices. The survey was conducted by Applied Research in 2011. They spoke with decision makers at 1,325 worldwide SMB organizations with 5 to 500 employees. (more…)
