How Business Pushes Information Security Compliance
The United States is an exceptional country in many ways, not least of which is that we don’t like doing what governments tell us to do. It’s in our moral fiber to rebel. One telling example of (more…)
Nice Infrastructure…. Mind If I Borrow it??
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind them, and what steps are reasonable (more…)
Gartner Advice on Defending Against 4 Attack Threats
This was taken from an article from Dark Reading, covering a recent Gartner Security & Risk Management Summit. Gartner experts were discussing how to defend against 4 main types of attack threats. (more…)
Security awareness training is more important than ever.
Can’t state it often enough – Cyber security awareness training is more important than ever. Many of the incidents we respond to are caused by malware being downloaded by users. Once it’s in your network, it’s only going to propagate. It’s like a bad roach infestation. (more…)
HIPAA Security Rule and Fines
Maintaining HIPAA compliance use to not have much teeth behind it. Times have changed, however, as the Alaska Department of Health and Social Services (DHSS) is too well aware. (more…)
On Line File Sharing Posing Risks for SMBs
Recent article from Dark Reading was from a Symantec survey of small to medium size businesses and their file sharing practices. The survey was conducted by Applied Research in 2011. They spoke with decision makers at 1,325 worldwide SMB organizations with 5 to 500 employees. (more…)
Importance of doing a Risk Assessment
We often get calls to do diagnostic testing of some sort – Vulnerability Testing, Penetration Testing, Web Application Testing; these are all very good and should be done at least annually or more often, if the environment is undergoing changes – What about a Cyber Security Risk Assessment? Why do them, and what’s the correlation between the Risk Assessment and the various (more…)
Reasonable and Appropriate Data Security
Reasonable and Appropriate Data Security – An interesting case that the FTC filed recently (June 26, 2012) against a well-known hotel chain. (Names omitted for the purposes of this blog.) Notice the similarities to the PCI DSS requirements. (more…)
Security Awareness training is required by PCI DSS
I often write about security awareness training, but it bears repeating periodically. Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT (more…)