Google Drive, SkyDrive and DropBox: You Are the Product, Not Them
Google Drive, SkyDrive and DropBox: You Are the Product, Not Them. There is a great little cartoon I’ve seen on the Internet in which two pigs are marveling at the free barn and free food they get to enjoy. The message of the cartoon is that they are not the customer; they are the product. (more…)
Mobile Device Management
Mobile Device Management – What was once the primary strength of Blackberry, enterprise-grade security and manageability features are now available across the majority of mobile operating systems. If your organization is considering the implementation of mobile technologies into your environment, you may find following comparison of mobile security and management capabilities from Infoworld to be very helpful: (more…)
When Security Interferes with Business . . . Business Trumps Security
Does Security Interfere with Business? In a mad dash toward security compliance or to plug known vulnerabilities, IT professionals have a tendency to implement security controls without thinking through what could go wrong with them. (more…)
Where to Begin?
Sometimes we’ll talk with clients and they feel like they don’t know where to begin in managing information security. A great first step would be a Risk Assessment. A risk assessment recommends treatment of discovered risks and then manages remediation of gaps in risk controls. (more…)
Security Implications of Leveraging Cloud Computing
Cloud computing is rapidly evolving into a service model that has the potential to save money and create efficiencies for organizations large and small. This new model can help achieve significant cost savings, reduce IT complexity, and increase flexibility in adapting to a changing business environment. (more…)
Governance of Enterprise Security
Governance of Enterprise Security. Just read a interesting survey finding. The 2012 survey was done by Carnegie Mellon CyLab, sponsored by RSA. They surveyed how boards and senior executives are governing the privacy and security of their organizations’ digital assets. They used the Forbes Global 2000 list – respondents included: CEO/Presidents (52%), Corporate Secretaries (15%) and Board Chairs (24%). (more…)
Your Nerds Don’t Understand Compliance Either.
Don’t Understand Compliance? On January 18th, Jon Stewart of The Daily Show teased U.S Representative Mel Watt for failing to understand a bill that he was trying to pass. (more…)
March 1 – Your Vendor Contracts Were Supposed to be Updated
The Massachusetts law 201 CMR 17.00 that forces US organizations to protect the PII of Massachusetts residents went into its final enforcement phase on March 1, 2012. By that date, no exceptions, businesses that send Massachusetts-based PII to vendors (service providers) needed to require in providers’ contracts that they will also abide by the law. (more…)
Security Program Review
HALOCK’s Security Program Review is based on ISO 27001 and 27002. It provides a baseline of your current security posture. (more…)
Network Security Engineering Services
One of the things that makes HALOCK a hybrid services firm is our unique practice groups, plus we bring to the table skill sets ranging from governance and strategy, PCI QSA knowledge, assessments and compliance, security solutions, and very seasoned network security engineering services. (more…)