PREPARING FOR YOUR DATA BREACH
PREPARING FOR YOUR DATA BREACH.
Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The latest breach is being reported as the largest data breach of (more…)
Lessons in Risk Management: What We Should Learn from the FAA Fire
Too often in information security we focus on the confidentiality of personal information, ignoring the damage that can result from failures in integrity and availability. In fact, this is the main driver of much of our information security spending in the U.S. But the proper function of information and communications can create huge impacts not only to business, but to the public if (more…)
Code Spaces Spaced Out On Data Security
The information security community is abuzz with the news of Code Spaces closing its doors after having all of its client’s data erased by an attacker who gained access to their environment. Code Spaces offered their clients a “code repository” service – think Subversion-as-a-Service – and convinced their clients that their code was safe from data loss when stored there. The failure is (more…)
Vendor Risk Management Hype Extends Beyond Target®
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant (more…)
Universities Remain a Rich Target for Hackers
Schaumburg, IL, April 9, 2014: In 2013, HALOCK Security Labs noted information security vulnerabilities at colleges and universities along with numerous hacker challenges that plague these institutions across the United States. More breaches may come to light if higher education institutions do not (more…)
Darrell Issa Just Learned the Difference Between Compliance and Security. Let’s Hope for a Payoff.
Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems. (more…)
Common Hazards in Risk Management: The Selfish Risk Assessment
Information security laws and regulations are telling us to conduct cyber security risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us (more…)
Higher Education (sampled colleges and universities) is a Prime Target for Security Breaches
FOR IMMEDIATE RELEASE
HALOCK Investigation finds that 25% of sampled colleges and universities are putting student and parent private financial data at risk
Risk Acceptance Levels: Managing the Lower Limits of Security Costs
Last week I presented a topic here at Halock’s blog site on the Hand Rule, also known as the “Calculus of Negligence.” The basic message of the post was that we can use information risk assessments to help us keep our security costs to a reasonable (more…)
The Hand Rule: Managing the Upper Limits of Security Costs
While presenting a talk at CAMP IT last week I got into a number of conversations with attendees about the Hand Rule and security costs. At HALOCK Security Labs we talk about the Hand Rule a lot. Also known as the Calculus of Negligence, it is a way that an organization can mathematically estimate what a “reasonable” (more…)